Peculiar little bug
- Thread starter Bollen
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and thank you for your quick reply. Actually I've read many of your threads before I posted this one trying to find a solution. I also followed all the steps suggested in the "instructions before you post" page. the result was: Housecall-trendmicro: Found nothing. Kaspersky: Didn't work after 3 attemps. Begin2Search / Coolwebsearch: Nothing once againg. My Lavasoft found nothing, Spybot found nothing. The ewido found something and it put it quarantine but the problem persisted. The report keeps coming from McAfee virusScan 8.0.0. In my desperation I blocked C:\Documents and settings\Claude\Local Configuration\Internet Temporal files and also C:\WINDOWS\Temp\win7.tmp.exe 'cause it kept popping up. I don't know if I did wrong but as long as I've been writing this reply nothing has happened.
One more thing my xp is in Spanish, I don't know if this will make a difference.
Once again thank you.
PD: OK the problem just came back, snif!
One more thing my xp is in Spanish, I don't know if this will make a difference.
Once again thank you.
PD: OK the problem just came back, snif!
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.ncl.ac.uk:8080<only fix this, if you don`t know what it is, or you have not set this proxy yourself.
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F149AB5-42DF-4C69-8B62-379881B6B451}: NameServer = 128.240.229.18 128.240.229.34<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: winvhw32 - C:\WINDOWS\SYSTEM32\winvhw32.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\WINDOWS\SYSTEM32\winvhw32.dll
Once your system has rebooted, turn system restore back on and post a fresh HJT log.
Regards Howard
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.ncl.ac.uk:8080<only fix this, if you don`t know what it is, or you have not set this proxy yourself.
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F149AB5-42DF-4C69-8B62-379881B6B451}: NameServer = 128.240.229.18 128.240.229.34<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: winvhw32 - C:\WINDOWS\SYSTEM32\winvhw32.dll
Click on the fix checked button.
Close HJT.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
This is the filepath you need to enter into killbox.
C:\WINDOWS\SYSTEM32\winvhw32.dll
Once your system has rebooted, turn system restore back on and post a fresh HJT log.
Regards Howard
Thank you! That was a very quick reply. Only one question before I proceed. I use Newcastle University conexion so it does require proxies. I don't know about the IP but I'm afraid of deleting these since I will be left without internet conexion. the address is ncl.ac.uk, of this I'm sure. The rest I don't know.
howard_hopkinso
Posts: 21,238 +17
I`ve just checked your 017 entry and it does belong to Newcastle University. So leave it. This also means that the proxy is probably safe as well.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Well done, we`re nearly there now.
Have HJT fix this entry in normal mode.
O20 - Winlogon Notify: winvhw32 - winvhw32.dll (file missing)
Click the fix checked button.
Close HJT.
I see you are running a completely unpatched version of Windows. This is a hugh security risk.
Run Windows updates and install at least sp1 and preferably sp2.
Other than the above inactive entry, your HJT log is clean.
Regards Howard
Have HJT fix this entry in normal mode.
O20 - Winlogon Notify: winvhw32 - winvhw32.dll (file missing)
Click the fix checked button.
Close HJT.
I see you are running a completely unpatched version of Windows. This is a hugh security risk.
Run Windows updates and install at least sp1 and preferably sp2.
Other than the above inactive entry, your HJT log is clean.
Regards Howard
One last question.
Thank you so much! You are an angel. Unfortunately I can't update my Xp cause it's a very old version that I used to have on another computer that blew up (long story, dodgy machine). So Microsoft considers it a ****** cause you are not suppose to use it in more than one computer, but it's too much expense to buy a new computer and a new XP. Anyway, should it be enough with firewalls and adware/spyware protection? I also did all the procedures recommended in another thread I found here somwhere.
My last questions, if you don't mind. Can I remove HJT and the Killbox now from my system? And should I disable the "Show hidden file and folders" again?
Thanks for your patience and if you ever need any help with something concerning music I'll be glad to help you out.
Regards.
Thank you so much! You are an angel. Unfortunately I can't update my Xp cause it's a very old version that I used to have on another computer that blew up (long story, dodgy machine). So Microsoft considers it a ****** cause you are not suppose to use it in more than one computer, but it's too much expense to buy a new computer and a new XP. Anyway, should it be enough with firewalls and adware/spyware protection? I also did all the procedures recommended in another thread I found here somwhere.
My last questions, if you don't mind. Can I remove HJT and the Killbox now from my system? And should I disable the "Show hidden file and folders" again?
Thanks for your patience and if you ever need any help with something concerning music I'll be glad to help you out.
Regards.
howard_hopkinso
Posts: 21,238 +17
Yes you can remove HJT and Killbox.
Programmes you need on your system. Ewido/Spybot/Ad-aware se/Spywareblaster/Firewall/Antivirus programme.
As far as your Windows goes, you should contact Microsoft and tell them what happened. They may be able to help you.
Regards Howard
Programmes you need on your system. Ewido/Spybot/Ad-aware se/Spywareblaster/Firewall/Antivirus programme.
As far as your Windows goes, you should contact Microsoft and tell them what happened. They may be able to help you.
Regards Howard
- Status
Similar threads
Latest posts
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
-
Modder builds a Nintendo Wii the size of a deck of cards- WhiteLeaff replied
