win2000 logon error

win logon exe has created an error will close then i get blue screen says error 0x0000005 error c000021a then my <a href='http://consumeralertsystem.com/cas/zx-hclick.php?hid=233' target='_blank'>computer</a> shuts down sometimes by it self sometimes you have to hit close sometimes this error dont occur for 5 hours sometimes after only 2 minutes of run time i dont know what is causing it or if it can be fixed it almost seems like if i unplug my lan cable it dont do it like as if someone or thing online is doing it i havent found out someone please help i dont wanna reformat if i can help it

 

Try to follow standard cleanup procedures as given below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

ok here is my log file i hope i did this right

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, REBOOT INTO SAFE MODE!

Once in Safe Mode, double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After the scan is complete reboot and attach the log from the scan along with a fresh HJT log.

 

ok heres mt tsc log

 

now every icon i click on says exe error wtf

 

http://www.loadingwebsite.com/normal/yyy99.html is anyone getting a popup that loads this site if so this is part of the problem aswell i dont know hwta this site is for or about but it keeps poping out

 

For the error opening EXE's follow the below:

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After you complete the above, reboot and let me know if the problem remains. Also attach a fresh HJT log from normal mode.

 

it dident ask to merge said to add info to registry i hope that was it

 

it seems like im getting popups still and it just showed winlogon.exe has created an error then i get error c0000021A or whatever i cant remeber wat it says but real close to that

 

also now im getting an error saying cmd.exe cannot run 16bit and 32 programs regdit.exe c:\winnt\system32\autoexec.nt cause error close or ignore so regdit will not run and a few other programs

 

Download XP FIX and double click to run. This will fix the 16bit error.

After you complete this above, reboot and let me know what problems remain.

 

i did that but i think i know where the problem is i have noticed this file called aupl.exe and i cant end it and it came up as a virus before its in my task manager it could be the file that loads spyware no if so how do i remove it

 

its almost like u remove spyware and it comes back almost like it re infects i think this aupl.exe is causeing it i cant find it in safe mode in the ini i try to load autoexec.bat and it says error

 

one last thing when i try and run regedit it says ntvdm or something caused an error

 

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.


Now come back here and post both logs as attachments.

 

qoologic log

 

I need both logs!

 

rkfile log

 

like i stated before this aupl file seems to appear randomly in my task manager but other wise dont exist that must be part of the culprit

 

Download Pocket KillBox

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

C:\WINNT\pawasvc.exe
C:\WINNT\ru.exe
C:\WINNT\stkgsvc.exe
C:\WINNT\jvvkv.dll
C:\WINNT\memory.dmp

C:\WINNT\system32\aunps2.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ncct.exe

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

After you complete the above, reboot and attach a fresh HJT log.

 

hjt logg

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINNT\system32\fdybwhod.dll (file missing)
O2 - BHO: SDWin32 Class - {DEDEA243-58FE-494E-9326-DEBAD023F976} - C:\WINNT\system32\htpkt.dll
O2 - BHO: SDWin32 Class - {EBC8A92D-6AE5-4A60-98E7-D3C29516F829} - C:\WINNT\system32\mzpyl.dll (file missing)

O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [htpktc] C:\WINNT\system32\htpktc.exe
O4 - HKLM\..\Run: [jxaqenc] C:\WINNT\jxaqenc.EXE
O4 - HKLM\..\Run: [ntdll.dll] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\jlloln.exe reg_run
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} -

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll

O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\AtgisE5.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Click Start > Run > type services.msc and Click OK

Locate Command Service (cmdService) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

Locate Windows VisFx Components and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Windows VisFx Components

Command Service (cmdService)

You may be told to reboot at this point. Do not reboot just exit HijackThis as we will be restarting it with different options in a moment.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\CMAPP ←–– Delete this whole folder if it exist!

C:\Program Files\Cas ←–– Delete this whole folder if it exist!

C:\WINNT\QWRtaW5pc3RyYXRvcgAA ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.



Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

C:\WINNT\hvlisvc.exe
C:\WINNT\jxaqenc.exe

C:\WINNT\system32\jlloln.exe
C:\WINNT\system32\htpkt.dll
C:\WINNT\system32\htpktc.exe
C:\WINNT\system32\AtgisE5.dll

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, I need fresh logs from both tools along with a fresh HJT log.

 

hjt log what other logs u say u wanted

 

I need 2 fresh logs from post #16

 

thanks man i think you did it my computer seems to work great i dont git logon errors no more i ran spybot and it dident find a thing and adware found tracking cookies thats it

 

I still need to confirm your clean, attach me 2 fresh logs from post #16!

 

right right sorry later

 

Will be awaiting new logs!

 

oh my god im sorry man my computer i down now if you can aid me anymore i understand the reason i havent posted the last logs yet is because my computer is giting a explorer.exe error now i cant use even safe mode i guess someone in my house used limewire and downloaded some type of codecs pack for windows media because they could not load a certain video. so i tryed running adware in safe mode and found new entries so i belive spyware is doing this again but i cant figure out why i cant load safe mode either how would safe mode be infected when adware.exe got done i hit remove all 60 items and then the explore.exe error comes up and causes adware not to finish it lock up like. anyways im on my other machine witch has win98se runs fine i would have reformatted my new cpu and ran 98 on it but was advised not to 2000 is better for my type of machine i guess however i appreciate all the help you have givin me if i was on my computer and used limewire i would have sent the file to yahoo first its too bad it ran great after u helped me 5 days or so ago no errors it seemed. also im getting 2 taskbars now like 2 sets of icons show at the bottom in taksbar

 

If you can attach a current HJT log.

 

heres my hjt log

 

Is this log from Safe Mode? If so, attach one from normal mode.

 

i belive the first log was from normal mode anyways heres my new log from normal

 

explorer error

ok heres the thing my explorer causes an error and closes it self even in safe mode. i git the normal message saying im in safe mode i click ok then my icons load then explorer closes and i git the in safe mode message again like as if i just loaded in safe mode and i hit ok again. the process repeats it self over and over in safe mode. when i boot in normal mode my explorer closes and my desktop icons go away and my desktop picture changes to my old pic basicly i got a full screen picture with no desktop but i still got mouse and when i hit ctrl alt del the taskbar opens and im able to run a new process.
Its like when im in safe mode explorer trys to restart itself after it ends and i git my desktop for a sec. where as when im in normal boot mode my desktop goes away and never comes back but sometimes when i try to run a new task in the task manager explorer.exe the desktop comes back with icons and no blue background like i set it to. just a white background with an active desktop refresh button and a blue triangle with a exmation mark. 1 out of 100 trys and explorer might run. when or if i get explorer to somehow run this way i cant run ie. usaully my background shows blue before explore error comes once it closes explore i mean my desktop goes away and my old back ground show full screen there is nothing at this point on my screen other then a picture my background was before if i load explorer.exe as a new task my normal desktop comes back for a sec.

 

right sorry anyways i just ran mcaffe stinger in normal mode and it found nothing i also tryed running security task manager and i removed the high risk files like yahoo tools and still nothing hope that helps and im gonna try and grab my rkfiles log and tsc log and qloogic but i doubt it will let me

 

right but how do i install an av program like norton when it says error when i click the install file

 

i couldent get ccleaner to run and the folder c:\programfiles\cmapp wasnt there anymore so i couldent del it anyways heres my new hjt log

 

it says it created an error same as norton and trend a/v some programs run other dont but ccleaner ran once before i dont get it also when big was helping me the same file cmapp was there i think i had a virus all along

 

right i cleaned them before and they came back thanx ill try that

 

new hjt in normal mode