hey, im on my sisters computer right now and i have to run it in safe mode with networking. this is the only way i can get it to turn on. she has two users. one is christy, the administrator, which im in now. and she has christine. if you try to boot up normally, it automatically logs you into christine. im having a problem with that user name though because it only shows a blue screew which i believe is a backround. it seems like something is blocking her desktop and i cant get into anything cause she isnt the administrator. however, i noticed a popup from a cellular website showed up, but only the sound. only a blue screen. how can i fix this problem?
If you boot up normally and it's just a blue screen, sounds like the desktop has been hijacked Download smitRem.exe http://noahdfear.geekstogo.com/click counter/click.php?id=1 and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Next, please reboot your computer in SafeMode by doing the following: * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, press F8. * Instead of Windows loading as normal, a menu should appear * Select the first option, to run Windows in Safe Mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply
smitRem © log file version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Thu 09/14/2006 The current time is: 22:24:07.10 Running from C:\Documents and Settings\Administrator\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appinitdll check ........ Thank you Grinler! dumphive.exe (C)2000-2004 Markus Stephany REGEDIT4 [Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "AppInit_DLLs"="" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Install.dat ~~~ Favorites ~~~ ~~~ system32 folder ~~~ kernels8.exe amcompat.tlb nscompat.tlb taskdir.dll taskdir.exe svcp.csv winsub.xml ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ tool2.exe tool4.exe desktop.html ~~~ Drive root ~~~ secure32.html ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 716 'explorer.exe' Killing PID 716 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!
no. before, christines account was only a blue screen, but now in safe mode its black. i still cant do anything with it though. i cant see any desktop and i cant run anything from task manager or anything because all that was disabled by the adnibistrator. i dont knoe hoe to get around that. can i go into christy and change christines account to administrator? i dont want to mess with that cause christines account is the only access i have to anything on this computer.
If you can't even get onto christine's account even in safe mode and run things, there isn't much you can do. Go to Control Panel - user accounts to change the account
i put christine as computer administrator and it still says christy is computer administrator as well. i cant change christy to a limited access account. so now both are administrators it says. when i go into christine, it still says task manager is disabled by administrator.
