Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: system32 on startup  (Read 4605 times)

0 Members and 1 Guest are viewing this topic.

hotdogdoxie

  • Guest
system32 on startup
« on: March 24, 2006, 10:58:01 PM »
I don't know if I'm in the right place here. I pretty much don't know what to do when a problem arises. I'm good at following directions though!  ;)  A few weeks ago when I started my laptop up the system32 program (?) popped up and warned me not to change anything. I never opened it. Don't even know what it does. Anyway....now it comes on every time I boot up the computer. How the heck do I rectify this? I did a McAfee scan and there are no infected files. Please help! Thanks!

Amanda

Dusty



    Egghead

  • I could if she would, but she won't so I don't.
  • Thanked: 75
  • Experience: Beginner
  • OS: Windows XP
Re: system32 on startup
« Reply #1 on: March 25, 2006, 12:09:46 AM »
Hello Amanda & welcome to the forum.

Please post the exact message displayed.
« Last Edit: March 25, 2006, 12:10:46 AM by Dusty »
One good deed is worth more than a year of good intentions.

Backdated

  • Guest
Re: system32 on startup
« Reply #2 on: March 25, 2006, 05:24:42 AM »
Is it the System32 folder opening?
Is a SoundBlaster Audigy card installed?

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #3 on: March 25, 2006, 07:27:54 AM »
Yes it's the actual folder. There are no error messages coming up...just not to remove stuff or it could damage the system. Actually that message doesn't even come up anymore. I didn't see the SoundBlaster on there. Where would I find that? I just don't want this to be a hacker problem but I don't know. Thanks for trying to help me on this!

Backdated

  • Guest
Re: system32 on startup
« Reply #4 on: March 25, 2006, 07:52:30 AM »
It's most certainly not the work of a "hacker". ;D
Copy the following exactly, paste it into Notepad and save it to your desktop as sys32fix.vbs

Code: [Select]
On Error Resume Next

Set WshShell = WScript.CreateObject("WScript.Shell")

X = WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SB Audigy 2 Startup Menu")

If X <> "" Then

WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SB Audigy 2 Startup Menu", "/L:ENG"

X = MsgBox("Your System32 folder should no longer open at boot.", vbOKOnly, "Done")

Else

MsgBox "No Audigy card installed; repair failed.", vbOKOnly, "Finished."

End If

Set WshShell = Nothing

Now double click the desktop\sys32fix.vbs file.

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #5 on: March 25, 2006, 10:04:09 AM »
I did this and McAfee gave me a warning. "Suspicious script detected" and stopped it. I have the option to let it pass but I want to make sure it isn't going to kill my computer. LOL. Sorry I'm being a PITA but if I lose my computer I lose my connection to the outside world. LOL. Just being cautious! Just give me a little piece of mind please. Again...sorry for being a PITA!

Backdated

  • Guest
Re: system32 on startup
« Reply #6 on: March 25, 2006, 01:54:21 PM »
McAfee is doing it's job.
The script is most certainly safe to run. It checks for an erroneous registry key. If that error exists, it fixes it. If that error doesn't exist, it exits without doing anything.

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #7 on: March 25, 2006, 03:44:50 PM »
Hmmmm...didn't do anything. Said it didn't exist. Thanks for easing my mind on it first! LOL

Backdated

  • Guest
Re: system32 on startup
« Reply #8 on: March 25, 2006, 03:54:12 PM »
Ok, there are a host of other reasons for this behaviour and some are malware related.
Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done.
If possible, zip the logfile and attach it rather than post it.

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #9 on: March 26, 2006, 10:07:06 PM »
OK I think I did it all. The Panda website though when I downloaded it froze my computer so I didn't do that one. I think I attached it correctly. Thanks for all your help!

Backdated

  • Guest
Re: system32 on startup
« Reply #10 on: March 27, 2006, 06:05:20 AM »
I've had a quick glance at your logfile and one or two infections are present. I'm quite busy at the moment so I'll post directions for removal later.
In the meantime, have a look at your Add/Remove Programs applet and if "iWon" is listed, remove it.

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #11 on: March 27, 2006, 06:44:11 AM »
OK will do. That used to be my homepage until it changed. Oh well. Thanks so much for taking the time to help me!

Backdated

  • Guest
Re: system32 on startup
« Reply #12 on: March 27, 2006, 10:47:30 AM »
Run Hijackthis and fix the following:

O4 - HKLM\..\Run: [iWon Messenger Pipe] C:\Program Files\iWon\Messenger\bin\i1IMPipe.exe

O4 - HKLM\..\Run: [cat]

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

O16 - DPF: {70522fa2-4656-11d5-b0e9-0050dac24e8f} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab



Fix this entry if Panda AV was once installed but has since been removed:

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe


Reboot and delete the following folders:
C:\Program Files\iWon\
C:\Program Files\Viewpoint\



Download and run [highlight]CCleaner[/highlight] but check it's settings first in case there's anything that you don't want removed.

hotdogdoxie

  • Guest
Re: system32 on startup
« Reply #13 on: March 28, 2006, 01:29:08 PM »
Am I supposed to click on those links or fix it from hijackthis? I'm sorry. I'm not very computer literate.

Backdated

  • Guest
Re: system32 on startup
« Reply #14 on: March 28, 2006, 02:42:08 PM »
Fix those entries from within Hijackthis.
Do not click on the links!!!!!

You can of course, click on the CCleaner link.