system folder opening! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 08-22-2004, 04:05 PM   #1 (permalink)
Newb Techie
 
Join Date: Aug 2004
Posts: 30
Question system folder opening!

Please help..........
my system folder opens at startup!
Ive ran norton anti-virus,ad-aware and spybot but it just keeps on opening.
Can anyone help?
pss is win me
__________________

maverick25 is offline  
Old 08-22-2004, 09:40 PM   #2 (permalink)
Banned
 
Join Date: Jul 2004
Posts: 808
Default Re: system folder opening!

Quote:
Originally posted by maverick25
Please help..........
my system folder opens at startup!
Ive ran norton anti-virus,ad-aware and spybot but it just keeps on opening.
Can anyone help?
pss is win me
D/L Hijack This,put it in a folder you created a folder for it, run it and post the results here
__________________

derrmc is offline  
Old 08-22-2004, 09:41 PM   #3 (permalink)
Banned
 
Join Date: Jul 2004
Posts: 808
Default

correction-put it in a folder you created for it
derrmc is offline  
Old 08-23-2004, 06:10 AM   #4 (permalink)
Newb Techie
 
Join Date: Aug 2004
Posts: 9
Default system folder opening

hi,

The system folder has probably just found a way into your statup folder, just move it from there and it'll not open up when your desktop loads.

open explorer
browse to c:\documents and settings\<username>\start menu\programs\startup

remove the systems folder from here.

Hope this helps!
cr0wl3y is offline  
Old 08-23-2004, 12:08 PM   #5 (permalink)
Newb Techie
 
Join Date: Aug 2004
Posts: 30
Default

hello again,

this is the hj log of my system...plz help!

Logfile of HijackThis v1.98.2
Scan saved at 17.02.24, on 23/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\MY DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {FC13E29E-57EA-DCBC-B83D-AC67FFD5041C} - (no file)
O2 - BHO: (no name) - {FCA1CBE4-E061-2D77-17FD-D560A06AF3BB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [// Browser Detec] c:\Windows\System\// Browser Detection
O4 - HKLM\..\Run: [IEMajor ] c:\Windows\System\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\Windows\System\if (IE4plus)
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\Windows\System\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\Windows\System\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\Windows\System\function SafeAddOnload(f)
O4 - HKLM\..\Run: [function SafeOnlo] c:\Windows\System\function SafeOnload()
O4 - HKLM\..\Run: [function isInt(nu] c:\Windows\System\function isInt(numIn)
O4 - HKLM\..\Run: [function PUW_In] c:\Windows\System\function PUW_Init()
O4 - HKLM\..\Run: [function PUW_Sh] c:\Windows\System\function PUW_Show()
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\Windows\System\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\Windows\System\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [function PUWSta] c:\Windows\System\function PUWStart()
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\Windows\System\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [] c:\Windows\System\
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\Windows\System\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\Windows\System\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\Windows\System\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\Windows\System\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\Windows\System\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\Windows\System\function SafeAddOnload(f)
O4 - HKCU\..\Run: [function SafeOnlo] c:\Windows\System\function SafeOnload()
O4 - HKCU\..\Run: [function isInt(nu] c:\Windows\System\function isInt(numIn)
O4 - HKCU\..\Run: [function PUW_In] c:\Windows\System\function PUW_Init()
O4 - HKCU\..\Run: [function PUW_Sh] c:\Windows\System\function PUW_Show()
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\Windows\System\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\Windows\System\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [function PUWSta] c:\Windows\System\function PUWStart()
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\Windows\System\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\Windows\System\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\Windows\System\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\Windows\System\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\Windows\System\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [IEMajor ] c:\Windows\System\IEMajor = 0;
O4 - HKCU\..\Run: [// Browser Detec] c:\Windows\System\// Browser Detection
O4 - HKCU\..\Run: [ ] c:\Windows\System\ <ul>
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\Windows\System\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [if (IE4p] c:\Windows\System\if (IE4plus)
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {77460D96-3DB1-11D6-B121-004005E35DF1} (Ctrl_ibi Control 1.3) - http://software.ibi-tec.net/ibi-xs.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com...stripsetup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/040c9722160eca7...p/RdxIE601.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
maverick25 is offline  
Old 08-23-2004, 12:14 PM   #6 (permalink)
It's all just 1s and 0s
 
office politics's Avatar
 
Join Date: Jan 2004
Location: in the lab
Posts: 6,555
Send a message via MSN to office politics
Default

Quote:
Originally posted by maverick25
O4 - HKLM\..\Run: [// Browser Detec] c:\Windows\System\// Browser Detection
O4 - HKLM\..\Run: [IEMajor ] c:\Windows\System\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\Windows\System\if (IE4plus)
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\Windows\System\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\Windows\System\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\Windows\System\function SafeAddOnload(f)
O4 - HKLM\..\Run: [function SafeOnlo] c:\Windows\System\function SafeOnload()
O4 - HKLM\..\Run: [function isInt(nu] c:\Windows\System\function isInt(numIn)
O4 - HKLM\..\Run: [function PUW_In] c:\Windows\System\function PUW_Init()
O4 - HKLM\..\Run: [function PUW_Sh] c:\Windows\System\function PUW_Show()
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\Windows\System\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\Windows\System\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [function PUWSta] c:\Windows\System\function PUWStart()
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\Windows\System\SafeAddOnload(PUWStart);

...

O4 - HKLM\..\Run: [] c:\Windows\System\
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\Windows\System\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\Windows\System\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\Windows\System\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\Windows\System\gPopupWindow.ontop = false;

...

O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\Windows\System\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\Windows\System\function SafeAddOnload(f)
O4 - HKCU\..\Run: [function SafeOnlo] c:\Windows\System\function SafeOnload()
O4 - HKCU\..\Run: [function isInt(nu] c:\Windows\System\function isInt(numIn)
O4 - HKCU\..\Run: [function PUW_In] c:\Windows\System\function PUW_Init()
O4 - HKCU\..\Run: [function PUW_Sh] c:\Windows\System\function PUW_Show()
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\Windows\System\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\Windows\System\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [function PUWSta] c:\Windows\System\function PUWStart()
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\Windows\System\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\Windows\System\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\Windows\System\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\Windows\System\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\Windows\System\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [IEMajor ] c:\Windows\System\IEMajor = 0;
O4 - HKCU\..\Run: [// Browser Detec] c:\Windows\System\// Browser Detection
O4 - HKCU\..\Run: [ ] c:\Windows\System\ <ul>
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\Windows\System\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [if (IE4p] c:\Windows\System\if (IE4plus)
you can remove these. looks like something injected raw code into the registry startup location.
office politics is offline  
Old 08-23-2004, 12:52 PM   #7 (permalink)
Newb Techie
 
Join Date: Aug 2004
Posts: 30
Default

It worked! ur a genius mate,thanks for the help.
__________________

maverick25 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:27 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.