Login for the first time under new user account throws error

Page 1 of 2 12 LastLast

  1. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
       #1

    Login for the first time under new user account throws error


    I've a strange problem with my NetBook running Win7 Home, 32-bit. It had two user accounts (both admin) one for me and one for my wife.

    For the past few months when my wife logs into her account it would run very slow. However my user account didn't have that problem. To fix this, I've deleted my wife's user account and created a new one.

    When I login using the newly created user account, I get a bunch of "Windows can't open file" dialogs for ie4uinit.exe and several others.

    Assuming that there might have been a malware, I've downloaded Malwarebytes and ran a full scan. After running for an hour, it returned with no malware.

    More details: At some point I've also upgraded from IE8 to IE9. Uninstalled an unknown program PlayItAll media player.

    Any help/direction is well appreciated.

    Thanks in advance.
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    What anti-virus are you using?
    Have you tried SFC /scannow?
      My Computer


  3. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
    Thread Starter
       #3

    Anti Virus: Microsoft Windows Essentials (Used to be Norton)

    Thanks for the "sfc /scannow" tip. I've not used it so far. I'll try that option and post the results shortly.

    Right now using Kaspersky Rescue Disk to detect any rootkits/hidden malware
      My Computer


  4. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #4

    rmsh,
    for rootkit/hidden removal, then I recommend WDO, Windows Defender Offline.

    Windows Defender Offline is NOT Windows Defender.

    You will be booting from a usb (or cd if you really like to wast CDs), Win 7 is never even started.

    Anyway, here is the write-up on using WDO (link in my signature).

    HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
    Windows Defender Offline
    · is a free standalone, bootable malware and virus remover from Microsoft.
    · performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

    Download Windows Defender Offline (about 764 kB)

    You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
    The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

    NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
    NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

    You run the 32 bit version on a 32 bit version of Windows.
    You run the 64 bit version on a 64 bit version of Windows.

    The 32 bit download file name is: mssstool32.exe
    The 64 bit download file name is: mssstool64.exe

    For the curious, this program was originally name Microsoft Standalone System Sweeper.


    INSTALLATION:
    You will need an Internet Connection.
    Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
    Run the downloaded program--mssstool64.exe or mssstool32.exe
    NEXT button
    Choose the option On a USB flash drive that is not password protected
    NEXT button
    NEXT button
    .
    The install program will format the usb stick using the NTFS format.
    The install program will download about 210 mB.
    The install program will name the USB stick WDO_Media32 or WDO_Media64
    The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
    The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
    You can expect the number of mB to increase as more malware appears.

    UPDATE Windows Defender Offline USB stick:
    · reinsert the usb stick
    · run the installation program, mssstool64.exe or mssstool32.exe, again.
    · the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

    Since the malware database is sometimes updated several times in a day, always update before running.

    PERFORM AN OFFLINE SCAN
    Bootup your computer from the USB stick
    Windows Defender Offline will automatically perform a quick scan.
    After the quick scan finishes, Choose Full Scan
    Select all of your drives

    The initial, full scan can easily take several hours, but
    Remember, your computer is being very thoroughly checked for all types of malware.


    RESULTS OF THE SCAN
    The results will be in 4 log files on your computer's disk in:
    \Windows\Microsoft Antimalware\Support
    Upload the four log files please.
      My Computer


  5. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
    Thread Starter
       #5

    Thanks for the tip about "Windows Defender Offline" - will give it a try.
      My Computer


  6. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
    Thread Starter
       #6

    See output from sfc /scannow - all clear
    C:\windows\system32>sfc /scannow

    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    Will try the Windows Defender Offline and post the results
      My Computer


  7. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
    Thread Starter
       #7

    Windows Defender Offline found a malware (Java/Blopeen.BR) and has successfully cleaned it. I'll upload the log files later.

    After that I've created the new user account and the behavior was just the same (multiple errors on first login). New accounts are not setup correctly.

    Kaspersky also found a malware (different name) but couldn't delete it.
      My Computer


  8. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #8

    Either Kaspersky gave a false report (most likely) or you need to run that full scan by WDO. If report was not false, then you have already reinfected your computer.

    I need those log files.

    Here is how to post those logfiles:

    Script:
    # ************************************************************
    # Zips up your log files from Windows Defender Offline
    #  and extended info about the log files
    # Places WDOlogs.ZIP on your Desktop
    #
    # **********************INSTRUCTIONS**************************
    # STEP 1 *****************************************************
    # RUN PowerShell as administrator
    # START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
    # ************************************************************
    # STEP 2 *****************************************************
    # COPY, using CTRL+C, every line down thru both EXIT statements 
    # PASTE into Powershell == Right-Click at the PowerShell Prompt
    #  (Ctrl+V does not work)
    # Start copying with first line without a # at start of the line
    # Note: Actually, you can paste the entire file if you rather
    #       Lines starting with a # are ignored by PowerShell
    # ************************************************************
    #functions

    function New-Zip {
        
    param([Parameter(Mandatory=$truePosition=0ValueFromPipeline=$true)]
        [
    String$Path, [Switch] $PassThru, [Switch] $Force )
        
    Process { if (Test-Path $path) {if (-not $Force) { return } }
        
    Set-Content $path ("PK" + [char]+ [char]+ ("$([char]0)" 18))
        
    $item Get-Item $path$item.IsReadOnly $false;if ($passThru) { $item } } }
    function 
    Copy-ToZip {param(
      [
    Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
      [
    String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
      
    Begin {$ShellApplication = New-Object -ComObject Shell.Application
      
    if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path Resolve-Path $ZipFile
      $ZipPackage 
    =$ShellApplication.Namespace("$Path")}
      
    Process {$RealFile Get-Item $File; if (-not $RealFile) { return }        
      if (-
    not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc 
        
    Write-Progress "Copying to $ZipFile$RealFile.FullName -PercentComplete $perc}
      
    $Flags 0; if ($force) {$flags 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
       $ZipPackage
    .CopyHere($realFile.Fullname$flags);Start-Sleep -Milliseconds 500}}

    $fileinfo join-path $env:TEMP \wdofileinfo.txt
    IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
    $dir $env:windir '\Microsoft Antimalware\Support'
    $a dir $dir  -rec -force -ea:silentlycontinue sort-object -property lastwritetime 
    $b 
    $a where {$_.extension -eq '.log'} |Select  modefullnamenamecreationtimelastwritetime,  lastaccesstimelengthextension
    $b 
    out-file -append $fileinfo
    $b 
    | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo 
    $ziploc 
    $env:userprofile '\desktop\WDOlogs.ZIP'
    new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
    copy
    -tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
    del $fileinfo

    EXIT
    EXIT

    # ***************** NOTE - POWERSHELL VERSION*****************
    # if you receive this error msg:
    #  Get-WinEvent: The system can not find the path specified
    # you need to update your PowerShell
    # you must be using Powershell 2.0 or later.
    #
    # To determine your Powershell version:
    #   Run PowerShell
    #   enter $host.version
    #   you should see at least:
    # Major  Minor  Build  Revision
    # -----  -----  -----  --------
    # 2      0      -1     -1
    #
    # If you do not see the above, update your Vista/Win 7.
    # ************************************************************
    # *************** NOTE - EXECUTION POLICY*********************
    # If you haven't set the execution policy, you may need to:
    #   Run PowerShell
    #   enter Set-ExecutionPolicy -executionpolicy remotesigned
    #
    # ************************************************************ 
      My Computer


  9. Posts : 8
    Microsoft Windows 7 Starter 32-bit SP1
    Thread Starter
       #9

    Here you go
    Login for the first time under new user account throws error Attached Files
      My Computer


  10. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #10

    rmsh,

    1. update your specs.
    2. post diskmanagment snippet using procedure that follows:

    Update your SevenForums System Specs
    User CP (located on the top menu bar) |
    Your Profile | Edit System Spec
    (left-hand column)

    To gather info, use Speccy (my favorite) or SIW or System Info

    In the System Manufacturer Block, enter:
    Manufacturer and Model and
    ADD the word laptop, desktop, netbook or tablet.
    For example:
    Toshiba Satellite L305D notebook.

    Provide full windows version info, for example:
    MS Windows 7 Ultimate SP1 64-bit

    Use the “Other Info” block for Optical Reader,
    Mouse, touchpad, wifi adapter, speakers, monitor, etc

    Scroll down and click on SAVE CHANGES.

    You will find that in Speccy, you can select info from the display
    using your mouse/touchpad and then paste that info into your specs.

    SIW is a marvelous program, but the free version does not offer
    this capability.
    ================================================
    ================================================
    HOW TO POST A SNAPSHOT OF DISK MANAGEMENT DISPLAY
    Run disk management:
    WIN |
    type DISKMGMT.MSC | ENTER
    This method gives you a display without the unneeded navigation pane.
    WIN=key with Microsoft logo on top.

    Maximize the output of Disk Management:
    Maximize the output of Disk Management:
    ALT-Spacebar key combo | X key (selects Maximize) |
    Drag the field separators (such as between Status and Capacity) to show entire field.


    Make a snapshot:
    WIN |
    type SNIPPING | ENTER | New
    Drag the cursor around the area you want to snip.
    File | Save as | select save location and name | Save


    Post the snapshot:
    Post a File or Screenshot in Seven Forums
    =====================================

    thanks,
    karl
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:26.
Find Us