[hlp] C:\WINDOWS\system32 at startup, nothing working so far
- From: Geof <info_huy@xxxxxxxxxxxxx>
- Date: 13 Jul 2009 09:58:34 GMT
Hello everybody,
I know it's a common bug, but nothing is working so far and I need your
help to fix it.
I have a C:\WINDOWS\system32 windows opening at starup.
I already googled it and tried (without success):
- AVG: no virus
- cleaning registry with RegScrub XP: no effect
- cleaning registry with TweakNow PowerPack Pro: no effect
- using xp_system32opens.vbs: no effect (it retruns a message "This
scrip cannot repair your issue. The expected registry value was not found")
- After reading support.microsoft.com/?kbid=170086, I tried to have a
look at: - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
for empty keys (""): no empty keys BUT if I can look the registry and
change a key, I'm not good enough to understand what I'm doing hence I
cannot find an incomplete or incorrect entry.
Maybe (I stress "maybe") this windows is the result of a faulty
installation of Ad-Aware. It took me a looong time to remove it using
RevoUnisntaller and CCleaner.
I'm posting HJT report and config hoping someone could help me with this #
£%$ window.
Thanks, Geof
********** HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:39, on 13/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
F:\avg\avgwdsvc.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
F:\avg\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
F:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\ZoneAlarm\zlclient.exe
F:\avg\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
F:\scanjet3970\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\scanjet3970\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@xxxxxxxx
F:\power_desk\PDExplo.exe
F:\tclock\TClock.exe
C:\Documents and Settings\Yves\Application Data\Folding@home-x86\FahCore_
78.exe
F:\the_bat\thebat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\avg\avgcsrvx.exe
F:\utorrent\uTorrent.exe
F:\xnews\Xnews.exe
F:\editpad\EditPadLite.exe
F:\hi_jack_this\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-
B493D130C959} - C:\Program Files\Mindjet\MindManager 6
\Mm6InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-
9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround
Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio
\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det
\SBDrvDet.exe /r
O4 - HKLM\..\Run: [EM_EXEC] F:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] F:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG8_TRAY] F:\avg\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin
\jusched.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE
\Core-Static\CLIStart.exe MSRun
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe
boot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\scanjet3970\HP Share-
to-Web\hpgs2wnd.exe
O4 - HKLM\..\Policies\Explorer\Run: [winlogon]
O4 - Startup: Folding@xxxxxxxx = ?
O4 - Startup: My PowerDesk.lnk = F:\power_desk\PDExplo.exe
O4 - Startup: TClock.lnk = F:\tclock\TClock.exe
O4 - Startup: The Bat!.LNK = F:\the_bat\thebat.exe
O4 - Global Startup: Firefox.lnk = C:\Program Files\Mozilla Firefox
\firefox.exe
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet
\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF
Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3
\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:
\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-
6C1E50569655} - C:\Program Files\Mindjet\MindManager 6
\Mm6InternetExplorer.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software
AutoUpdate) -
http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper
Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - F:
\ad_aware\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:
\avg\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files
\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd
- C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown
owner - F:\freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Update Service (gupdate1c98c806d2dc16c)
(gupdate1c98c806d2dc16c) - Google Inc. - C:\Program Files\Google\Update
\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050
\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:
\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:
\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS
\system32\Wacom_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems,
Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:
\WINDOWS\system32\ZoneLabs\vsmon.exe
Note about HJT report: Freenet is not istalled anymore, I do not have any
bluetooth installed, ad-aware still present! unbelievable
note about following config: 2 screens side by side (1440x900)
***** Config
Computer System
Model: 965G-DS3 (Desktop)
Manufacturer: Gigabyte Technology Co., Ltd.
Universal Unique ID: 000000000000000000000016E6D51
User Name: xyz
Advanced Power Management
AC Power Status: Online
Battery Charge Status: No Battery
Processor
Model: 2x Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Socket/Slot: Socket 775 (Socket 478)
Frequency: 1800 MHz
FSB Speed: 200 MHz
Signature: GenuineIntel
Vendor: Intel Corporation
L1 Cache: 64 KB
L2 Cache: 2048 KB
L3 Cache: 0 KB
Mainboard
Model: 965G-DS3
4 x PCI: 32 bit
PRIMARY IDE: Other (None)
SECONDARY IDE: Other (None)
FDD: 8251 FIFO Compatible (None)
COM1: Serial Port 16450 Compatible (DB-9 pin male)
COM2: Serial Port 16450 Compatible (DB-9 pin male)
LPT1: Parallel Port ECP/EPP (DB-25 pin female)
Keyboard: Keyboard Port (PS/2)
PS/2 Mouse: Mouse Port (PS/2)
USB: USB (Access Bus (USB))
USB: USB (Access Bus (USB))
System BIOS
Vendor: Award Software International, Inc.
Version %s: F6
Date: 12/27/2006
Size: 1024 KB
Video System
Monitor: SyncMaster 940NW
Monitor: SyncMaster 940NW
Video Card: ATI Radeon HD 4800 Series
Screen Resolution: 1440x900 32 bit
Physical Storage Device
CD-ROM/DVD: ASUS DRW-0804P SCSI CdRom Device
CD-ROM/DVD: E-IDE CD-ROM 56X/AKH SCSI CdRom Device
Hard Disk: SAMSUNG HD103UJ
Hard Disk: WDC WD1600JS-00NCB1
Floppy Disk: Lecteur de disquettes
Logical Storage Device
System (C:): 37777 MB (27863 MB Free) NTFS
Progz (F:): 114847 MB (71050 MB Free) NTFS
Temp (G:): 203863 MB (176900 MB Free) NTFS
Save (H:): 750003 MB (332603 MB Free) NTFS
Peripherals
Mouse: HID-compliant Wheel Mouse
Keyboard: Clavier standard 101/102 touches ou clavier Microsoft Natural
Keyboard PS/2
Communication Device(s)
Network Card 1: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Network Card 2: Carte réseau 1394
Operating System(s)
Windows Family: Microsoft Windows XP Professional
Service Pack: Service Pack 2
Version Number: 5.1 (Build 2600)
Product ID: 55711-646-0301235-23615
Printers
ScanSoft PDF Create!: DocuCom PDF Port:
Samsung ML-1200 Series: LPT1:
PDF-XChange 3.0: PDF-XChange
Microsoft XPS Document Writer: XPSPort:
General OS Information
Windows Family: Microsoft Windows XP
Edition: Professional Edition
Service Pack: Service Pack 2
Version Number: 5.1 (Build 2600)
Product ID: do you really need that?
Country: Belgique
Language: Français (Belgique)
Time Zone: Paris, Madrid (heure d'été)
System Up Time: 1 hour(s), 52 minute(s), 47 second(s)
Boot Directory: C:\
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
(deactivated I'm on FF 3.5)
Default Email Client: F:\the_bat\thebat.exe
Registered Owner: xyz
Registered Organization: xyz
OS Components
DirectX Version: 4.09.00.0904
Internet Explorer Version: 6.0.2900.2180
Outlook Express Version: 6.0.2900.2180
OS Folders
Windows Folder: C:\WINDOWS
System Folder: C:\WINDOWS\system32
.
- Follow-Ups:
- Re: [hlp] C:\WINDOWS\system32 at startup, nothing working so far
- From: Pastor Dave
- Re: [hlp] C:\WINDOWS\system32 at startup, nothing working so far
- Prev by Date: Re: Demise of the solid-state Linux Netbook
- Next by Date: Re: Web space tool
- Previous by thread: Re: Demise of the solid-state Linux Netbook
- Next by thread: Re: [hlp] C:\WINDOWS\system32 at startup, nothing working so far
- Index(es):
