Computer Hope
Software => Computer viruses and spyware => Topic started by: sazd1 on October 24, 2009, 04:42:05 AM
-
I have virus in my computer. I installed Avast for scan. It detected many virus of Readme.eml and removed some and left many.
The problem i am having that I have a login and password to enter into WindowsXp and what is happening that i enter my login and password it is correct and the welcome screen comes but after that the screen comes that the system is going to be logged off and it again goes to login and password screed i enter login and password but the situation remains the same. Login and password is all correct.
Please help me how i can sort out this issue to get logged in.
-
http://www.computerhope.com/forum/index.php/topic,46313.0.html
go to above and complete and post the 3 logs an expert will be along to help you
-
Thanks for your reply.
I have read the guidelines suggested by you. They are really helpful and i wish that i could have seen this forum before trying AVAST cleanup.
My problem as i mentioned in my original post is that my computer is not allowing me to go beyond login screen. I login with my username and password and immediately after clicking OK the screen appears that your system is going to be logged off and i am again at the login screen. I tried it again and again and return to the login screen everytime.
So please guide me in this scenario, since i am unable to advance from login screen so i think i cannot now install anything to my computer because i cannot have any access to my desktop.
Please help.
Before using AVAST i ran scan through HijackThis and the log is as under:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:09, on 19/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\runouce.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\servises.exe
C:\ARQUIV~1\iGv6\sysbrand.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ana\reader_s.exe
C:\WINDOWS\system32\servises.exe
C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [7928] C:\WINDOWS\system32\51.tmp.exe
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [Yahoo! Pager] "C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe -autorun (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - C:\Arquivos de programas\MSN Messenger\usnsvc.exe (file missing)
--
End of file - 7841 byte
But as i ran Avast after that so i think the log definitely had been changed.
-
ok , now would you please post the other 2 logs ( superantispyware and malwarebytes ) take out what ever they bring up and post clean logs , an expert will be looking for them to help , did you also complete every thing else in the link , harry
-
Hi
This was the only log available for my computer. Because after that I ran Avast and consequently i am unable to drift away from login screen because everytime i log in it takes me to log off and i am all the time on login screen.
Please advise me if i will now have to reinstall window because i cannot do anything on this computer now because it is not allowing me to log in.. If i insert some CD into CD drive it also not works.
-
sorry , you will have to wait for an expert to take you further i only help with what i'm allowed to do , harry