system 32 at startup
pca_ste5 - 17 February 2008 - 1:04am
<p>The System 32 folder appears at every startup. Please could someone help from the following HJT log;</p>
<p>Logfile of HijackThis v1.99.1<br />
Scan saved at 00:54:10, on 17/02/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16608)</p>
<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\system32\spoolsv.exe<br />
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
C:\WINDOWS\system32\CTsvcCDA.exe<br />
C:\Program Files\Creative\Shared Files\CTDevSrv.exe<br />
C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe<br />
C:\WINDOWS\system32\MsPMSPSv.exe<br />
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe<br />
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe<br />
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe<br />
C:\Program Files\LifeView TVR\RecSche.exe<br />
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe<br />
C:\Program Files\Messenger\msmsgs.exe<br />
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe<br />
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe<br />
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe<br />
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe<br />
C:\Program Files\WinZip\WZQKPICK.EXE<br />
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe<br />
C:\Program Files\Grisoft\AVG7\avgcc.exe<br />
C:\WINDOWS\system32\wuauclt.exe<br />
C:\Program Files\Internet Explorer\IEXPLORE.EXE<br />
C:\Program Files\Hijackthis\HijackThis.exe</p>
<p>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.mytalktalk.co.uk/">http://www.mytalktalk.co.uk/</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL<br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL<br />
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br />
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll<br />
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL<br />
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br />
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL<br />
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized<br />
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"<br />
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"<br />
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"<br />
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe<br />
O4 - HKLM\..\Run: [ScanRegistry] C:\W<br />
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"<br />
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"<br />
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe<br />
O4 - HKLM\..\Run: [hpppt] <br />
O4 - HKLM\..\Run: [Remote] "C:\Program Files\LifeView TVR\remote.exe"<br />
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe<br />
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background<br />
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe<br />
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden<br />
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe<br />
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />
O4 - Global Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe<br />
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe<br />
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br />
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O11 - Options group: [INTERNATIONAL] International*<br />
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - <a href="http://www.alternatiff.com/install/00/alttiff.cab">http://www.alternatiff.com/install/00/alttiff.cab</a><br />
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <a href="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192824122625">http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192824122625</a><br />
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a><br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{6683B557-9B0B-43D9-9944-DDA6FAE99D2E}: NameServer = 62.24.252.135 62.24.252.134<br />
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll<br />
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe<br />
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe<br />
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe<br />
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe<br />
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe<br />
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe<br />
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<br />
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)<br />
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe<br />
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe</p>
Log in to PCAnswers
How to...
Fix Vista UAC issues
Nick Veitch - 26 September 2008 - 2:37pm
If your sick of UAC (User Account Control) prompts in Vista, then Nick has the solution for you. in a series of simple steps you can reduce or disable the UAC system and reclaim your PC. ... read more »
Latest PC news from TechRadar
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
- Sony launches world's lightest 8-inch netbook
- Skype officially launches standalone videophone
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
system 32 at startup
Vino Rosso - 25 February 2008 - 11:31am<p>Windows Explorer opening at startup is usually due to a blank or null run entry in the registry. Try the following:</p>
<p><span style="color:blue"><span style="font-weight:bold"><span style="text-decoration:underline">1 - Run HijackThis Scan and Fix</span></span></span><br />
Start HijackThis and click <span style="font-weight:bold">Do a system scan only</span><br />
Tick the following entries, if present:<br />
<span style="color:brown"><span style="font-weight:bold">O4 - HKLM\..\Run: [ScanRegistry] C:\W<br />
O4 - HKLM\..\Run: [hpppt] </span></span></p>
<p><span style="font-weight:bold">Close all windows except HijackThis</span><br />
Click <span style="font-weight:bold">Fix Checked</span> in HijackThis.</p>