Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anything Wrong Here?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Aedhan

Aedhan

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 06:15 PM

I have had recent problems with my computer, slow boot up, and I completely lost one of the user accounts. I remade the account but I am now having a problem where it cannot access the program files.

The main account can, but not even the Administrator account has access, even in safe mode. I try to set the permissions for all of the users, but it locks up.

I ran Ad-Aware and spybot S&D twice, and they removed some things, but I still am having the problem.

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 06:45 PM

Hello Aedhan,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 07:08 PM

Ok, got that stuff scanned... a lot more than I expected... :thumbsup:

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 07:20 PM

Hello,

Heh.....sometimes it happens that way. Sometimes even I'm surprised at some of the stuff that turns up. :) Running better?

Via Add/Remove Programs uninstall the following :

AskSBar
Viewpoint


Both of those come bundled with other programs, and usually without the user's knowledge.

Reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders (if they exist):

C:\Program Files\AskSBar
C:\Program Files\Viewpoint

Reboot your computer.

Please let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 07:48 PM

Bah, Thanks for getting rid of all that stuff.

Still having the Program file access issue. our main account has it, but the newly created one does not. I booted in safe mode to try and change the security settings, and the default administrator account gets the access denied message too. The new account does not show up in the security tab, and it locks up if I try to change it.

We have been thinking about reformatting the drive for awhile, and literally just found the XP disk. We may go that route. I really appreciate the help though, thanks a ton. Not looking forward to re downloading all my steam games and mmos :thumbsup:

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 07:52 PM

Hang on! If you have your disk, then run chckdsk, or sfc /scannow to make sure your system files are intact. Perhaps it's something that can autofix that way. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 08:28 PM

I ran chkdsk, it did find problems and fixed them, but the program files one is still around.

We run three accounts on the computer, Main, Shawna and Devin

D is my personal one, it got corrupted and I removed it, then remade it. I had no access to "Program Files" It says access denied.

The other two accounts have access. If I go into safe mode on the Administrator account, it too gets the access denied message, and now my personal account does not show up in the list. It just lists "Unknown" and a bunch of numbers, which I probably shoulda written down. It also lists main, shawna, and System, and it shows they all have full access, even the unknown user one.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 08:33 PM

See if you can take ownership of that folder. Here's how, and it's simple :
http://support.microsoft.com/?kbid=308421
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 08:55 PM

Tried it, still no luck. All administrator accounts were already owners.


I can't even reformat anyway, the computer wont boot the setup from the disk (Tried it, just to see if it works, since the Dell reinstall disk for the computer is not bootable) I know this XP disk is, my sister used it when she replaced vista on her computer.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 09:01 PM

Okie dokie then......I think you're all right as far as malware goes, but I also think you'd get better OS troubleshooting guidance in this forum: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Be sure to give them the link to this topic so they can see what we've done and they can proceed from there. Don't give up yet! :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 09:05 PM

Thank you so much for your time and help, I got rid of all sorts of malware with your pointers

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 09:10 PM

You're most welcome, and I hope the other issues also get straightened out. :thumbsup:

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 09:28 PM

Wow, I thought the malware was gone, but I ran malwarebytes again, just cause I am obsessive, and no matter how many times I run and remove it, Trojan.fakealert comes back.

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:54 AM

Posted 20 July 2008 - 09:30 PM

That's okay....I should have done something more intense than I did. You're last log looked good, but it's not a tell all. Could you please post that report, and run this tool as well?

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Aedhan

Aedhan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 July 2008 - 09:57 PM

Ok, here is everything, combofix, HJT, and the Malwarebytes one

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users