Member Panel

joe5

Here whe go:

Boot in safemode and fix these with Hijackthis:

C:\WINDOWS\w32mfpd.exe?
C:\WINDOWS\system32\ntsubsys.exe
C:\WINDOWS\system32\ntsystems.exe
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [ywJ.exe] C:\documents and settings\paul stevens\local settings\temp\ywJ.exe
O4 - HKLM\..\Run: [e5YxLbPc.exe] C:\documents and settings\paul stevens\local settings\temp\e5YxLbPc.exe
O4 - HKLM\..\Run: [A8dF5.exe] c:\documents and settings\paul stevens\local settings\temp\A8dF5.exe
O4 - HKLM\..\Run: [Z] c:\windows\temp\Z.exe
O4 - HKLM\..\Run: [mmvUFJuU.exe] C:\documents and settings\paul stevens\local settings\temp\mmvUFJuU.exe
O4 - HKLM\..\Run: [7TxiHNd] c:\windows\temp\7TxiHNd.exe
O4 - HKLM\..\Run: [7TxiHNd.exe] C:\windows\temp\7TxiHNd.exe
O4 - HKLM\..\Run: [XDsp.exe] c:\documents and settings\paul stevens\local settings\temp\XDsp.exe
O4 - HKLM\..\Run: [M1EX5fGzK] c:\windows\temp\M1EX5fGzK.exe
O4 - HKLM\..\Run: [M1EX5fGzK.exe] C:\windows\temp\M1EX5fGzK.exe
O4 - HKLM\..\Run: [CzU.exe] c:\windows\system32\CzU.exe
O4 - HKLM\..\Run: [4K2X2ZQ57Y76@8] C:\WINDOWS\system32\Jel387h.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\system32\ntsubsys.exe
O4 - HKLM\..\Run: [SYSTEM MESSAGER] wmisg.exe
O4 - HKLM\..\Run: [WINDOWS SYS MESSENGER] C:\WINDOWS\\\\\\\\\\\\
O4 - HKLM\..\Run: [I am not Ranky. I am eTunnel!] C:\disney.exe
O4 - HKLM\..\Run: [Nt System Protocol] ntsystems.exe
O4 - HKLM\..\Run: [Windows Task Scheduler] C:\jodeke.exe
O4 - HKLM\..\RunServices: [Startup] winstartup.exe
O4 - HKLM\..\RunServices: [SYSTEM MESSAGER] wmisg.exe
O4 - HKLM\..\RunServices: [Nt System Protocol] ntsystems.exe
O4 - HKCU\..\Run: [Nt System Protocol] ntsystems.exe
O4 - HKCU\..\RunServices: [Nt System Protocol] ntsystems.exe
O23 - Service: Windows 32 mfp (W32mfp) - Unknown owner - C:\WINDOWS\w32mfpd.exe

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)

Then still in safemode delete old restore points ,
empty youre windows\prefetch folder ,
empty c:\windows\temp ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files folder EXCEPT the content.ie5 folder (may be hidden) ,
and empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 folder EXCEPT the index.dat file.

And then manually search for all the .exe entry's in the "fix" list and delete them (except the last three), I.E:

"O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe" = delete "userint32.exe"

After that re-boot and see if the prob is gone.

cyberjan

Thanks it is working good now!

I did all except the restore points.... when I go into restore it says it is turned off, do I want to turn it on.......how do i delete the restore p

oints???

jan

joe5

Glad to here youre pc is ok now!

Now that i think about it , i think that when you turn of system restore that the old restore points get deleted automaticly...

But you could check with diskcleanup , on the "more options" tab is a button to delete old points.

Joe5.

cyberjan

Whoops a strange thing just happened

Norton 2005 put 50 - 90 pop ups a little square box all over the screen so it covered the entire desktop. The message said norton prevented an email to be sent. This was done 50 - 90 times. Also just before that norton flashed a pop up screen stating cashecashekit was found agin and the pop up wont close,,,it says it cant repair. I have removed this 3 times in safe mode with norton.

Have you heard of norton going bonkers like this??? I want to reinstall it and load AVG. What do you think?
jan

joe5

Thats not good..

Follow the removel instuctions for "W32.Spybot.NLX" here.

And then the removal instructions for "Cachecachekit" here.

and after that can you post a new log?

Zimbo

And then update your antivirus definitions, boot into safemode and run a virusscan from there.

cyberjan

My NA2005 has always been updated and on through this whole thing, and I cleaned cahecache 5 times in safe mode
and I did those instructions from NA website, plus I never turned on the restore.
I ran hijack this and removed some of the same things you told me to remove before...it seems to have stopped the NA from sending 40 popup warnings about emails at a time. I got one message saying Cachecache was found and could not be cleaned or removed since. I gave up cleaning it in safe mode cuz it doesnt seem to do it....and I am very very tired.........

So I think it is fixed again.

I still cant turn the firewall on in services it starts but shuts off when rebooted....but I dont care about that anymore since the firewall doesnt seem very protected anyway. [it seems to be a bug with winxp SP2]

Oh one more thing when it is shutting down a program hangs on called windowsformsparkingwindows and takes a while to close before it shuts down. I googled it but couldnt understand the few things it said about it. Seems like it is some programing thing.

Thanks again

It is running much better

Jan

Member Panel

Sponsors and Ads

Noticeboard