User Account Messed up

Status
Not open for further replies.
Z

Zerozx

Today, I got home from school...and my dad asked me if I could try to fix the computer...apparently he was just surfing the web, the internet disconnected, and wouldn't connect...and then he said a warning popped up, but he can't remember exactly what it said, but it said something about the administrator?...and that's me.
We share a family computer....MY user login is completely normal...his, on the other hand, is messed up...it's almost like it was halfway set back to factory defaults?... The programs are still on there...but i'm not sure if they open or not. I'm afraid to mess with any of it. I tried opening up Internet Explorer on his name, and it acts as if we had just installed it. It asks set-up questions...His pictures (Didn't have many in the first place) the pictures file, music, etc...is gone. I don't see it. I also tried messing with some settings...but...They didn't change? I'm guessing he got a virus and is automatically changing settings...and also won't let US change any.
I checked Norton Antivirus history...and it said something about qttask.exe and realsched.exe had made a total of about 700 changes to the settings...that's his account apparently. I have no idea what happend, or how it happend.
 
I forgot to attach my HijackThis logfile...but now it's on there.

sorry.
 

Attachments

  • hijackthis.log
    14.5 KB · Views: 5
this one can log keystrokes and mess with your browser
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O8 - Extra context menu item: Crawler Search - tbr:iemenu​
 
That is an out of date version of hjt
you need to go to control panel -> add/remove programs and uninstall Hijackthis

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Quote:
Viewpoint Media Player is a web browser plug-in that enables users to view 3D content and other media. It is bundled with AOL, AIM, versions of Netscape, certain Adobe products and sometimes not mentioned in the license agreement. Viewpoint is also bundled with Adobe Atmosphere and hardware manufacturers pre-install some of these applications.

Viewpoint Manager is used by various products of Viewpoint Corporation and is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager will access the internet and check for updates periodically. If it detects an update, it will automatically download and install the change. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto-updating for the Viewpoint Manager" -- the player will no longer attempt to check for updates. Although, Viewpoint is not technically malware it is considered to be foistware since it is often installed without a user's knowledge or approval.

If you want to remove it, please follow the following steps:

Go to Start > Run and copy/paste or type: taskmgr

* Under the Processes tab find the following tasks or processes:
ViewpointService.exe
ViewMgr.exe
* Highlight and click "End Process".
* Exit Task Manager.


Click on Start > Run and type: services.msc

* Press "OK".
* Click the "Extended tab".
* Scroll down the list and find the service called "Viewpoint Manager Service"
* When you find the service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Disabled".
* Now click "Apply", then "OK" and close any open windows.


Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
Click to expand...

Source of quote is Bleeping Commputer.
Recommend removing this.
 
Additionally:

Remove:
R3 - URLSearchHook: Yahoo! Toolbar
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

It looks like the source of adware is from the Yahoo Companion and Toolbar.

Open these and stop the automatic check for updates:
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe

qttask.exe and resched.exe are automatic checks for updates for Quick Time and Application Scheduler installed along with RealOne Player respectively. But I don't see either of these on your system,
 
Status
Not open for further replies.

Similar threads

midian182
Former Google engineer indicted for allegedly stealing AI secrets while stealthily running...
Replies
0
Views
112
midian182
midian182
midian182
Judge voids Elon Musk's $56 billion Tesla pay package, threatening his position as world's...
2 3
Replies
50
Views
874
Thanthan
Thanthan
Shawn Knight
Another extremely rare copy of Zelda is heading to auction, and it could break records
Replies
11
Views
187
Theinsanegamer
T

Latest posts

Back