immediately logs back

[Chronus]

My computer
Hey, here are the logs for my computer. All are in their original location, these are just copied to desktop for easy finding.



Secondary help for my brothers laptop.
My brother was having a problem with some viruses on his computer that Avast was working on. out of annoyance my brother restarted his laptop. now whenever he logs on to ANY account, even in safe mode, as soon as it logs in it immediately logs back out allowing you to see the desktop background for less then 1 second. As i said, it will do this even when attempting to log in while in safe mode. Any suggestions?

 

[mflynn]

Your computer first!

You never said what your symptoms are?

Update MBAM then click Logs and post any other logs that are there!

Update then run SAS Quickscan again and be sure to put a check in Tracking cookies to remove them. New Log!

Then do the below....

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

 

[Chronus]

I ran into a problem. I can not use the F8 to start into safe mode as my keyboard does not receive power until after the computer has already started windows. is there a way to tell the computer to restart into safe mode like there was in later versions?

Windows XP, Office edition.

 

[mflynn]

OK go into System Properties in Control panel.

Click Advanced-Startup and Recovery.

Click the edit button. Copy and paste this to me. Then exit without save. Do not change anything.

Mike

 

[Chronus]

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

[mflynn]

OK go back to same place. Copy the line below and paste it under the last line. change nothing else.

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro Safe Model" /safeboot:minimal /sos /bootlog

Save and click ok to exit!

Reboot! You will be offered a boot to safe mode option for 30 second or it will come up normally. So arrow down to Safe mode and hit Enter!

Mike

 

[Chronus]

I did things out of order. SDfix, MBAM, SAS quickscan, Combofix, Hijack this.

I Had to use the boot.ini in msconfig, to boot into safe mode as the keyboard still was not receiving power soon enough to make the selection.

Here are the logs.

 

[Chronus]

The Rest of the logs here

 

[mflynn]

Combofix had found/removed items so run it again to confirm clean.

SAS quick scan select and remove the tracking cookies.

A final I hope HJT log and a Status report on this computer how it runs anything remaining to fix.

Mike

 

[Chronus]

Hey, completed the scans, computers working great. I still keep trying to convince my friends to work with you guys as well.

 

[mflynn]

Found more....

Cut for pasting pull to bottom watch the side slider, the below text inside the box.Then open new Notepad document on Desktop then paste and save as CFscript.txt to the Desktop

EXIT ALL BROWSERS before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt. Attach that back here.

File::
C:\WINDOWS\BMabd201ac.xml
C:\WINDOWS\exqb.exe
C:\WINDOWS\SYSTEM32\nzqtegh.sys
C:\WINDOWS\SYSTEM32\gh.l
C:\WINDOWS\SYSTEM32\yl.po
C:\WINDOWS\SYSTEM32\mn.n
C:\WINDOWS\SYSTEM32\ccs.so
C:\WINDOWS\SYSTEM32\bmf.cs
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\pvnsmfor.dll
c:\windows\system32\PerfStringBackup.TMP
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\system32\5249E7622C.sys
c:\windows\system32\KGyGaAvL.sys

Folder::
C:\WINDOWS\SYSTEM32\kr_done1de
C:\WINDOWS\system32\drivers\lvuvc.hs
c:\windows\system32\PerfStringBackup.TMP

Driver::
nzqtegh
lvuvc.hs

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E738884B-E75D-4AC3-B03F-62F7E7DD853E}"=-
[-HKEY_CLASSES_ROOT\clsid\{e738884b-e75d-4ac3-b03f-62f7e7dd853e}]
[-HKEY_CLASSES_ROOT\pvnsmfor.1]
[-HKEY_CLASSES_ROOT\TypeLib\{28579586-9751-48D9-9F9B-BC3714D9F175}]
[-HKEY_CLASSES_ROOT\pvnsmfor]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccccc]

Mike

 

[Chronus]

done, i think. it updated itself and then restarted, don't know if that would have affected anything.

 

[mflynn]

Sorry Chronus

I hope you expected me to thorough!

I missed this one! Delete the CFScript and so you can create a new one

Cut for pasting the below text inside the box.

Then open new Notepad document on Desktop then paste and save as CFscript.txt to the Desktop

EXIT ALL BROWSERS before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt. Attach that back here.

File::
c:\windows\system32\drivers\logiflt.iad

Mike

 

[Chronus]

Hey, 1 your human just like me, so its all cool.
2 considering all that you do to help all lot of us that are here and need help each day, you are awesome. Thank you so much for your help, and I'm glad that you did find it, rather then not.

 

[mflynn]

One more regular Combofix to confirm removal and see clean log,run and hopefully we are finished.

Mike