BleepingComputer.com: Recovering from Windows Recovery

Well done

Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu


Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

C:\Documents and Settings\All Users\Start Menu......now contains Folder 1


C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch........now contains Folder 2

...and how is the issue?

Broni,


I still have the same problem.
What I do see is:
Folder 1 is in Start> All Programs
Folder 2 is in the tray next to the Start button

For clarity, When you say "copy all the contents" That means the folders in Folder 1 which contains..............
Programs
Accessories
Admin Tools
Games
Start Up

In your case you should copy Programs folder from C:\DOCUME~1\Dad\LOCALS~1\Temp\smtmp\1 folder to C:\Documents and Settings\All Users\Start Menu folder.

Then desktop.ini file from C:\DOCUME~1\Dad\LOCALS~1\Temp\smtmp\2 folder to C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch folder.

Thanks Broni, I also was infected with this windows recovery virus/malware on my XP home edition machine. This forum was of great help. I was able to remove the virus, and was able to get the contents of all my file folders unhidden and visible again, I had the black desktop background with no icons, that was 99% restored, the only thing that did not come back was image I had selected for the background but that is easy to reset. The problem I have is that all of my program folders are still empty (start - programs -and I will see the programs names like "Google Earth" but every single one is empty. That includes the accessories and system tools as well.

The programs are still there, many of them had shortcuts on the desktop and I can start them with start run browse to program files and find them that way. So far to get them back I have tried unhide.exe (helped restore the hidden files but the not the programs). I ran regsvr32 /i shell32.dll, and rebooted, that did nothing.

I did run the system look file, and I have pasted the results below this.

I went into C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1 and there were all the names of the program folders that used to be on my start - programs, but each of those folders is empty with nothing in them, when I click on properties, it says the folder has zero bytes. I was reluctant to copy these over and have not done so yet. I noted in this thread you asked the other victim if they had deleted any temporary files. In the hours before I found this thread I ran registry mechanic and I think it cleaned out a ton of temporary files. Unfortunately, none are in the recycle bin so I can't tell if the empty folders actually had something in them before.

Do appreciate your help, thanks very much for your time


EDIT - a little while later - I managed to restore most of the programs. I had to run an undelete program to find all the temp files my registry mechanic deleted. I was then able to copy those that pertained to the start program menu into the folders recommended and voila, most, not all came back. For some reason the folder for accessories and system tools does not show up, and while they exist in the recovered undeleted files, those folders are empty. I looking at pasting in their locations from another computer I have..

ANOTHER EDIT - I got a little more of it back. I went start properties (right click) and switched from the classic view to the regular XP view. That brought my accessories folder back . The accessories folder now has everything except communications is empty, system tools is empty except for internet explorer, what it is doing there I have no idea. SO stll missing a bunch of tools notepad, system restore, etc.


C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Realtek d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Realtek\REALTEK GbE & FE Ethernet PCI-E NIC Driver d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Registry Mechanic d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft PaperPort 9.0 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Seagate d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Seagate\SeaTools for Windows d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Second Copy 2000 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Skype d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Smada 6.0 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Startup d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\SUPER © Version 2010.bld.38 (May 2, 2010) d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WD SmartWare d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Windows Live d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Windows Media d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Utilities d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WinRAR d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WinTopo Pro d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WordPerfect Document Converter 5 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WordPerfect Office X3 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WordPerfect Office X3\Support d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\WordPerfect Office X3\Utilities d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\1\Programs\ZoneAlarm d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\2 d------ [00:41 25/05/2011]

C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\4 d------ [00:41 25/05/2011]

-= EOF =-

This post has been edited by frankthom: 25 May 2011 - 09:47 AM

Quote

Unfortunately, in that case, you'll have recreate all shortcuts manually.

Also...
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
  
• Do I need a Registry Cleaner?