0

thank you soo very much for trying to help me,
yes i can still access safe mode , my task bar at the bottom is white all the way
across the bottom, not allowing me to access task manager, nor will ctrl alt del
allow for it to bring it up.
shutting off explorer is not possible, nor is it possible for me to access user
accounts to change passwords.user accounts opens to a blank white page.

on my desk top i am able to open a couple of my graphic programs and one bps
spyware as it is in a folder as my document folder but the anti hacker part of
bps will not open, nor am i able to open any text files or install anything
even in safe mode

but when in safe mode i started right clicking icons and opening properties
and when in my antivirus properties at the top tabs say genral shortcut &security
under the security tab i am seeing group or user names one being - account unknown
[S-1-5-32-547] when i clicked to remove it says i must stop permissions from
parenting , when i click advanced at the bottom it opens also to users and the
permission for account unkknown says "Special" it is a single head at the right
side of it with a question mark
the other user names are Administrator(myname/Administrators) - Everyone- SYSTEM -
Users(computername/users) at the right are all double heads
i have not touched anything it is still open on computer, in safe mode.

i do have them combo.exe but again when i click it it says failed
to start because the application configuration is incorrect.

the remote control connector i found in my document files was not put there by me, nor was it there before this

i was running aol 8 when this happened and when i open it and look at options
for the connection i am seeing one that says home network which was not there
before.

i searched the net for stand alone programs and found one i am able to use
WinTools.net Professional. it would not allow me to delete files but i was able to
delete them one at a time and deleted all of them. this program also allowed me access
into my registry - while i was deleting i found "Schlumberger" files - Clisd #, it looks as
this company has networking - as well as i found 2 files "BankTemplate.CBank Template
and BankTemplate.CCriteria with Clsid files-CE931825-D26E-11D7-AD61-0010DC1E3D0B
i do not do any banking online nor have i ever.

i did look in my windows system 32 file and yes i see that mstsc - what i found in my
document file looks just like that but under it was the word "default".

i am sorry it took a day to answer this but it took a whole day to find a program that
would start and to remove the entries one at a time.

i did use my lap top to change user passwords if this helps but could not do it on the other
computer.

i thank you soo much for taking your time to read all this and trying to help
me.

0

Holly, restart, but this time select Safe Mode with Command Prompt.
You will get a flashing cursor at...
C:\Documents and Settings\holly?>
You can change directories by typing say, d: this will take you to d:\ ; c: will take you back to Docs and Setts...
Things you have on your desktop are in C:\Documents and Settings\holly\desktop, so
cd desktop -will give you access to them. You can run combofix from there by entering
combofix.exe -but I note that it would not run earlier...
cd .. -will take you backwards to Docs n Setts\holly again.
Other commands you can use are many... these may help:
control -opens control panel. Doing so will take you into the normal safe mode with icons [bypass System restore], but you keep the command window.
taskmgr -starts task manager. You might try "Running" combofix from there... see below. And stop/start explorer.exe
explorer -opens a normal file navigation window.

Don't break your AV. That Security identifier [SID] S-1-5-32-547 is just the Microsoft code for the power user group.
Schlumberger in registry is okay... I'd have to look for those banking entries.
mstsc.exe is okay, leave it alone.
Unless you deliberately put them there no executable files need to be[or should be] running from My Documents or Documents and Settings and its subfolders. They can... but it is not the right place for them.

Now I don't know what sort of net connection you have, perhaps always on, perhaps you start it from an icon on your desktop [see above note re control command], but get onto it. You may need to restart in Safe Mode with Networking.
"Running" combofix: paste into that run box in TM this line:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Do not download that file but choose instead to Run it.
When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.

Try running this also:
==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
Post that log.

0

Can you do the same thing for a Lenovo W500? I just got this computer and the only thing I changed was the Windows lo-in pwd. Now it is asking for a power-on PWD. Thanks for any help you can provide. It is new, WinXP Pro installed.... I am not sure what happened cause I haven't touch it in 3 weeks and then I turn it on and the Power-on password is coming up.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.