TechSpot

User Account Messed up

By Zerozx
Apr 16, 2008
  1. Today, I got home from school...and my dad asked me if I could try to fix the computer...apparently he was just surfing the web, the internet disconnected, and wouldn't connect...and then he said a warning popped up, but he can't remember exactly what it said, but it said something about the administrator?...and that's me.
    We share a family computer....MY user login is completely normal...his, on the other hand, is messed up...it's almost like it was halfway set back to factory defaults?... The programs are still on there...but i'm not sure if they open or not. I'm afraid to mess with any of it. I tried opening up Internet Explorer on his name, and it acts as if we had just installed it. It asks set-up questions...His pictures (Didn't have many in the first place) the pictures file, music, etc...is gone. I don't see it. I also tried messing with some settings...but...They didn't change? I'm guessing he got a virus and is automatically changing settings...and also won't let US change any.
    I checked Norton Antivirus history...and it said something about qttask.exe and realsched.exe had made a total of about 700 changes to the settings...that's his account apparently. I have no idea what happend, or how it happend.
     
  2. Zerozx

    Zerozx TS Rookie Topic Starter

    I forgot to attach my HijackThis logfile...but now it's on there.

    sorry.
     

    Attached Files:

  3. jobeard

    jobeard TS Ambassador Posts: 9,351   +622

    this one can log keystrokes and mess with your browser
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O8 - Extra context menu item: Crawler Search - tbr:iemenu​
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That is an out of date version of hjt
    you need to go to control panel -> add/remove programs and uninstall Hijackthis

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Source of quote is Bleeping Commputer.
    Recommend removing this.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Additionally:

    Remove:
    R3 - URLSearchHook: Yahoo! Toolbar
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

    It looks like the source of adware is from the Yahoo Companion and Toolbar.

    Open these and stop the automatic check for updates:
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    qttask.exe and resched.exe are automatic checks for updates for Quick Time and Application Scheduler installed along with RealOne Player respectively. But I don't see either of these on your system,
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...