Hello after hearing so much about how great the program was I decided to run it on my PC and see if it found anything.

Downloaded the latest version and updated everything and ran a full scan. When the scan was done my pc shut down and restarted when it got to log in I logged in and password worked but the desktop was blank and all settings were changed including sound and the page layout, i use classic start menu, and it was the default one now.

I opened my computer and everything looked ok I could see nothing missing or strange. All programs were listed in the start/programs tab. I opened a browser and home page was changed and all bookmarks gone.

I then right clicked on start and explored all users as it seemed I was loged in with a different profile. Sure enough there was now 2 administrators listed in the tree. One was plain administrator the other was administrator.(computer-name). Opening the plain administrator tree and looking at desktop folder it showed my old icon lists. Couldn't delete new admin tree or change name or anything as I was logged in I tried making another account with different username and making it ful admin then delete the new made admin account but it wouldn't delete.

Malwarebytes added a second administrator account and I couldn't log into the old on or remove the new one. Reg edit showed only the new one and in computer management section only the new one. Ok now I'm lost !!!!

I did a work around by copy and paste everything i could from the old admin folder to the new one and moving config files over for most programs like thunderbird and firefox and others. This made the working ones in the new admin account work with everything that the old ones had.

Still have a few issues with saving data and browsing for locations on installs and stuff, sometimes it goes to new admin sometimes to old.

I am afraid I will have to do a clean install to fix it all and get it back to normal.

Is there any fix for this that's know or something i can do to get the new admin account gone and use the old one again?

PC is Windows XP 64bit OS all good quality hardware. Intel Quad core Q6600 8 gig ram nothing fancy in hdd setup.

Please post the log from MBAM so that we can see what you had and what was done. MBAM does not have the ability to create a new account period. What might have happened is that the old one was corrupt or inaccessible by Malware so the system automatically created a new one.

How to copy data from a corrupted user profile to a new profile in Windows XP
http://support.microsoft.com/kb/811151

"Windows cannot load your profile because it may be corrupted" error message when you try to log on to Windows XP
http://support.microsoft.com/kb/318011

I removed the program so i don't think the logs are there anymore

I moved the account that way but as both were admin accounts not everything copied correctly.

Not sure what it found but when it crashed at the end of scan there wasn't much I could do. Not even sure if a log was generated because of the crash.

Well possibly still infected. An Admin can do anything he wants and cannot be blocked or prevented from doing what you want on XP.

Run a disk check and run some other Malware scans and get the system cleaned and then pretty much if you can't get back in to the other profile all you can do is copy the data out. You can then delete that profile and rename this new one to the old name, but I'd make sure the box is clean first.



Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

• Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
• Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
• Using these other tools often makes the cleanup task more difficult and time consuming.
• If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
• Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
• There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

• NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.