Problem with permissions Windows XP SP3 on Dell Latitude Laptop

Posted on 2012-03-17
Medium Priority
Last Modified: 2016-11-23
Customer brought in a Dell Latitude laptop running Windows XP Pro.

About two weeks ago, she thinks it was when adobe flash player was updating itself, things went screwy on her windows desktop.    She lost her original desktop picture and can’t change anything on her desktop.  

There’s a grab bag of symptoms.  
I go into display properties advanced settings, I can try to change something, like icon size or icon font,  but it won’t change.  I go to control panel and try to change to ‘classic view’.  That won’t change. After doing something I saw: Windows script host – access denied
I created a second administrative id.  I can change display settings there and switch to classic view.  But screwy things are still going on.  

On either id, whenever I click on ‘control panel’ or ‘my computer’…  Windows installer comes up and says “preparing to install”. The message flashes and then goes away. But it never installs anything or says what it’s preparing to install.  
I uninstalled Norton 360 because I thought it might have something to do with that.  I also completely uninstalled HP products because I was getting a message all the time that one of their programs was trying to install. No change.  I also updated flash player because the client mentioned that.  

I ran Trendmicro Housecall and a full Malwarebytes anti-malware scan and came up with nothing.  
I installed Avast for anti-virus.  
I installed msicuu2.exe, the windows installer cleanup utility and looked for failed uninstalls.

I did a repair install of Windows XP Pro SP2.  Thought that should do it, but it didn’t.

I installed process explorer and saw that update.exe and svchost.exe netsvcs were using lots of cpu. I stops BITS and Windows Update.  That cut the cpu usage but still had the problems.  

There was something screwy involving IE.  After doing the XP repair install I had IE6 on the computer. I think I got in once and tried Windows update but that went forever. (After trying lots of things it gets a bit confused.)  After that it wouldn’t come in and/or referred me to Firefox.

I tried to install IE8 by direct download but always got this message:

“KB218440 – The version of Internet Explorer you  have installed does not match the update you are trying to install.”

I finally was able to update to SP3 using the direct download.  Tried to install IE8 and got the same message.  
I was able to install IE7 by direct download.  
Tried to install IE8 again and got the same message.

I just restarted Windows automatic update.  It downloaded and installed updates successfully. Lo and behold, it successfully updated to IE8.  But on the owners userid whenever I start IE it’s like I’ve started it for the first time.  It asked me about suggested sites, defaults, etc.  
A bar at top: “your current security settings put your computer at risk.  Click here to change security settings”.  This happens even when I change the settings. My guess is that this is a symptom and not the cause. I went into Internet options and tried to restore the advanced settings.  Couldn’t do it. Still getting “preparing to install whenever I try control panel or my computer. Still can’t switch to classic view in the control panel.  

So something somewhere is screwed up. Permissions?  Registry?  How do I unscrew it?

Question by:alanlsilverman
  • 4
  • 2
  • 2
  • +1
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 800 total points
ID: 37732822
That sounds most like the user has gone to dodgy places, now has a severe virus, and it needs to be cleaned up (if, indeed, it can be cleaned up, because some viruses are too severe to clean up).

Get Malwarebytes and run it, see what it finds. Get a rootkit revealer (Microsoft System Internals) and run that. Then get a good AntiVirus suite (never free) and install that.

There is a reasonable chance you will have to re-install XP. XP is fine and will run everything above if it is virus-free. .... Thinkpads_User
LVL 16

Assisted Solution

cantoris earned 800 total points
ID: 37733401
If you think permissions generally may be an issue, you should be able to fix them like this:
Log in as an administrative user, open a command prompt, and try the following command (all one line).  I've added extra spaces for clarity.

secedit.exe  /configure  /db  Permissions.sdb  /cfg  "c:\windows\security\templates\setup security.inf"

This will reset file system permissions to what they should be.

The user's profile sounds a bit wrecked though so you may just want to make a new one.  If you log on as the unaffected administrative user, and then rename the dodgy profile under C:\Documents and Settings, then an entirely new fresh one will be created when that user next logs in.  Because the old profile folder was merely renamed, you can go into it and copy files out of the Documents, Desktop, Favorites folders etc and put them into the new profile folder structure.

You might want to have a look at Dial-A-Fix (XP only) as that can fix things like Windows Update and Windows Installer.  http://wiki.lunarsoft.net/wiki/Dial-a-fix
LVL 44

Assisted Solution

Darr247 earned 400 total points
ID: 37733407
I think RogueKiller needs to be run before MBAM... (the original post said a full MBAM scan was done already and it didn't find anthing).

Can you start the Windows Firewall service?
Is the Security Center service running?
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database


Author Comment

ID: 37733459
firewall and security center are running.
thinkpads_user I put on Avast free antivirus which has been better than any of the for-pay antiviruses I've found.  I've put it on dozens of computers. (Been burned too often by Norton and McAfee).  
running sophos anti-rootkit. gut feel is it won't find anything.  I'll also run sysinternals.  
cantoris, will try your solutions after sophos.
LVL 99

Expert Comment

by:John Hurst
ID: 37733470
Let us know. Avast is supposed to be decent, but consider using the paid version for better results. .... Thinkpads_User

Accepted Solution

alanlsilverman earned 0 total points
ID: 37748137
Made some progress.  I went into command prompt and did an "attrib -s -h -r" command on the original user folder, which couldn't be accessed before that.  Then I took all those files and put them into the new user that had been set up after whatever happened happened. This got the customer back to her old desktop/setup/permissions.  Happy customer. Now I only have one problem.  Every time I open control panel or my computer or any folder, windows installer flashes three times and disappears.  Must be linked to explorer.exe somehow.  But how to get rid of it?
LVL 16

Expert Comment

ID: 37749660
Download Process Monitor and extract it to the desktop.

Close down all running apps.  Start Process Monitor.  Of the four selected icons at the right-hand end of the toolbar, deselect the last two selected ones.  Change the window size so you can see your desktop's "My Computer" icon as well as the Process Monitor window.
With Process Monitor active (and logging), press Ctrl-X to clear the display then immediately double-click your My Computer icon to reproduce the problem.  As quickly as possible, click the magnifying glass on the Process Monitor toolbar to stop logging.  Now maximise the window and look for the needles in the haystack!!  Look for any third party folders being accessed.  You'll probably be able to right-click a number of the listed Process Names and exclude them as being irrelevant.  Look out for anything from msiexec.

If you can spot any likely culprits this way then see if you can uninstall them - using the Windows Installer Cleanup if need be.  You might also want to use AutoRuns (from Sysinternals too) to spot any left over entries from the same app - eg in the Explorer section.

Author Comment

ID: 37763763
Still haven't cleared out the windows installer message, but got everything else and the customer is happy.  Closing.

Author Closing Comment

ID: 37786165
Basic problem was solved by doing the attrib -s -h -r

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of:,,, …
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question