System 32

  1. 19-08-2004  #1
    evmori
    evmori is offline Newbie

    System 32

    My church has a Toshiba laptop I use for Power Point productions for our worship services. I haven't used it in awhile (in the summer we worship on the roof & can't use PP) and when I booted up the System32 folder opened at start-up? I ran Spybot & Adware & it still happens. How do I get rid of this?

  3. 19-08-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    If you are comfortable editing the registry follow the instructions HERE If you aren't comfortable editing the registry, click HERE and scroll dow to tip number 260. The fix is in the the right hand column.
  4. 30-08-2004  #3
    evmori
    evmori is offline Newbie
    I ran the vbs script. Found nothing. I also checked the registry for " or "" and found none. What I did find was a lot of blocks associated with the system32 part of the registry. Could this be the problem?
  5. 30-08-2004  #4
    evmori
    evmori is offline Newbie
    Here's the Hijack This log

    Logfile of HijackThis v1.97.7
    Scan saved at 10:38:05 AM, on 8/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ltcm000c.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Documents and Settings\team\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ifsvllgihn.com/hX6cawkc3_...NOoXmt6lL.html
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0FE574AB-6312-D7E4-D9C3-CCE18A5AC82B} - C:\WINDOWS\system32\zzigkagk.dll
    O2 - BHO: (no name) - {1FFEE4FB-D0F2-0BA1-AEFA-EEDD0F036A1C} - C:\WINDOWS\system32\ywhxkowy.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\System32\ssurf022.dll
    O2 - BHO: (no name) - {F4997062-B76E-A2F0-402C-6B4D83E9C7CD} - C:\PROGRA~1\SIXTHB~1\each less.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iwnfzdpi] C:\WINDOWS\ebttsvuq.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Browse Wma] C:\PROGRA~1\gridone\aboutdash.exe
    O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false;
    O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
    O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINDOWS\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
    O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false;
    O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System32\ver4 = (NS4 || IE4plus) ? true : false;
    O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
    O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System32\IE5plus = IE5 || IE6;
    O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
    O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
    O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,en d));
    O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
    O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
    O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
    O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f;
    O4 - HKLM\..\Run: [ else if (window.onl] c:\WINDOWS\System32\ else if (window.onload)
    O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINDOWS\System32\ if (window.onload != SafeOnload)
    O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINDOWS\System32\ gSafeOnload[0] = window.onload;
    O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload;
    O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ else
    O4 - HKLM\..\Run: [ window.onload ] c:\WINDOWS\System32\ window.onload = f;
    O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
    O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i]();
    O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
    O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINDOWS\System32\ var checknum = parseInt(numIn);
    O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINDOWS\System32\ return !isNaN(checknum);
    O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
    O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System32\ if (gPopupWindow.CheckFrequency())
    O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
    O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\ var newWin = window.open(this.url,this.name,settings);
    O4 - HKLM\..\Run: [ if (! this.on] c:\WINDOWS\System32\ if (! this.ontop)
    O4 - HKLM\..\Run: [ window.focu] c:\WINDOWS\System32\ window.focus();
    O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
    O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINDOWS\System32\ var shouldShow = this.frequency != 0;
    O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINDOWS\System32\ var allCookies = document.cookie;
    O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINDOWS\System32\ end = allCookies.length;
    O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System32\ var freqStr = allCookies.substring(start+9,end);
    O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINDOWS\System32\ if (isInt(freqStr))
    O4 - HKLM\..\Run: [ this.frequency = parseInt(freqS] c:\WINDOWS\System32\ this.frequency = parseInt(freqStr);
    O4 - HKLM\..\Run: [ this.frequenc] c:\WINDOWS\System32\ this.frequency--;
    O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ else
    O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINDOWS\System32\ shouldShow = false;
    O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINDOWS\System32\ var exp = new Date();
    O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
    O4 - HKLM\..\Run: [ return shouldS] c:\WINDOWS\System32\ return shouldShow;
    O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
    O4 - HKLM\..\Run: [ this.width = wi] c:\WINDOWS\System32\ this.width = width;
    O4 - HKLM\..\Run: [ this.height = hei] c:\WINDOWS\System32\ this.height = height;
    O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System32\ this.top = screen.availHeight/2 - height/2; // center
    O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\ this.left = screen.availWidth/2 - width/2; // center
    O4 - HKLM\..\Run: [ this.url = ] c:\WINDOWS\System32\ this.url = url;
    O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINDOWS\System32\ this.showDelay = 2000;
    O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System32\ this.frequency = 1; // how many times show per renewal time period
    O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\ this.renew = 1; // renew showing every x hours
    O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINDOWS\System32\ this.scrollbars= false;
    O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINDOWS\System32\ this.toolbar= false;
    O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINDOWS\System32\ this.statusbar= false;
    O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINDOWS\System32\ this.resizable = false;
    O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINDOWS\System32\ this.locationbar = false;
    O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINDOWS\System32\ this.menubar = false;
    O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINDOWS\System32\ this.ontop = false;
    O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINDOWS\System32\ this.Init = PUW_Init;
    O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINDOWS\System32\ this.Show = PUW_Show;
    O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\ this.CheckFrequency = PUW_CheckFrequency;
    O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
    O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINDOWS\System32\ gPopupWindow.Init();
    O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
    O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
    O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
    O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
    O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System32\A:hover {background: #FFCC00; color: black;}
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
    O4 - HKLM\..\Run: [One wma about love] C:\Documents and Settings\All Users\Application Data\playplusonewma\inter time.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxcamconnection.com/host...ers/webcam.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8007.919525463
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
+ Reply to Thread
« system32|ns.exe Connect to internet?? | Windows Xp Problems »