Can't logon to Windows XP to deleted some registry

I use Malwarebytes Antimalware regularly http://www.malwarebytes.org/mbam.php and havent had an infection found.
In about a year.
Yesterday i scanned after about a month and i saw 12 infections !
MBAM said it could not clean a few infections:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer Unknown
9/11/2010 11:19:49 PM
mbam-log-2010-09-11 (23-19-49).txt
Scan type: Quick Scan
Objects scanned: 94917
Time elapsed: 2 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
(Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
(Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mp3_audio_codec (Spyware.Zbot) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and
deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:
\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data:
system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:
\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted
successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
So i thought of manually removing the infected Registry keys. (Something i've done many times before)
While I was at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
I saw a key named 'Special Accounts', it looked fishy to my paranoid eyes.
Had some 'strange' values in it, none corresponding to my Username (Administrator) or Guest. 3 were somewhat random letters with a ~, and one was 'search assistant'.
Looked like malware remains of some kind, so, i deleted them all.
After that i rebooted, the welcome screen showed up (usually straightaway shows me desktop since there is just one user 'Administrator') with the only user 'Administrator'.
When i click it, it shows 'loading your personal settings' for a second. Then it reads 'saving your settings' and stays at the logon screen. Repeated it for 10 times. Restarted and repeated. Shut Down and repeated.
Always same result.
Then i tried the 'Last Know good configuration' in statup options. Still same result.
Tried 'Safe Mode' starts loading then breaks at 'unable to load NTFS.dll'
'Safe mode with networking' same logon screen and same one second login and return to logon screen.
I dont know how to login. Can someone please help. Is there a way to remotely add the keys back to my registry. Or some way to correct this problem?
Thanks and Regards
guptavis

Hmm I think Jeka is right
The best, easiest and safest way to get rid of this issue is a new OS installation.
You could also try to repair the registry and to clean the OS files using CCLeaner (its free) but Im not quite sure if this would help you
So new OS installation seems to be a good choice because the HDD would be formatted and all trojans, malware, viruses, which were not detected by other scanns, would be deleted too.

Similar Messages

  • Can't logon on Windows 7 Home Premium

    Tried to fix slowness, freezing up. Logged off, now get a message "the user profile service failed the logon. User profile cannot be loaded".

    If the user profile can't be loaded, it's a system error, not a problem with Firefox. Unfortunately, if you can't log in, I don't know how you would fix this.
    Start by booting in safe mode and uninstalling Firefox if you feel that's the cause. Otherwise, also try using System Restore and see if that works.

  • Removing a service from windows server when deleted from registry

    I have a service in services.msc with the description saying "Failed to read description. Error code:2".
    The problem is the service isnt in the registry, using "sc delete" wont work. Ive tried adding the key into the registry with the string value set for the display name the same as the service in the service.msc then attempting to delete.

    You might check the event log for further details. if the service key folder under
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services is gone then I suspect the error message is about a different service.
    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Can the folder C:\Windows\Cache\Adobe Reader 6 and the files it contains simpley be deleted?

    My daughter is running Adobe Reader 9.4.5 and Adobe Flash Player 10 Active X
    on a Dell Dimension 4400 system with
    Windows XP Home Edition version 2002 Service Pack 3.
    During a full system backup using Seagate DiskWizard version 11.0.8326
    each time folder C:\Windows\Cache\Adobe Reader 6
    is accessed the pc freezes with the Blue Screen error
    IRQL NOT LESS OR EQUAL ERROR 0x0000000A
    (0x00000166, 0x00000002, 0x00000000, 0x804E5443).
    Each time the Adobe Reader 6 folder is opened manually, the system presents a spinning
    CD icon superimposed on the cursor and attempts to access the CD drive.
    The access ultimately fails since there is no CD loaded because there is no intent to install
    anything at the moment.
    Through a manual process of backing up each of the the files in the Adobe Reader 6 folder
    individually, one at a time, I strongly suspect the problem file to be instmsiw.exe.
    Can the folder C:\Windows\Cache\Adobe Reader 6 and the files it contains simpley be deleted? 
    Are there any registry entries or issues that must be addressed before deleting these files?
    What is the best way to free up space on the C drive that is apparently being occupied by
    files left over from the install of a prior version of Adobe Reader?
    The folder C:\Windows\Cache\Adobe Reader 6 contains the following files:
    0x0409.ini                        5KB          Configuration Settings        2/18/2003
    abcpy.ini                          2KB          Configuration Settings        3/24/2003
    Adobe Reader 6.0.msi      2198KB     Windows Installer               5/19/2003
    Data1.cab                       23334KB    WinZip file                         5/19/2003
    instmsia.exe                   1669KB      Application                        3/11/2002
    instmsiw.exe                  1780KB      Application                        3/11/2002
    Rdr60ENU.itw                 16KB          ITW file                            5/11/2003
    Rdr60ENU.mst               4KB            MST file                           4/16/2003
    Setup.exe                      212KB        Application                        5/19/2003
    Setup.ini                        2KB            Configuration Settings        5/19/2003
    Thank you for any assistance you can provide.

    Go to Add/Remove Programs in Control Panel and uninstall Adobe Reader 6. That version poses a security risk to your system and should be removed a.s.a.p.
    After you remove it, reboot and then delete the "Adobe Reader 6" folder at the location you mentioned above.
    Then go to http://get.adobe.com/reader/direct/ and download version 9.4
    After that installs, download the latest patch for it by opening the program, then go to Help | Check For Updates.
    As a precaution, download the free version of Malwarebytes from here: http://www.malwarebytes.org/products/malwarebytes_free and then run a full system scan.

  • Hallo My system runs slow. how can i reorganize the date, that the pc runs faster? In the window world i hade to delete some fils. how it work in the apple world?

    Hallo My system runs slow. how can i reorganize the date, that the pc runs faster? In the window world i hade to delete some fils. how it work in the apple world?

    See these:
    Switching from Windows to Mac OS X,
    Basic Tutorials on using a Mac,
    Mac OS X keyboard shortcuts,
    Anatomy of a Mac,
    MacTips,
    Switching to Mac Superguide, and
    Switching to the Mac: The Missing Manual, Mountain Lion Edition.
    Additionally, *Texas Mac Man* recommends:
    Quick Assist,
    Welcome to the Switch To A Mac Guides,
    Take Control E-books, and
    A guide for switching to a Mac.
    Once you get familiar with the Mac, see:
    Mac Maintenance Quick Assist,
    Mac OS X speed FAQ,
    Speeding up Macs,
    How to Speed up Macs, ,
    Macintosh OS X Routine Maintenance,
    Essential Mac Maintenance: Get set up,
    Essential Mac Maintenance: Rev up your routines,
    Maintaining OS X, 
    Five Mac maintenance myths and
    Myths of required versus not required maintenance for Mac OS X for information.

  • Am trying to connect my icloud to my outlook account.  Icloud says I have two versions of Outlook running.  I installed Outlook 2013 but Outlook 2010 is a trial version and I can't seem to be able to delete it without deleting all of Windows Office 2010

    Am trying to connect my icloud to my outlook account.  Icloud says I have two versions of Outlook running.  I installed Outlook 2013 but Outlook 2010 is a trial version and I can't seem to be able to delete it without deleting all of Windows Office 2010

    You will have to remove one of the two versions, which one is your choice.

  • I partitioned my apple macbook with windows and mistakenly deleted the apple partition, now i want to restore my system fully to apple. please how can i do that

    i partitioned my apple macbook with windows and mistakenly deleted the apple partition, now i want to restore my system fully to apple. please how can i do that

    If your MacBook shipped with an install disc you'll have to use that. If it didn't you should be able to use Internet Recovery OS X: About OS X Recovery
    EXactly which macbook do you have?

  • Hi there,I have just purchased an apple mac air and i want to delete       some photos i have put on in iPhoto. Can anybody tell me how to do it?i am used to windows right click and press delete, there must be an easy way to do this. Cheers Pete.

    Hi there, I have just purchased an apple mac air and i want to delete some photos i have  put on i photo.I am used to windows where you right click and press delete.Does anybody know how to do it? Cheers Pete.

    lamptramp wrote:
    Hi there, I have just purchased an apple mac air and i want to delete some photos i have  put on i photo
    Open iPhoto and from the Menu Bar... Click on Help... Type in Delete and choose from the Selected Topics.
    lamptramp wrote:
    ... am used to windows ...
    See >  http://www.apple.com/support/macbasics/

  • Built-in Admin and local admin accounts can not logon locally

    When I attempt to logon locally to a Windows 7client as the built-in administrator or local admin I receive the message "You can not logon because the logon method you are using is not allowed on this computer"
    I can logon as a network administrator.  I run gpedit.msc to see the current group policy.
    Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Allow log on locally is set to EVERYONE, Administrators
    Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Deny log on locally is set to NONE
    This makes no sense as to why the local admin or built admin cannot logon.

    Hi,
    What is the network environment? Are you in a domain? Group Policy processing has a precedence, local GPO has the lowest priority, please make sure that it's not overwritten by other GPOs.
    After setting the policy, make sure to run gpupdate /force to update the policy.
    Does this issue happen only on this specific computer? Another situation is that the profile is corrupted, delete the profile and recreate one, and check if it works.
    Yolanda Zhu
    TechNet Community Support

  • I was deleting some Wild Tangent games, computer went nuts, and now I can't get Firefox. I have to access the web through Internet Explorer (hate it). How do I get Firefox back. I've tried everything.

    I had FF 4.0 Beta 12. While deleting some Wild Tangent games, everything went black and I haven't been able to get to Firefox since, (about 7-8 weeks. I click on the desktop icon for FF and I do get the FF screen with the FF icon on top left and the minimize, maximize and exit icons on the top right. However, the screen is just white and I can't open anything up. This is driving me crazy because the only way I can get to the internet is through IE and I hate it. I do get a crash report from FF and I fill it out and send it in with my email but I hear nothing from FF because I don;t think you get the report. I want my FF back and I'm going very frustrated trying everything and nothing works. Please, please help me if you can. Thanks, Cathy

    Forgot Your Account Password
    For Lion, Mountain Lion, or Mavericks
        Boot to the Recovery HD:
    Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
         When the menubar appears select Terminal from the Utilities menu.
         Enter resetpassword at the prompt and press RETURN. Follow
         instructions in the dialog window that will appear.
         Or see:
           Reset a Mac OS X 10.7 Lion Password
           OS X Mountain Lion- Reset a login password,
           OS X Mavericks- Solve password problems,
           OS X Lion- Apple ID can be used to reset your user account password.
    For Snow Leopard and earlier with installer DVD
         Mac OS X 10.6- If you forget your administrator password,
         OS X- Changing or resetting an account password (Snow Leopard and earlier).
    For Snow Leopard and earlier without installer DVD
        How to reset your Mac OS X password without an installer disc | MacYourself
        Reset OS X Password Without an OS X CD — Tech News and Analysis
        How To Create A New Administrator Account - Hack Mac

  • How can I use a new computer without deleting everything on iPod?

    Hey Guys
    I need a bit of help.
    My old computer died, it was running Windows XP. I've got myself a new computer running Windows 7.
    I have a copy of my iTunes folders from my old computer (taken 2 days before it died)
    How can I use a new computer without deleting everything on iPod touch?
    I've imported all the folders (music, apps etc) into the new computer's iTunes, but when I sync my iPod
    I receive a window asking if i want to sync i need to erase and replace with the iTunes library on the computer.
    I particularly don't want to do this.
    My wife also uses my iTunes for her iPhone.
    Any help would be appreciated. Thank you

    Make a backup of the iPod by connecting the iPod to the computer and right clicking on the iPod under Devices in iTunes and selecting Backup. Then restore the iPod from that backup and sync as necessary.

  • I am clearing through my phone for more memory. I want to delete some personal photos and videos of family forever, how can i do this ?. I do not want the photos or videos to be found anywhere.

    I am using a Iphone 5c device on software update IOS 7.1.2. I want to delete some personal videos and photos of my family and friends and myself. I am worried that if i delete them they may still be on my itunes account or icloud account. I do not want them on any of my accounts or files anywhere, I would like them gone off of everything. How can i do this?
    Thanks in advance.

    The answer is not simple. First, are these images in the Camera Roll or the Photos app? Next, do you have Photo Stream enabled? Also, do you back up your phone to your computer or to iCloud, or to both?
    If you have Photo Stream enabled then the images have already been distributed to anyone who is subscribed. Nothing that I can think of that you can do about that. The rest of this post assumes that Photo Stream was never turned on.
    If the images are in your Camera Roll you can delete them from the Camera app. The won't go anywhere, however, they will still be in your backups.
    If you back up to your computer using iTunes you can go to iTunes Preferences, Devices tab, and delete your backups. After deleting all of them, and also after you have deleted the images from the Camera Roll, do a new backup.
    After deleting the backups do a Secure Delete of deleted files on your computer. On a Mac you can do this with Disk Utility; have it erase deleted files. On Windows you need to get a 3rd party "shredder" app.
    If you back up to iCloud on the phone go to Settings/iCloud - Storage & backup - Manage Storage. Tap on each backup and delete it.
    If you have photos in the Photos app that are NOT in the Camera Roll album you need to connect your phone to iTunes, click on the Photos tab, uncheck all of them that you don't want (or uncheck Sync Photos if you want all of them gone), then sync.
    Then repeat all of the steps above.

  • How do I access pictures from my iPhone saved in iCloud so that I can delete some of them from iCloud selectively?.

    How do I access pictures from my iPhone saved in iCloud in a computer so that I can see & delete some of them from iCloud to free up the free 5GB?.

    What Mac model do you have? What system version and iPhoto version are you running?  Do you meet these requirements:
    The following is for this Apple document: iCloud: Photo Stream FAQ
    What do I need to use Photo Stream?
    To use Photo Stream, including Shared Photo Streams, you need an iCloud account, compatible devices, and up-to-date software:
    iPhone, iPad, or iPod touch with iOS 6.0 or later
    Mac with OS X Mountain Lion v10.8.2 or later and iPhoto 9.4 or Aperture 3.4 or later
    PC with Windows 8, Windows 7, or Windows Vista (Service Pack 2) and the iCloud Control Panel 2.1 or later for Windows
    Apple TV (2nd generation) with Software Update 5.1 or later
    You can still use Photo Stream without Shared Photo Streams if your devices meet these requirements:
    iPhone, iPad, or iPod touch with iOS 5.1 or later
    Mac with OS X Lion v10.7.5 or later and iPhoto 9.2.2 or Aperture 3.2.3 or later
    PC with Windows 7 or Windows Vista (Service Pack 2) and the iCloud Control Panel v2.0 or later for Windows
    Apple TV (2nd generation) with Software Update 5.0 or later
    If you do then sign in to the same iCloud account that's on your iPhone on your Mac via the System/iCloud Preference pane as shown in this screenshot:
    Next setup iPhoto's Photo Stream preference pane as shown in this screenshot:
    The photos on your iPhone must be in it's Photo Stream so make sure the iPhone has enabled Photo Stream as shown below:
    Now you can select a photo in the Photo Stream section of iPhoto and control-click on it to delete it:
    OT

  • Can't boot to windows, stuck at black screen (with cursor)

    Hi! I'll get straight to my problem: I can't boot to Windows (Windows 10 Technical Preview) anymore after installing VirtualBox (or rather, an Android emulator that installed VirtualBox) on my system. I get stuck, after the loading animation with the blue HP logo, on a black screen (I can move my cursor around) but the login screen never shows up.
    The problem.
    I'm currently dual-booting linux and windows for several purposes. My laptop came with a Windows 8.1 OS by default. Some time after the Windows 10 Tech Preview came out to public, I upgraded my system to Windows 10 (so my 8.1 is gone now). Everything's going well until I installed this Android emulator (which installed VirtualBox) on Windows 10. Everything seemed fine at first but after rebooting, Windows isn't working anymore. I can still boot to linux, but Windows just won't boot properly.
    What I've tried.
    I've tried A LOT of things. The problem actually happened twice already (at first I was able to fix it with System Restore but not this time around). I have a Windows 8 USB Recovery Drive at hand, just so I can access a Windows command line. It's not from my system, though. It came with a new windows 8 laptop of a friend so I just borrowed it.
    1: System Restore. This worked the first time. But now the restore won't finish and throws an error, telling me that it can't restore my system.
    2: Refresh PC. "There was a problem refreshing your PC. No changes were made." or something like that.
    3: chkdsk on C:\. It says it changed some files, but it doesn't really fix the problem.
    4: sfc /scannow. Again, something happened, but it didn't get fixed.
    5: bootrec.exe to fix BCD and MBR. Doesn't work. (as far as I know my sytem is using GPT)
    6: Hard reset (remove all power sources then hold power button). Still not working.
    7: System Restore again. All the restore points aren't working. It reaches a "Finished" state, but then an error comes up after. It says can't extract a specific file, and the restore point is damaged or might have been deleted during restore.
    8: checking and fixing bad sectors (nope, no bad sectors on my hard drive)
    9: built-in component tests. It passed all of them, except the battery test (my battery really isn't surviving for any duration longer than 30 minutes, but that shouldn't affect my OS). I didn't try the really long tests since I thought it wouldn't matter as my problem is most probably completely software (since linux is still working).
    10: cry. oh please. Windows isn't working. What should I do? (
    Things I haven't tried.
    1: RAM and CMOS battery reset.
    2: Reset PC.
    3: Format hard drive.
    4: Test hard drive on another laptop's system.
    If possible I'd like to avoid getting my hard drive wiped, since I have a lot of stuff to backup (more than 300 GB of files + dozens of linux apps and ppas), and I only have a 32GB USB drive to backup all the files I need).
    Thanks for reading.

    Sorry for the delay. Wasn't expecting the "road work" signs when attempting to check back with you in the AM here.
    As others have already mentioned, the prompt for file systems occurs during text mode setup. Quick or Full? FAT or NTFS? How do you know what to do?
    We'll start with file systems, short and sweet. Most any OS can read and write FAT volumes without fail which makes FAT ultra-portable, and the only choice if you want to let Mac OS write documents on your Windows volume. It's also more efficient on drives of 16 GB or less. However, FAT has no folder-level access control, so any file in the system can be manipulated by any user or by any system process. By contrast, NTFS is far more restrictive. It can only be manipulated under Windows, though other systems may be able to read it. Not only do you get the access control that FAT lacks, but you also get superior efficiency on large volumes, plus the power to compress or encrypt folders and files at will (in "business" flavors of Windows only--and yes, Vista Ultimate counts as "business" even though it will be supported much like a "consumer" version).
    On format speeds: A quick format is very handy if you have a large partition or a single drive completely dedicated to Windows. Because it completes in 30 seconds or less, it will go a long way toward completing your Windows install. However, in some cases, volumes formatted with a quick format may have reliability issues. They must have fixed this in Vista, because Vista can only format at the "quick" speed.
    A full format tests all blocks of a given volume (as opposed to testing an entire disk unless the volume itself is the entire disk) as the file system structure is laid down. Bad blocks are marked as "used" when they are found. This type of format takes much longer as a result of all the testing, but the result is a more stable volume from the start.
    Get past the formatting stage, and you'll be right as rain.
    Nate

  • I can't connect to my MacBook becaus it won't boot. Then my iPad says I need to delete some stuff to be able to download any.thing. I know I have room but is it possible to delete without connecting?

    I can't connect to my MacBook because I can't get THAT to start. It just sits in it's blue screen With the apple, spinning it's gear. All this happened after I used mackeeper. If anyone can help with that, I'd appreciate it. I've tried starting in safe mode,resetting everything but nothing happens. It's not the kernel, ive delt with that  it looks like it's going to boot but it won't.  Then there's  my iPad which says I need to delete some stuff to be able to download anything. I know I have room on there but there are 2copies of a movie and I'd like to delete one of them.  Is it possible to delete anything on the ipad without connecting to MacBook?  I do have an appt later in the week but if I could fix this myself that would save me a couple hours driving time. Thanks for anyone's help in both of these matters.

    Be sure Safari does not have the Block Pop-Up Windows preference set.
    Where I work now there are several unencrypted VLANs that require authentication, and Safari promptly pops up a window for me to register every time.

Maybe you are looking for

  • Captivate Subscription - Doesn't seem to be able to verify my paid subscription

    This one might be beyond the technical expertise of the community at large, but I will give it a shot. My 5.5 and 6 subscriptions worked fine in the past, but 7 just doesn't seem to be able to see that I have a paid subscription. Here is what has tra

  • Possible service repair problem

    I just submitted a request to repair my Ipod, via drop off at an UPS location. The message afterwords said to take it to an UPS store immediately, and that they'd recieve a confirmation email within an hour. Well, I figured that I could drop off my i

  • Button to link to MySQL?

    I am a Java beginner. I am writing a program for recording customers' payment. I would like to a button on a GUI for me to click to add a record. For example, I can add a record of $100 to MySQL simply by clicking this button. Whenever the customer p

  • Apple Remote Desktop 3.4 issue

    Hi there, In Apple Remote Desktop 3.4 server I added a client computer by doing a scan by IP. Once the computer was added to a group I was able to take remote control, however after a few minutes I noticed the ARD console was having issues authentica

  • HALT: Object header already written - STMS ERROR 16

    Hi folks!!! Please I need a hand I´ve tried export a TR however during the export process I got the error 16. This only happens when I try to export TR that content programs. Please any support is really appreciated.