Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

People Have Informed Me That I Have A Virus.


  • Please log in to reply
8 replies to this topic

#1 48310MI

48310MI

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 July 2008 - 08:10 PM

To explain my problem, please go here. http://answers.yahoo.com/question/?qid=20080709142005AAF47yW I have used spyware detector and it gave me this log.



Information :
Date: 7/12/2008 20-16-40
OS Version: Windows XP Professional Edition
Computer Name: AHMED

Log:
Spyware Name Threat Type Threat Action
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@live365[1].txt Scan
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@apmebf[1].txt Scan
Adware.MDH File c:\computer\system32\inetfr.dll#@#C033C7EDA0E4D5B220CD3826CD0F49F0 Scan
Adware.MDH File c:\computer\system32\inetfr.dll#@#C033C7EDA0E4D5B220CD3826CD0F49F0 Scan
Trojan.Agent Registry Value hkey_local_machine\software\microsoft\internet explorer\new windows\"popupmgr" Scan
Trojan.Agent File c:\computer\servicepackfiles\i386\rundll32.exe#@#037B1E7798960E0420003D05BB577EE6 Scan
Trojan.Agent File c:\computer\system32\rundll32.exe#@#037B1E7798960E0420003D05BB577EE6 Scan
Fake Anti Spyware.Win Fixer Registry Key hkey_local_machine\software\classes\drive\shellex\contextmenuhandlers\shellextension Scan
Fake Anti Spyware.Win Fixer Registry Key hkey_local_machine\software\classes\directory\shellex\contextmenuhandlers\shellextension Scan
Trojan.StartPage Registry Key hkey_local_machine\software\microsoft\internet explorer\new windows Scan
Trojan.StartPage Registry Data hkey_local_machine\software\microsoft\internet explorer\new windows\popupmgr\:yes Scan
Trojan.Zlob Registry Key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} Scan
Trojan.Zlob Registry Value hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77}\"displayname" Scan
Trojan.Zlob Registry Value hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77}\"uninstallstring" Scan
Trojan.Zlob Registry Data hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77}\uninstallstring\:"c:\program files\uninstall.exe" Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7} Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7} Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32 Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32 Scan
Trojan.Zlob Registry Data hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\(default)\:c:\computer\system32\215651\215651.dll Scan
Trojan.Zlob Registry Data hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\(default)\:c:\computer\system32\215651\215651.dll Scan
Trojan.Zlob Registry Value hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\"threadingmodel" Scan
Trojan.Zlob Registry Value hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\"threadingmodel" Scan
Trojan.Zlob Registry Data hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\threadingmodel\:apartment Scan
Trojan.Zlob Registry Data hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\inprocserver32\threadingmodel\:apartment Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\progid Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\progid Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\programmable Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\programmable Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\typelib Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\typelib Scan
Trojan.Zlob Registry Key hkey_local_machine\software\classes\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\versionindependentprogid Scan
Trojan.Zlob Registry Key hkey_classes_root\clsid\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\versionindependentprogid Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7} Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\"type" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\type\:3 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\"flags" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\flags\:0 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\"count" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\count\:50 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7}\iexplore\"time" Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\"{51d81dd5-55b7-497f-95db-d356429bb54e}" Scan
Trojan.CloseApp File c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp23\a0006683.exe#@#A2AD5F6B1E5277166FAD8BFEE13D137D Scan
Trojan.CloseApp File c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp5\a0002995.exe#@#A2AD5F6B1E5277166FAD8BFEE13D137D Scan
Trojan.CloseApp File c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp9\a0003844.exe#@#A2AD5F6B1E5277166FAD8BFEE13D137D Scan
HackTool.Xarp File c:\system volume information\_restore{bf46e8af-2164-4139-b9a6-f6a9455ad04d}\rp321\a0025704.dll#@#73E982455A42B5FEA0F08280A0F47DDD Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_039537381bf0178d88235b9a2ec739ac.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_1f3b805ba42a0c233b0158879691fe82.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_35f71a73850db7622c6591bfd6fd8334.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_3b5ab9551e3e0a8c3e10f50535b14dc4.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_3cfa8f6589af1ff46937a820c6fb58eb.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_65f8621d97ed8a918cce69d184ff2def.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_a4f2e5f6d77300740b3ef8f75770ae51.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_c0ec6e66e1a5c0344ba0c009ff81408a.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_c11362f5531bf7f41be1e856f03856e1.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Trojan.Banker File c:\users\all users.computer\application data\sectaskman\icn_ea15d5ba3cbed83478c207c5c702480b.dll#@#A63C90CC3684AD8B0A2176A6A8FE9005 Scan
Spyware.Take Dawnload File c:\users\tasdiq\appdata\local\temp\nsnc503.tmp\installoptions.dll#@#D765C492C21689E3D9D61634371FD861 Scan
Adware.MyWebSearch File c:\windows.old\documents and settings\hp_administrator\local settings\temp\nerodemo12550\toolbar.exe#@#0F53D59DF42827E7AF4FC207E600A999 Scan
KeyLogger.PCSentinel File c:\windows.old\documents and settings\hp_administrator\local settings\temp\nsv30.tmp\nsrandom.dll#@#AB467B8DFAA660A0F0E5B26E28AF5735 Scan
Adware.PurityScan File c:\windows.old\program files\hp\digital imaging\bin\mcpc\interop.iwshruntimelibrary.dll#@#CFDE3C4E76A58225100233F0E0195CA7 Scan
Adware.PurityScan File c:\windows.old\program files\updates from hp\9972322\program\hpbwsetup\interop.iwshruntimelibrary.dll#@#35838813250DEDBA4CF011135FB97CA9 Scan
Adware.PurityScan File c:\windows.old\windows\hpcpcuninstall-9972322\interop.iwshruntimelibrary.dll#@#35838813250DEDBA4CF011135FB97CA9 Scan
Adware.Virtumondo File c:\windows.old\program files\quicktime\bak\qttask.exe#@#30E1F03DCC8825988528D9058312EDE2 Scan
Fake Anti Spyware.AXPDefender File c:\windows.old\program files\sonic\mydvd\mydvdres_enu.dll#@#BA52197E0DE8003D00672054F39E6A22 Scan





Can anyone help me please? I'm desperately trying to solve this problem.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 AM

Posted 13 July 2008 - 07:20 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Instructions with screenshots if needed.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 48310MI

48310MI
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 13 July 2008 - 02:55 PM

I have completed the quick scan, but it seems that my computer is not restored to its normal state.

Here is the log report:



Malwarebytes' Anti-Malware 1.20
Database version: 945
Windows 5.1.2600 Service Pack 3

15:51:52 7/13/2008
mbam-log-7-13-2008 (15-51-52).txt

Scan type: Quick Scan
Objects scanned: 38248
Time elapsed: 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{37d00cd6-4ff0-4004-9a5b-d0d777b09eef} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bc5e8c9-6eff-4976-9a3c-d74148442ce7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\COMPUTER\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



Please notice that I have not solved my problem.









When I restarted, spyware detector ran, and gave me a quick scan. It gave me the following log.


Information :
Date: 7/13/2008 16-03-53
OS Version: Windows XP Professional Edition
Computer Name: AHMED

Log:
Spyware Name Threat Type Threat Action
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@live365[1].txt Scan
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@atwola[1].txt Scan
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@ar.atwola[1].txt Scan
Tracking Cookie Cookie c:\documents and settings\user\cookies\user@apmebf[1].txt Scan
Adware.MDH File c:\computer\system32\inetfr.dll#@#C033C7EDA0E4D5B220CD3826CD0F49F0 Scan
Fake Anti Spyware.Win Fixer Registry Key hkey_local_machine\software\classes\drive\shellex\contextmenuhandlers\shellextension Scan
Fake Anti Spyware.Win Fixer Registry Key hkey_local_machine\software\classes\directory\shellex\contextmenuhandlers\shellextension Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\vcstats.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\softwaredestributiononlinecorp.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\nopalevo.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\mooncodec.com\https\:4 Scan
Trojan.Zlob Registry Key hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\"http" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\http\:4 Scan
Trojan.Zlob Registry Value hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\"https" Scan
Trojan.Zlob Registry Data hkey_users\s-1-5-21-839522115-1409082233-725345543-1003\software\microsoft\windows\currentversion\internet settings\zonemap\escdomains\gribokk.com\https\:4 Scan

Edited by 48310MI, 13 July 2008 - 03:08 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 AM

Posted 13 July 2008 - 03:10 PM

Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 48310MI

48310MI
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 13 July 2008 - 04:42 PM

I still see no changes.

Here is the log report:




SDFix: Version 1.205
Run by Administrator on Sun 07/13/2008 at 04:47 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 17:37:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sat 5 May 2007 295 ..SH. --- "C:\Boot.BAK"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Users\Tasdiq\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms"
Sat 5 May 2007 524,288 A.SH. --- "C:\Users\Tasdiq\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms"
Tue 24 Jul 2007 6,520 ..SH. --- "C:\Windows\System32\nqstv.bak1"
Wed 25 Jul 2007 1,760,775 ..SH. --- "C:\Windows\System32\nqstv.bak2"
Wed 9 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.COMPUTER\DRM\DRMv1.bak"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms"
Sat 12 Jul 2008 0 A..H. --- "C:\COMPUTER\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT6.tmp"
Tue 20 May 2008 3,510,048 A..H. --- "C:\COMPUTER\SoftwareDistribution\Download\d0e7f87d47bee475cfd0628f651c9619\BIT287.tmp"
Sun 7 Oct 2007 0 A.SH. --- "C:\Users\All Users.COMPUTER\DRM\Cache\Indiv01.tmp"
Sun 16 Mar 2008 549,376 ...H. --- "C:\Users\user\My Documents\Microsoft Office Documents\~WRL0005.tmp"
Sat 5 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\ntuser.dat{0adcefd5-fb55-11db-8f2b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms"
Sat 5 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\ntuser.dat{0adcefd5-fb55-11db-8f2b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms"
Sat 5 May 2007 5,242,880 A.SH. --- "C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms"
Fri 31 Aug 2007 524,288 A.SH. --- "C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms"
Fri 5 Oct 2007 524,288 A.SH. --- "C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms"
Wed 11 Jul 2007 5,242,880 A.SH. --- "C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms"
Fri 5 Oct 2007 5,242,880 A.SH. --- "C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms"
Sat 6 Oct 2007 0 A..H. --- "C:\COMPUTER\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BITAC.tmp"
Sat 6 Oct 2007 0 A..H. --- "C:\COMPUTER\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\BIT10F.tmp"
Fri 31 Aug 2007 524,288 A.SH. --- "C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms"
Sat 14 Apr 2007 0 A.SH. --- "C:\Windows.old\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 26 Oct 2006 11,115 A.SH. --- "C:\Windows.old\Documents and Settings\HP_Administrator\My Documents\Music\License Backup\drmv2key.bak"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c021-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c021-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{efbd76a8-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{efbd76a8-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c025-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c025-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat{efbd76ac-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat{efbd76ac-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c01d-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 8 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat{2cc3c01d-fd9c-11db-876b-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat{efbd767d-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000001.regtrans-ms"
Tue 15 May 2007 524,288 A.SH. --- "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat{efbd767d-031f-11dc-baee-0016ecb20fce}.TMContainer00000000000000000002.regtrans-ms"

Finished!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 AM

Posted 14 July 2008 - 11:04 AM

Please restate what exact issues/problems are remaining.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 48310MI

48310MI
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 14 July 2008 - 12:21 PM

The desktop shortcuts were missing, so I dragged them from my C:\Users\user\Desktop and C:\Users\All Users.COMPUTER\Desktop folders and dropped them onto my desktop.

Six of the programs were put back onto the Start Menu Recently Used Programs list.

I still cannot create a Quick Launch toolbar.

When I open Firefox, all the bookmarks, saved pages, log in information, and the home page have disappeared.

The My Documents folder seems to be empty, although I copied all the subfolders from C:\Users\user\My Documents to My Documents.

Before I did this move, I had opened iTunes, and nothing was in my library and my account has been logged off. I did not connect my iPod during this time.

I opened Microsoft Office Picture Manager, and it is telling me it is 'not installed for this user.'

I had opened AIM, and all the log in information was there.

The All Programs folder has only MBAM, Registry Mechanic, and an empty Startup folder.

I cannot think of any other problems as of this moment.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 AM

Posted 14 July 2008 - 01:10 PM

Some of these issues appear to be related to your user account which may have been corrupted. A user profile in XP contains all the files and settings needed to configure your work environment. If it becomes corrupted so will your settings. Windows may have created a new User Profile so you could logon. When this happens, you will find that all your personalized settings, schemes, and icons are gone to include those in your Program Files. There is no simple fix for all the problems you describe other than possibly a system restore. Doing that would also return you to a state where your system was infected.

I still cannot create a Quick Launch toolbar.

Display the Quick Launch Bar on the Taskbar

When I open Firefox, all the bookmarks, saved pages, log in information, and the
home page have disappeared.

I read that this occurred after some users updated to Firefox 3. You may have to import them back in from IE.

The My Documents folder seems to be empty, although I copied all the subfolders
from C:\Users\user\My Documents to My Documents.

Check the properties of your My Documents folder. If it had been inadvertantly deleted, Windows would create a new folder with a new date/time and it would be empty. Also see Restore the My Documents Folder to Its Default Location

Before I did this move, I had opened iTunes, and nothing was in my library and my account has been logged off. I did not connect my iPod during this time.

I don't know anything about iTunes so you may want to check with iTunes Support

I opened Microsoft Office Picture Manager, and it is telling me it is 'not
installed for this user.'

Try reinstalling Picture Manager for all users.

If this were my system, I would just create a new User Account for myself and remove the old one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 48310MI

48310MI
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 14 July 2008 - 01:14 PM

Well, when I booted into safe mode, it gave me two accounts. One was Administrator, and the other had the computer name.

Also, checking on the Properties of My Documents, it says it was created on Wednesday, July 09, 2008, 16:24:18, which seems to be the time that this all occurred.

Do you know of a way to revert back to the way it was before it had gone corrupt?

Edited by 48310MI, 14 July 2008 - 01:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users