Virus from Limewire ... lost desktop and start menu

Nevermind, I see it now.

Skrivebord

 

AutoRestartShell REG_DWORD 0x1
Shell REG_SZ Explorer.exe

Skrivebord

I've been trying to figure that out. It seems that all I have is Programs and jpgs.

And when I go to My Docs or My Computer from the Start Menu it can't be found. I can get to them from the Desktop though.

 

Registry export looks fine

Paste the following in a command window and post the results.

Code:

reg query HKCU\software\microsoft\windows\currentversion\policies /s>policies.txt
reg query HKEY_CLASSES_ROOT\txtfile /s>>policies.txt
echo.>>policies.txt
set>>policies.txt
start notepad policies.txt
exit
cls

If you right click the Start Menu icons for My Documents and My Computer, do you have a Properties selection? Does it reveal anything?

 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\ActiveDesktop

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Associations

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91
NoStrCmpLogical REG_BINARY 00000000
NoLogoff REG_DWORD 0x0
NoToolbarsOnTaskbar REG_DWORD 0x0
NoSetTaskbar REG_DWORD 0x0
NoBandCustomize REG_DWORD 0x0
NoMovingBands REG_DWORD 0x0
NoCloseDragDropBands REG_DWORD 0x0
NoDrives REG_DWORD 0x0
NoViewOnDrive REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x0
NoSaveSettings REG_DWORD 0x0
ClassicShell REG_DWORD 0x0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\run

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\NonEnum

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\System
HideLegacyLogonScripts REG_DWORD 0x0
HideLogoffScripts REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x1
RunStartupScriptSync REG_DWORD 0x0
HideStartupScripts REG_DWORD 0x0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Uninstall

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Windows Update

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\WindowsUpdate

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\txtfile
<Ikke-navngivet> REG_SZ Tekstdokument
FriendlyTypeName REG_EXPAND_SZ @%SystemRoot%\system32\notepad.exe,-469
EditFlags REG_DWORD 0x10000

HKEY_CLASSES_ROOT\txtfile\DefaultIcon
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\shell32.dll,-152

HKEY_CLASSES_ROOT\txtfile\shell

HKEY_CLASSES_ROOT\txtfile\shell\open

HKEY_CLASSES_ROOT\txtfile\shell\open\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\NOTEPAD.EXE %1

HKEY_CLASSES_ROOT\txtfile\shell\print

HKEY_CLASSES_ROOT\txtfile\shell\print\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\NOTEPAD.EXE /p %1

HKEY_CLASSES_ROOT\txtfile\shell\printto

HKEY_CLASSES_ROOT\txtfile\shell\printto\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4 "

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AW\Application Data
CLASSPATH=.;C:\Programmer\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=CENTRINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AW
LOGONSERVER=\\CENTRINO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmer\ATI Technologies\ATI Control Panel;C:\Programmer\Support Tools;C:\Programmer\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Programmer
PROMPT=$P$G
QTJAVA=C:\Programmer\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AW\LOKALE~1\Temp
TMP=C:\DOCUME~1\AW\LOKALE~1\Temp
USERDOMAIN=CENTRINO
USERNAME=AW
USERPROFILE=C:\Documents and Settings\AW
windir=C:\WINDOWS

For My Docs it shows C:\Documents and Settings\AW\Dokumenter and for My Comp if I click open it doesnt work but if I right click and go to Properties it opens the program with different tabs ie General, Hardware, Computer Name, Advanced, etc...

 

All looks fine there. Lets check another policies key. Paste the following into a command window and post the resulting text file.

Code:

reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s>>policies.txt
start notepad policies.txt
exit
cls

I would also like you to click Start>Run and paste in this next command, then hit enter.

%userprofile%

That should open the C:\Documents and Settings\AW folder. There you should find policies.txt
Does it appear as a text file should?

 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\ActiveDesktop

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Associations

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91
NoStrCmpLogical REG_BINARY 00000000
NoLogoff REG_DWORD 0x0
NoToolbarsOnTaskbar REG_DWORD 0x0
NoSetTaskbar REG_DWORD 0x0
NoBandCustomize REG_DWORD 0x0
NoMovingBands REG_DWORD 0x0
NoCloseDragDropBands REG_DWORD 0x0
NoDrives REG_DWORD 0x0
NoViewOnDrive REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x0
NoSaveSettings REG_DWORD 0x0
ClassicShell REG_DWORD 0x0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\run

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\NonEnum

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\System
HideLegacyLogonScripts REG_DWORD 0x0
HideLogoffScripts REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x1
RunStartupScriptSync REG_DWORD 0x0
HideStartupScripts REG_DWORD 0x0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Uninstall

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Windows Update

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\WindowsUpdate

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\txtfile
<Ikke-navngivet> REG_SZ Tekstdokument
FriendlyTypeName REG_EXPAND_SZ @%SystemRoot%\system32\notepad.exe,-469
EditFlags REG_DWORD 0x10000

HKEY_CLASSES_ROOT\txtfile\DefaultIcon
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\shell32.dll,-152

HKEY_CLASSES_ROOT\txtfile\shell

HKEY_CLASSES_ROOT\txtfile\shell\open

HKEY_CLASSES_ROOT\txtfile\shell\open\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\NOTEPAD.EXE %1

HKEY_CLASSES_ROOT\txtfile\shell\print

HKEY_CLASSES_ROOT\txtfile\shell\print\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\NOTEPAD.EXE /p %1

HKEY_CLASSES_ROOT\txtfile\shell\printto

HKEY_CLASSES_ROOT\txtfile\shell\printto\command
<Ikke-navngivet> REG_EXPAND_SZ %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4 "

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AW\Application Data
CLASSPATH=.;C:\Programmer\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=CENTRINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AW
LOGONSERVER=\\CENTRINO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmer\ATI Technologies\ATI Control Panel;C:\Programmer\Support Tools;C:\Programmer\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Programmer
PROMPT=$P$G
QTJAVA=C:\Programmer\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AW\LOKALE~1\Temp
TMP=C:\DOCUME~1\AW\LOKALE~1\Temp
USERDOMAIN=CENTRINO
USERNAME=AW
USERPROFILE=C:\Documents and Settings\AW
windir=C:\WINDOWS

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden REG_DWORD 0x1
ShowCompColor REG_DWORD 0x1
HideFileExt REG_DWORD 0x0
DontPrettyPath REG_DWORD 0x0
ShowInfoTip REG_DWORD 0x1
HideIcons REG_DWORD 0x0
MapNetDrvBtn REG_DWORD 0x0
WebView REG_DWORD 0x1
Filter REG_DWORD 0x0
SuperHidden REG_DWORD 0x1
SeparateProcess REG_DWORD 0x0
ListviewAlphaSelect REG_DWORD 0x1
ListviewShadow REG_DWORD 0x1
ListviewWatermark REG_DWORD 0x1
TaskbarAnimations REG_DWORD 0x1
StartMenuInit REG_DWORD 0x2
StartButtonBalloonTip REG_DWORD 0x2
TaskbarSizeMove REG_DWORD 0x1
TaskbarGlomming REG_DWORD 0x1
PersistBrowsers REG_DWORD 0x0
ClassicViewState REG_DWORD 0x0
DisableThumbnailCache REG_DWORD 0x0
ShowSuperHidden REG_DWORD 0x1
NoNetCrawling REG_DWORD 0x0
FriendlyTree REG_DWORD 0x1
WebViewBarricade REG_DWORD 0x0
FolderContentsInfoTip REG_DWORD 0x1
CascadeNetworkConnections REG_SZ YES
Start_ShowNetPlaces_ShouldShow REG_DWORD 0x41
Start_LargeMFUIcons REG_DWORD 0x1
Start_MinMFU REG_DWORD 0x6
Start_EnableDragDrop REG_DWORD 0x1
StartMenuFavorites REG_DWORD 0x0
Start_ShowPrinters REG_DWORD 0x1
Start_ScrollPrograms REG_DWORD 0x0
Start_AutoCascade REG_DWORD 0x1
Start_NotifyNewApps REG_DWORD 0x0
Start_AdminToolsRoot REG_DWORD 0x0
StartMenuAdminTools REG_DWORD 0x0
ServerAdminUI REG_DWORD 0x0
Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x1
Start_ShowNetConn_ShouldShow REG_DWORD 0x42

When I do the above it asks m to choose a program to open it with. I chose Notebook and a blank text file opened with a warning which read Angang Naeget. Im not sure what that means exactly. When I try to open it in word I get an Error saying Wordpad encountered an error opening this file.

 

I think you've got some corrupted system files, and I believe the following will fix it. Please download the Windows XP Service Pack 3 Network Installation Package for IT Professionals. Close out of all other programs and windows then run the setup package. You will be prompted to restart when complete. Do so.

Let me know how things are when you get logged on again, and go back to review and follow up on Geri's last set of instructions.

BTW, I don't normally recommend installing any updates, especially a Service Pack, prior to getting a clean bill of health. However, it does appear that at least the worst of and bulk of the infections have already been removed.

 

I downloaded it but it wouldnt allow me to run it as my original Windows is in a different language.

Maybe at this point I should do a clean install?

 

Oops! Delete the package you downloaded. Go back to the download page and in the light blue Quick Details section, change the language to match your operating system, then click Download.

 

Ok I did that and rebooted after. No change. I will go back and go through the steps that Geri outlined.

 

HJT Uninstall list

A Really Small App 2.0
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0
Adobe Reader 6.0.1
Agere Systems AC'97 Modem
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI - Afinstalleringsværktøj for software
ATI Control Panel
ATI Display Driver
AutoFriend
BitDefender Antivirus 2008
BloodRayne
Bluetooth by hp
Bonjour
Broadcom 802.11 Driver
CCleaner (remove only)
GOM Player
HijackThis 2.0.2
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.18.3
Media Player Codec Pack 1.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Navision Attain 3.60
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Opera 9.50
QuickTime
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
RecordNow!
Sikkerhedsopdatering til Windows XP (KB913433)
Skype™ 3.6
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Ultimate Troubleshooter
Tweaking Toolbox XP 2
Viewpoint Media Player
VP6 VFW Codec
Værktøjet Fjern skjulte data
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

 

Had to take another look at that last export. I see what was missing now.

Highlight and copy the contents of the code box below and paste it into a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
 "Start_ShowControlPanel "=dword:00000001
 "Start_ShowHelp "=dword:00000001
 "Start_ShowMyComputer "=dword:00000001
 "Start_ShowMyDocs "=dword:00000001
 "Start_ShowMyMusic "=dword:00000000
 "Start_ShowMyPics "=dword:00000001
 "Start_ShowPrinters "=dword:00000000
 "Start_ShowRecentDocs "=dword:00000000
 "Start_ShowRun "=dword:00000001
 "Start_ShowSearch "=dword:00000001
 "Start_ShowNetConn "=dword:00000002

Double click fix.reg and allow it to merge with the registry.
Reboot and see if the Start Menu items are working again.

 

KASPERSKY ONLINE SCANNER REPORT
Thursday, July 10, 2008 4:01:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/07/2008
Kaspersky Anti-Virus database records: 932446


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 51870
Number of viruses found 1
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 01:19:21

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\AW\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\AW\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\AW\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\AW\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AW\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AW\ntuser.dat Object is locked skipped

C:\Documents and Settings\AW\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmer\BitDefender\BitDefender 2008\as2core\antispam_sig_12749\aspdict.dat Object is locked skipped

C:\Programmer\BitDefender\BitDefender 2008\asdict.dat Object is locked skipped

C:\Programmer\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped

C:\Programmer\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped

C:\Programmer\Opera\mail\indexer\indexer.ax Object is locked skipped

C:\Programmer\Opera\mail\indexer\indexer.bx Object is locked skipped

C:\Programmer\Opera\mail\indexer\message_id Object is locked skipped

C:\Programmer\Opera\mail\lexicon\lexicon.ax Object is locked skipped

C:\Programmer\Opera\mail\lexicon\lexicon.bx Object is locked skipped

C:\Programmer\Opera\mail\omailbase.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0000\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0000\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0000\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0000\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0000\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0001\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0001\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0001\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0001\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0001\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0002\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0002\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0002\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0002\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0002\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0003\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0003\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0003\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0003\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0003\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0004\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0004\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0004\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0004\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0004\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0005\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0005\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0005\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0005\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0005\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0006\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0006\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0006\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0006\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0006\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0007\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0007\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0007\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0007\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0007\wb.vx Object is locked skipped

C:\Programmer\Opera\profile\vps\0008\adoc.bx Object is locked skipped

C:\Programmer\Opera\profile\vps\0008\md.dat Object is locked skipped

C:\Programmer\Opera\profile\vps\0008\url.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0008\w.ax Object is locked skipped

C:\Programmer\Opera\profile\vps\0008\wb.vx Object is locked skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/dsjkjlnc.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/ejyyqhvo.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/hgGxWnKC.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/hwtddw.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/khfFUKeF.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/lxwpemcr.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/qtlwvf.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/srdevljt.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip/QooBox/Quarantine/C/WINDOWS/system32/vtyffbih.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox.zip ZIP: infected - 9 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{73D8C4BC-616C-46EF-940F-B00FAB800D87}\RP489\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\Logfiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\tmp0000176a\tmp00000000 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Ok, I did the above and no change to the Start Menu.

 

Whilst I research the Start Menu problem a bit more, lets try something simple.

• Right click the Start Button and select Properties
• Click the available Customize button
• Select the Advanced tab
• Scroll down the list and select Don't display for My Computer, My Documents, and any other shortcuts listed that aren't working properly
• Click OK, then OK again
• Restart the computer, then go back and set those icons to show again and see if they work

Is the My Computer icon on the desktop? And My Documents? If so, do they work properly?
If not there, lets add them and see if they work.

• Right click the desktop and select Properties
• Select the Desktop tab, then click Customize Desktop
• Check the boxes for My Documents and My Computer on the General tab then OK your way out
• Check to see that the shortcut icons work

 

Nope, that didn't work.

Should I be concerned that the Kaspersky scan shows so many locked and skipped files and a virus was found?

 

Your response was pretty vague, since my last post contained more than one thing. I guess I can safely assume that part 1 did not help with the Start Menu items, based on your response. I do however need a bit more detail on part 2. What happens with the desktop shortcuts? Do any shortcuts work. Can you click click in any blank space (on desktop or within any folder)and select New>Shortcut, create a shortcut to anything (such as C:\windows\notepad.exe) and it open the application when you click it?

Nothing to worry about on the Kaspersky scan ... we would have dealt with it straight-away if it were anything to be concerned about.

 

Sorry, I can access My Comp and My Docs from the Desktop, just not from the Start Menu.

I guess I can just live with it the way it is since I am at least able to get to them.

 

Let me know if this works ........

Left click and hold on the My Computer shortcut on your desktop
While still holding the left click, press the Windows Key (usually between Ctrl & Alt) to open the Start Menu
Now drag the cursor to the start menu, to the upper left side and release the left mouse button when you see a black bar between 2 existing icons
That should create a new additional My Computer shortcut on your Start Menu
Does it work?
If so, click Start, left click and hold the new shortcut then drag it over to the existing My Computer shortcut then release. Does the original shortcut now work?

Can you do the same with the My Documents shortcut?

When you right click the Start Button and select Properties, then customize, then Advanced tab, you will find options to show Favorites, My Music, My Pictures and My Network Places. Those shortcuts, when enable, are pinned to the Start Menu in the same location as My Documents and My Computer. Do they work?
Another area of the Start Menu is where the Control Panel & Connect To shortcuts are placed, right below the 'My' area. Do the shortcuts in that area work properly?
Below that area is Search, Help and Support, and Run. Do those work properly?
Do the shortcuts on the left side of the Start Menu work properly i both areas?


What is the current status on text files. Do they display as a text file should (the icon)?

 

I've been offline for a few days. I will work on what you advised in your last post.