Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparently infected with unknown


  • Please log in to reply
16 replies to this topic

#1 rsierk

rsierk

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 28 October 2009 - 10:14 PM

First I couldn't open Excel, saying Error 1706, "Insert the MS OfficPro Ed 2003 disk. Use Source #%".
Now I can't run Word, Outlook or Windows Firewall, saying "Application not Found".
When I try to run McAfee security Center, Windows Explorer or Internet Explorer, I get "Choose the program you want to use to open this file:"

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:30 AM

Posted 28 October 2009 - 10:19 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 29 October 2009 - 01:53 PM

Hello and welcome,lets see if we can get a foot in the door.

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 October 2009 - 09:44 PM

Ran MBAM, it asked to reboot, so I did, and ran quickscan again. This time it came out 0 files infected.
Here is first scanning log:
Malwarebytes' Anti-Malware 1.41
Database version: 3057
Windows 5.1.2600 Service Pack 2

10/29/2009 10:16:10 PM
mbam-log-2009-10-29 (22-16-10).txt

Scan type: Quick Scan
Objects scanned: 97369
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rotscxowbavhxw (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus-2008.exe (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\Gj653UwE.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotscxoblrsylk.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotscxwwcwwqpq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
-----------------------------------------
Here is second log:
Malwarebytes' Anti-Malware 1.41
Database version: 3057
Windows 5.1.2600 Service Pack 2

10/29/2009 10:32:27 PM
mbam-log-2009-10-29 (22-32-27).txt

Scan type: Quick Scan
Objects scanned: 97591
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------
Is there anything else I should do?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 30 October 2009 - 03:38 PM

Due to the nature of what was found and removed ,I would like for you to read this.

Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?


Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.

Edited by boopme, 30 October 2009 - 03:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 30 October 2009 - 09:20 PM

Wow, thanks for your help. I guess I am somewhere in between on the risk scale. I do use it for online banking and inquiry to my Fidelity IRA, eBay and PayPal. When it did act badly, I pulled the router connection, but of course was connected for a while to find your forum and send request for help. I have kept fairly up to date on Windows updates, have firewall going along with McAfee subscription, and Spybot monitoring. I was backing up to an external hard drive until about 66 days ago, when the Excel quit opening, I was afraid to back up with bad files, so I did not use it. That drive has been disconnected since the last backup (my normal thing is to back up using Bounceback Launcher and then disconnect the drive). I do not leave the computer on all night.

What do you think? Is there a little more that can be done to check what it might have hiding in there? Or do you have to take cleaning steps blind?

I newly joined Facebook about two weeks ago. That couldn't be it (the source) could it?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 31 October 2009 - 09:19 AM

Hello,you are welcome. Are you backing up to an external as that should be scanned also. The other problems have stopped/

Let's run some other tools to see how you look.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post 2 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 31 October 2009 - 11:48 PM

OK, I think I have done what you suggested. Here are logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2009 at 00:07 AM

Application Version : 4.29.1004

Core Rules Database Version : 4217
Trace Rules Database Version: 2122

Scan type : Complete Scan
Total Scan Time : 02:30:59

Memory items scanned : 253
Memory threats detected : 0
Registry items scanned : 5349
Registry threats detected : 0
File items scanned : 81605
File threats detected : 43

Adware.Tracking Cookie
.doubleclick.net [ E:\WINDOWS\Application Data\Mozilla\Profiles\default\qxx9vtz8.slt\cookies.txt ]
.advertising.com [ E:\WINDOWS\Application Data\Mozilla\Profiles\default\qxx9vtz8.slt\cookies.txt ]
.advertising.com [ E:\WINDOWS\Application Data\Mozilla\Profiles\default\qxx9vtz8.slt\cookies.txt ]
.atwola.com [ E:\WINDOWS\Application Data\Mozilla\Profiles\default\qxx9vtz8.slt\cookies.txt ]
E:\WINDOWS\Cookies\default@mediaplex[1].txt
E:\WINDOWS\Cookies\default@apmebf[1].txt
E:\WINDOWS\Cookies\default@doubleclick[1].txt
E:\WINDOWS\Cookies\default@atdmt[2].txt
E:\WINDOWS\Cookies\default@atwola[1].txt
E:\WINDOWS\Cookies\default@zedo[2].txt
E:\WINDOWS\Cookies\default@revsci[2].txt
E:\WINDOWS\Cookies\default@edge.ru4[2].txt
E:\WINDOWS\Cookies\default@e-2dj6wjlowncjkeo.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@icc.intellisrv[1].txt
E:\WINDOWS\Cookies\default@sextracker[2].txt
E:\WINDOWS\Cookies\default@statse.webtrendslive[2].txt
E:\WINDOWS\Cookies\default@e-2dj6wgkygjajeeo.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@counter1.sextracker[2].txt
E:\WINDOWS\Cookies\default@perf.overture[1].txt
E:\WINDOWS\Cookies\default@data3.perf.overture[2].txt
E:\WINDOWS\Cookies\default@nextag[1].txt
E:\WINDOWS\Cookies\default@doubleclick[2].txt
E:\WINDOWS\Cookies\default@apmebf[2].txt
E:\WINDOWS\Cookies\default@zedo[1].txt
E:\WINDOWS\Cookies\default@atdmt[3].txt
E:\WINDOWS\Cookies\default@perf.overture[2].txt
E:\WINDOWS\Cookies\default@data1.perf.overture[2].txt
E:\WINDOWS\Cookies\default@tribalfusion[1].txt
E:\WINDOWS\Cookies\default@counter1.sextracker[1].txt
E:\WINDOWS\Cookies\default@e-2dj6wjnyokazigq.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@sextracker[1].txt
E:\WINDOWS\Cookies\default@ad.yieldmanager[2].txt
E:\WINDOWS\Cookies\default@ads.addynamix[2].txt
E:\WINDOWS\Cookies\default@bluestreak[1].txt
E:\WINDOWS\Cookies\default@e-2dj6wjnyumajibo.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@mediaplex[2].txt
E:\WINDOWS\Cookies\default@edge.ru4[3].txt
E:\WINDOWS\Cookies\default@e-2dj6whkyqkdjkhp.stats.esomniture[1].txt
E:\WINDOWS\Cookies\default@e-2dj6wjnyelajcgq.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@e-2dj6wjliskazkko.stats.esomniture[2].txt
E:\WINDOWS\Cookies\default@centralmediaserver[1].txt
E:\WINDOWS\Cookies\default@fastclick[2].txt
E:\WINDOWS\Cookies\default@advertising[2].txt

And now the MBAM log:
Malwarebytes' Anti-Malware 1.41
Database version: 3074
Windows 5.1.2600 Service Pack 2

11/1/2009 12:26:47 AM
mbam-log-2009-11-01 (00-26-47).txt

Scan type: Quick Scan
Objects scanned: 97634
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As to how the computer seems to be working, all seems well. The only thing it does is something I just don't know how to configure to stop it: when I boot up, it asks for a Windows logon password. I never set it up to ask for one, don't know why this come along. I just click OK without entering a PW and it seems to run OK.
The other thing it does is when I am shutting down, it puts up an error message that says it cannot find some program. This eventually goes away and it shuts down. I don't think I need this to happen, and wish I could configure something to stop these from happening.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 01 November 2009 - 05:20 PM

Hi,OK we look clean. Let's see if we can get these straightened out and mop up.

The first is one of these two changes.
In control panel >> user accounts click the link that says change the way users log on or off. Make sure the line that says use the welcome screen is checked.
Or....
If you want the computer to boot on into the user account without asking for a password.
Then go to Start >>Run, type control userpasswords2 click OK.
In the window that opens, uncheck Users must enter a username and password to use this computer, click OK.
In the window that opens, enter the name of the account you want it to logon automatically. If there is no password, leave the password field blank. Click OK.



The closing message is it something likr this?
A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message
or can you be more specific.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 November 2009 - 12:12 AM

Did what you suggested (2nd option) for first problem. Unchecked require PW to logon.
But I must have screwed something up. When I rebooted, the look changed to the new look (I use Classic), my menu bar was gone at bottom, my wallpaper was gone, and it seemed to be using my second hard drive (running in parallel to the primary. I could not find my Favorites and it would not go online. I started to try to get my classic look back, gave up. I then tried to make it boot from the right hard drive, but no luck. Is there a way to quickly restore where I was?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 November 2009 - 02:16 PM

Can you run System restore and pick a date prior to this.
See Restoring Windows XP to a previous State here
http://www.bleepingcomputer.com/tutorials/...56.html#restore
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 November 2009 - 04:19 PM

Okay, but how do I make sure it is picking a restore point of the Windows XP on the right hard drive? I am assuming it is now booting up the old hard drive's OS, which was XP, maybe XP Home rather than Pro, not remembering definitely. I never had Windows training, just thrown in to it at work and at home. Moved from 3.1 to NT, then XP, never claiming to be a master of any. Thanks again.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 November 2009 - 05:12 PM

I wasn't aware there wer to drives. MBam will need to be run in Full scan to detect other drives.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 rsierk

rsierk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 November 2009 - 10:44 PM

OK, Restore worked. MBam scanned full. Here is log:

Malwarebytes' Anti-Malware 1.41
Database version: 3074
Windows 5.1.2600 Service Pack 2

11/3/2009 10:34:12 PM
mbam-log-2009-11-03 (22-34-12).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 189739
Time elapsed: 1 hour(s), 15 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 November 2009 - 11:10 PM

OK, You should update and rescan to be sure. The other issues gone now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users