[devgirl33]

So here's the problem.My AVG Free Anti Virus detected a virus in winlogon.exe file. AVG or Malwarebytes Anti Malware couldn't get rid of the virus. After that, my laptop just gets stuck at Windows xp logo.
I was only able to log on to safemode with networking. Previously when there was any such issue, I used to run combofix and it effectively removed any viruses. Now combofix just gets stuck after "scanning for infected files".

You won't believe the number of programs I ran to get rid of this virus and to help me log on.I used Roguekiller,Hitman Pro,RKill, Adwcleaner, JRT(Junkware Removal Tool),OTL, Eset Online Scanner apart from malwarebytes and SuperAntiSpyware.

I used dds by bleeping computer to help me look at the logs & kaspersky's GSI ( Get system Info ) tells me that services.exe is infected.But there's something wrong with winlogon.exe too as I'm not able to log in.

Malwarebytes detects 0 problems.None of the above programs helped me.So I felt sure combofix may help me fix it but it just won't run. I appreciate your help as God sent to restore my system back to working as I lost some sleep for past few days over this.

P.S: combofix doesn't run with avg or threatfire installed, so I uninstalled avg and then even used avg remover so it gets rid of any avg files inside the C:\windows.Uninstalled threatfire also.Good thing is I can still get online through safe mode with networking,so something must be there to get around this virus.

[Advertisements]

Since you can get on in safe mode with networking and have OTL:

Copy the text in the code box:

DRIVES
nnetsvcs
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's also try:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[RKinner]

Since you can get on in safe mode with networking and have OTL:

Copy the text in the code box:

DRIVES
nnetsvcs
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's also try:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.