[Neil Jones]

Then read up on the procedures on This Page but don't do anything...yet.  I'm not sure this will work becuase of the Administrator Login problem...but it won't hurt to give it a shot.

Unfortunately that will need the Administrator password.

I think the best thing to do is find somebody with a working computer, ie the one the original poster is on and copy files she wants to keep to it.

Then, hoping she has a product key (if not this'll be interesting), boot the broken machine off the XP CD and wipe it and let it run through to put XP back on.

That'll be the easiest thing to do.

Tiger Pro seems to have made PSUs in the past and I can Google the name and find actual people with Tiger Pro branded PCs. So she may well have an OEM CD after all which could be run. The company looks as if its gone bust.

[Advertisements]

Wait. Dont give up now! I have the same problem thats listed here. But theres a difference here. I can access Admin (Well, I mean I know the [lack of] password, but I still get the blank blue screen when I try) and I can find the Control, also, my computer is a Dell.... So I tried system restore, last known good configuration. No luck.

The problem happens not only with just this 1 user. It happens with every user on the computer. But anyways, If you could try and help me....

[Opgots]

Wait. Dont give up now! I have the same problem thats listed here. But theres a difference here. I can access Admin (Well, I mean I know the [lack of] password, but I still get the blank blue screen when I try) and I can find the Control, also, my computer is a Dell.... So I tried system restore, last known good configuration. No luck.

The problem happens not only with just this 1 user. It happens with every user on the computer. But anyways, If you could try and help me....

[wannabe1]

Hi Opgots...

I can find the Control

Does this mean you can open Control Panel? If yes, double click "User Accounts" and set up a new account...be sure to make it an administrator account. Reboot and try to log into the new account. However, being that ALL your user accounts have issues, your problem may lay elsewhere. Give it a try, though. If it solves the problem, do the same for each account...follow the instructions in post #2 of this thread to recover your documents from the old account.

wannabe1

Edited by wannabe1, 09 October 2005 - 04:37 PM.

[Opgots]

No such luck, my friend. It does mean I can find control pad. I set it up. But the ever-popular problem persisted.

Perchance its a virus? I have a friend who's pretty good with virus killing, so to speak. If we cant rectify the problem here, perchance Ill see what he can do.

Any other ideas?

[wannabe1]

Opgots

My first guess would be malware. If you have your recovery cd, you could run System File Checker and see if that takes care of the problem. Have you tried doing the steps listed under Start Here at the top of the page in the Malware Forum? Maybe give that a shot first. It will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- post a hijackthis log in THAT forum.

wannabe1

[Opgots]

All right. Good to know. Ill get right on that. If I get results, Ill let you know.

Thanks.

[wannabe1]

Thanks Opgots...if it turns out not to be a malware issue, post back and we'll dig a little deeper.

wannabe1

[Opgots]

Ok my friends, Im back with news. It was indeed Malware. My comp desktop showed up after a Ad-awre sance. However, now, my computer is running at like...!00% CPU the whole time. I get like a 2 minute break it every like 10 minutes. If you could help me get rid of this, thatd be helpful. Remember my computer is running quite slowly so I cant do much. If you know of a way though...Id appreciate your help.

Ive scanned again several times, and it still works quite slowly. Also, Ive been occasionally getting this message, although I didnt get it today.
"The insturction at 0x7c80d189 refereenced memory at 0x8d400085. The memory could not be read. Clock Ok to terminate the program."
This message is usually followed by repetitions of the message, and sometimes this pops up in the middle:
"The Except Guard Page Excpetio. A page of memory that marks the end of data structure, such as a stack or arroay has been accessed. (0x80000001) occured in the application at location 0x010e11d2."

Whats that mean?

Thanks again. Ill keep you updated.

[natacha21]

Well...i'm not being allowed to download and spyware removal files, i've tried two and they both failed, i tried microsoft spyware that failed, i don't know i'm ready to give up on this PC. I'm going to try downloading Hijackthis and see what happens.

[wannabe1]

Hello again, natacha21...

I suspected as much...the malware, I mean.

If you do manage to get HiJackThis downloaded, install it, and double click on the icon. On the first screen of HiJackThis, click on "Do a System Scan Only"...on the next screen, click on the "Config..." button, and on the next screen, click on "Misc Tools"...Click the "Generate StartupList log" button and post a copy of the log here. You need not check either of the boxes next to this button.

If you can not download the application, it is small enough to transfer viz floppy disk. You could download it on another machine and install it on yours that way. I would like to see the above log, though, if you can manage it.

wannabe1

[natacha21]

Its downloading, thank goodness, i have (dial up) so i have a bit of waiting to do lol...sorry.

[natacha21]

Logfile of HijackThis v1.99.1
Scan saved at 8:42:09 PM, on 10/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\ncomputer\Local Settings\Temporary Internet Files\Content.IE5\J8U2L0CF\HijackThis[1].exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cufyy.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [t72O3EW] modrxy.exe
O4 - HKLM\..\Run: [bl7fc35t] C:\WINDOWS\System32\bl7fc35t.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [l] C:\WINDOWS\l
O4 - HKLM\..\Run: [m] C:\WINDOWS\m
O4 - HKLM\..\Run: [z] C:\WINDOWS\z
O4 - HKLM\..\Run: [a] C:\WINDOWS\a
O4 - HKLM\..\Run: [r] C:\WINDOWS\r
O4 - HKLM\..\Run: [appjk32.exe] C:\WINDOWS\appjk32.exe
O4 - HKLM\..\Run: [e] C:\WINDOWS\e
O4 - HKLM\..\Run: [b] C:\WINDOWS\b
O4 - HKLM\..\Run: [v] C:\WINDOWS\v
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1120926579\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [w] C:\WINDOWS\w
O4 - HKLM\..\Run: [h] C:\WINDOWS\h
O4 - HKLM\..\Run: [d] C:\WINDOWS\d
O4 - HKLM\..\Run: [c] C:\WINDOWS\c
O4 - HKLM\..\Run: [u] C:\WINDOWS\u
O4 - HKLM\..\Run: [k] C:\WINDOWS\k
O4 - HKLM\..\Run: [o] C:\WINDOWS\o
O4 - HKLM\..\Run: [n] C:\WINDOWS\n
O4 - HKLM\..\Run: [j] C:\WINDOWS\j
O4 - HKLM\..\Run: [f] C:\WINDOWS\f
O4 - HKLM\..\Run: [t] C:\WINDOWS\t
O4 - HKLM\..\Run: [s] C:\WINDOWS\s
O4 - HKLM\..\Run: [q] C:\WINDOWS\q
O4 - HKLM\..\Run: [x] C:\WINDOWS\x
O4 - HKLM\..\Run: [p] C:\WINDOWS\p
O4 - HKLM\..\Run: [i] C:\WINDOWS\i
O4 - HKLM\..\Run: [y] C:\WINDOWS\y
O4 - HKLM\..\Run: [g] C:\WINDOWS\g
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [cwtEROatj] mmcpdmoe.exe
O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...S_ZBzeb032YYUS@[fwpscript]Version:01.03.00.08|rsvp|Icon:none@[
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128802098184
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{133835F6-7491-4022-BA0E-796601E0DE2F}: NameServer = 205.188.146.145
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlow.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[wannabe1]

natacha21...

I think the majority of the problem here is malware...your machine is loaded. In addition to that, some of the repair techniques I want to use are best used on a clean and fully updated operating system. Now that you have a HJT log to show them, I'm going to ask a Moderator to move this to the malware forum and let the experts there deal with the Nasties. When you are finished there, we can address any problems that remain. Keep in mind that the folks over in Malware are very busy, but they will get to you as soon as they can...they're the best!

I will keep an eye on your progress....

wannabe1

Edited by wannabe1, 11 October 2005 - 07:24 PM.

[natacha21]

ok... thanks for everything.
tasha

[yardguard]

The shell is not running....

Go to task manager /file/new task and type explorer.exe