Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP login/logout (log on/log off) problem


  • Please log in to reply

#1
Windwardman

Windwardman

    New Member

  • Member
  • Pip
  • 2 posts
Howdy,

The wife of a friend of mine has a Toshiba laptop (Satellite P105-S6114) running XP Home, and she asked if I could get it running. She said that she had received warnings from her AVG program that five viruses (or something--she's not very conversant in computer lingo) had infected her machine. The next day, she had this logon/immediate logoff problem.

I've read through and tried most all of the fixes I've seen on this site and another: Safe Mode (still logs off immediately), Bart's PE, going into the registry, etc. I've pulled out the hard drive and plugged it in as an external drive on my computer to try to yank the user My Documents files. When I performed the userinit.ex fix, the file was successfully copied. After all of these, the logon/logoff problem is still there.

Everything seems to go fine with all of these approaches until I reach the user files. When I was attempting to alter the user key in the registry, access was denied. When I tried to copy the user's Documents folder, access was denied. A password was never put on the machine, so that's not the problem. When I ran the cursor over the folder, it indicated that the file was empty, but I know that files are in it--or at least were.

I would like to be able to salvage those files. Does anyone know why access is being denied? Is this a symptom of the malware infestation?

Thanks for any responses.

Edited by Windwardman, 27 January 2010 - 03:02 AM.

  • 0

Advertisements


#2
Windwardman

Windwardman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I ran Norton Internet Security 2010 on the affected hard drive tonight, and it found and dealt with a number of problems. When I tried to log on to the computer after putting the drive back in, a box saying something about VPN was on the desktop. I clicked "OK" (only option) and the computer logged off. It is still in the old logon/logoff loop, and access was still denied to the user's folder (katelyn c) in Documents and Settings when I tried to copy it to my computer.

Here is a copy of the Norton Resolved Threats Report (g: is the infected computer's c: drive, as my computer sees it):

CoreGuardAntivirus2009
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Misleading Application
Status: Fully Resolved
-----------
1 Registry Entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\->Start:2 - Repaired
1 File
g:\program files\internetsecurity2010\is2010.exe - Deleted
1 Browser Cache

Trojan Horse
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
g:\windows\system32\helper32.dll - Deleted
1 Browser Cache

Trojan.FakeAV
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
3 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0 - Repaired
1 File
g:\windows\system32\warning.html - Deleted
1 Browser Cache

Downloader
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
g:\documents and settings\katelyn c\application data\sun\java\deployment\cache\javapi\v1.0\jar\common.jar-21c9c0c4-3a50cc57.zip - Deleted
1 Browser Cache

Trackware.SmartShopper
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Trackware
Status: Fully Resolved
-----------
1 File
g:\documents and settings\katelyn c\local settings\temp\pkg_17381335b0\installer_smartshopper.exe - Deleted
1 Process
C:\Program Files\Internet Explorer\iexplore.exe - No Action Required
1 Browser Cache

CoreGuardAntivirus2009
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Misleading Application
Status: Fully Resolved
-----------
1 Registry Entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\->Start:2 - Repaired
1 File
g:\documents and settings\katelyn c\local settings\temporary internet files\content.ie5\ohinopmn\setupis2010[1].exe - Deleted
1 Browser Cache

Trojan.Brisv.A
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
g:\documents and settings\katelyn c\my documents\limewire\saved\busted baby part 2 plise neyo.mp3 - Deleted
1 Browser Cache

Edited by Windwardman, 27 January 2010 - 02:47 AM.

  • 0

#3
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
The best solution that I know of for login/logoff problems is here. Follow the instructions, prepare the two CDs and run it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP