Solved

Problem with permissions Windows XP SP3 on Dell Latitude Laptop

Posted on 2012-03-17
9
662 Views
Last Modified: 2016-11-23
Customer brought in a Dell Latitude laptop running Windows XP Pro.

About two weeks ago, she thinks it was when adobe flash player was updating itself, things went screwy on her windows desktop.    She lost her original desktop picture and can’t change anything on her desktop.  

There’s a grab bag of symptoms.  
I go into display properties advanced settings, I can try to change something, like icon size or icon font,  but it won’t change.  I go to control panel and try to change to ‘classic view’.  That won’t change. After doing something I saw: Windows script host – access denied
 
I created a second administrative id.  I can change display settings there and switch to classic view.  But screwy things are still going on.  

On either id, whenever I click on ‘control panel’ or ‘my computer’…  Windows installer comes up and says “preparing to install”. The message flashes and then goes away. But it never installs anything or says what it’s preparing to install.  
 
I uninstalled Norton 360 because I thought it might have something to do with that.  I also completely uninstalled HP products because I was getting a message all the time that one of their programs was trying to install. No change.  I also updated flash player because the client mentioned that.  

I ran Trendmicro Housecall and a full Malwarebytes anti-malware scan and came up with nothing.  
I installed Avast for anti-virus.  
I installed msicuu2.exe, the windows installer cleanup utility and looked for failed uninstalls.

I did a repair install of Windows XP Pro SP2.  Thought that should do it, but it didn’t.

I installed process explorer and saw that update.exe and svchost.exe netsvcs were using lots of cpu. I stops BITS and Windows Update.  That cut the cpu usage but still had the problems.  

There was something screwy involving IE.  After doing the XP repair install I had IE6 on the computer. I think I got in once and tried Windows update but that went forever. (After trying lots of things it gets a bit confused.)  After that it wouldn’t come in and/or referred me to Firefox.

I tried to install IE8 by direct download but always got this message:

“KB218440 – The version of Internet Explorer you  have installed does not match the update you are trying to install.”

I finally was able to update to SP3 using the direct download.  Tried to install IE8 and got the same message.  
I was able to install IE7 by direct download.  
Tried to install IE8 again and got the same message.

I just restarted Windows automatic update.  It downloaded and installed updates successfully. Lo and behold, it successfully updated to IE8.  But on the owners userid whenever I start IE it’s like I’ve started it for the first time.  It asked me about suggested sites, defaults, etc.  
A bar at top: “your current security settings put your computer at risk.  Click here to change security settings”.  This happens even when I change the settings. My guess is that this is a symptom and not the cause. I went into Internet options and tried to restore the advanced settings.  Couldn’t do it. Still getting “preparing to install whenever I try control panel or my computer. Still can’t switch to classic view in the control panel.  

So something somewhere is screwed up. Permissions?  Registry?  How do I unscrew it?

Thanks,
Al
0
Comment
Question by:alanlsilverman
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 37732822
That sounds most like the user has gone to dodgy places, now has a severe virus, and it needs to be cleaned up (if, indeed, it can be cleaned up, because some viruses are too severe to clean up).

Get Malwarebytes and run it, see what it finds. Get a rootkit revealer (Microsoft System Internals) and run that. Then get a good AntiVirus suite (never free) and install that.

There is a reasonable chance you will have to re-install XP. XP is fine and will run everything above if it is virus-free. .... Thinkpads_User
0
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 200 total points
ID: 37733401
If you think permissions generally may be an issue, you should be able to fix them like this:
Log in as an administrative user, open a command prompt, and try the following command (all one line).  I've added extra spaces for clarity.

secedit.exe  /configure  /db  Permissions.sdb  /cfg  "c:\windows\security\templates\setup security.inf"

This will reset file system permissions to what they should be.

The user's profile sounds a bit wrecked though so you may just want to make a new one.  If you log on as the unaffected administrative user, and then rename the dodgy profile under C:\Documents and Settings, then an entirely new fresh one will be created when that user next logs in.  Because the old profile folder was merely renamed, you can go into it and copy files out of the Documents, Desktop, Favorites folders etc and put them into the new profile folder structure.

You might want to have a look at Dial-A-Fix (XP only) as that can fix things like Windows Update and Windows Installer.  http://wiki.lunarsoft.net/wiki/Dial-a-fix
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 100 total points
ID: 37733407
I think RogueKiller needs to be run before MBAM... (the original post said a full MBAM scan was done already and it didn't find anthing).

Can you start the Windows Firewall service?
Is the Security Center service running?
0
 

Author Comment

by:alanlsilverman
ID: 37733459
darr247
firewall and security center are running.
thinkpads_user I put on Avast free antivirus which has been better than any of the for-pay antiviruses I've found.  I've put it on dozens of computers. (Been burned too often by Norton and McAfee).  
running sophos anti-rootkit. gut feel is it won't find anything.  I'll also run sysinternals.  
cantoris, will try your solutions after sophos.
Thanks,
al
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 90

Expert Comment

by:John Hurst
ID: 37733470
Let us know. Avast is supposed to be decent, but consider using the paid version for better results. .... Thinkpads_User
0
 

Accepted Solution

by:
alanlsilverman earned 0 total points
ID: 37748137
Made some progress.  I went into command prompt and did an "attrib -s -h -r" command on the original user folder, which couldn't be accessed before that.  Then I took all those files and put them into the new user that had been set up after whatever happened happened. This got the customer back to her old desktop/setup/permissions.  Happy customer. Now I only have one problem.  Every time I open control panel or my computer or any folder, windows installer flashes three times and disappears.  Must be linked to explorer.exe somehow.  But how to get rid of it?
Al
0
 
LVL 16

Expert Comment

by:cantoris
ID: 37749660
Download Process Monitor and extract it to the desktop.
http://download.sysinternals.com/files/ProcessMonitor.zip

Close down all running apps.  Start Process Monitor.  Of the four selected icons at the right-hand end of the toolbar, deselect the last two selected ones.  Change the window size so you can see your desktop's "My Computer" icon as well as the Process Monitor window.
With Process Monitor active (and logging), press Ctrl-X to clear the display then immediately double-click your My Computer icon to reproduce the problem.  As quickly as possible, click the magnifying glass on the Process Monitor toolbar to stop logging.  Now maximise the window and look for the needles in the haystack!!  Look for any third party folders being accessed.  You'll probably be able to right-click a number of the listed Process Names and exclude them as being irrelevant.  Look out for anything from msiexec.

If you can spot any likely culprits this way then see if you can uninstall them - using the Windows Installer Cleanup if need be.  You might also want to use AutoRuns (from Sysinternals too) to spot any left over entries from the same app - eg in the Explorer section.
0
 

Author Comment

by:alanlsilverman
ID: 37763763
Still haven't cleared out the windows installer message, but got everything else and the customer is happy.  Closing.
Thanks,
Al
0
 

Author Closing Comment

by:alanlsilverman
ID: 37786165
Basic problem was solved by doing the attrib -s -h -r
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now