Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system 32 file


  • Please log in to reply
13 replies to this topic

#1 tinkersome

tinkersome

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 06:38 PM

hi ya'll....my system 32 file box opens at restart is there a way to stop it?....i have tried your anti-malware program and i run norton....nothing works...any sugestions

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 26 September 2010 - 06:41 PM

Try the fix at Kelly's Korner.

System32 Folder Opens Upon Boot - #260 on the right.

Right click on it and save the .reg/.vbs file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry/run the script. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 06:53 PM

ok i tried that is says...this script cannot repair your issue. the expected registry was not found.....

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 26 September 2010 - 06:56 PM

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System


Under Select type to list, select:
Critical (Vista only)
Error


Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 07:04 PM

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/09/2010 7:14:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/09/2010 8:28:13 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application teatimer.exe, version 1.6.6.32, faulting module teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Log: 'Application' Date/Time: 22/09/2010 6:36:11 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application spades.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 22/09/2010 6:35:24 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application spades.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 20/09/2010 7:29:40 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Euchre.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 20/09/2010 7:28:26 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Euchre.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 14/09/2010 8:50:44 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Euchre.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 24/08/2010 8:03:14 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 23/08/2010 8:03:18 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 22/08/2010 4:20:18 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 21/08/2010 7:24:23 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 09/08/2010 8:04:52 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 8:05:19 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 4:24:42 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 01/08/2010 1:59:45 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Euchre.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 31/07/2010 6:27:58 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 7.0.6000.17055, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 28/07/2010 4:53:16 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 7.0.6000.17055, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/07/2010 8:04:00 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 27/07/2010 1:31:12 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 404 (HTTP Response Status)

Log: 'Application' Date/Time: 26/07/2010 8:03:51 PM
Type: error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 26/07/2010 6:20:24 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/08/2010 12:09:29 AM
Type: error Category: 6
Event: 16 Source: Windows Update Agent
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 21/08/2010 7:23:50 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 21/08/2010 6:52:52 PM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 21/08/2010 6:52:52 PM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 19/08/2010 8:25:18 PM
Type: error Category: 6
Event: 16 Source: Windows Update Agent
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 07/08/2010 5:47:42 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 03/05/2010 8:10:11 AM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 14/03/2010 2:05:49 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 20/12/2009 6:52:08 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 20/12/2009 6:52:08 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 05/11/2009 10:07:35 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 01/11/2009 2:58:57 PM
Type: error Category: 0
Event: 54 Source: Print
Document STOCKCREWDUTIES was corrupted and has been deleted. The associated driver is: hp psc 1310 series.

Log: 'System' Date/Time: 07/09/2009 9:08:32 AM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.1.1 on the Network Card with network address 0007E97363ED.

Log: 'System' Date/Time: 29/08/2009 9:08:35 PM
Type: error Category: 0
Event: 34 Source: W32Time
The time service has detected that the system time needs to be changed by +518273 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.1:123->207.46.197.32:123) is working properly.

Log: 'System' Date/Time: 05/07/2009 12:11:11 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/07/2009 10:58:55 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 05/07/2009 10:34:07 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 05/07/2009 10:33:52 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 04/07/2009 5:44:43 PM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 04/07/2009 5:44:43 PM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

#6 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 07:29 PM

According to Microsoft this can be caused by an invalid, nul, or damaged startup item in your CurrentVersion\Run registry entries.

Could you download and execute the attatched registrystart.bat file and paste the output of the log it creates?

Edit: The contents of the .bat script are:
@echo off
regedit.exe /e %TEMP%\~adfiuha.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
regedit.exe /e %TEMP%\~njiadfi.txt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
copy %TEMP%\~adfiuha.txt /A + %TEMP%\~njiadfi.txt /A %TEMP%\Report.txt
notepad.exe %TEMP%\Report.txt
if exist %TEMP%\~adfiuha.txt del %TEMP%\~adfiuha.txt
if exist %TEMP%\~njiadfi.txt del %TEMP%\~njiadfi.txt
if exist %TEMP%\Report.txt del %TEMP%\Report.txt

Attached Files


Edited by Gabrial, 26 September 2010 - 07:33 PM.


#7 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 07:41 PM

is this what you needed?


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"GWMDMMSG"="GWMDMMSG.exe"
"GWMDMpi"="C:\\WINDOWS\\GWMDMpi.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"ISW.exe"="\"C:\\Program Files\\AT&T\\Internet Security Wizard\\ISW.exe\" /AUTORUN"
"HelpCenter4.1"="C:\\Program Files\\Bellsouth\\HelpCenter40b\\bin\\sprtcmd.exe /P HelpCenter4.1"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"EnvyHFCPL"="C:\\Program Files\\VIA\\VIAudioi\\EnvyADeck\\EnMixCPL.exe 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MotiveBBM"=" -AppKey=ATT-SST -URL=\\\\Start.htm?vendorID=ATT-SST,ConnectivityRequired=true,flowId=HOMEPAGE -windowcontext=ATT-SST"

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 26 September 2010 - 07:49 PM

You could try the Kelly's Korner fix again but make sure you shut down Spybot's TeaTimer first.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 07:53 PM

i was reading all that...most is greek to me but i will give it ago........thank you for you help!

#10 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 08:43 PM

I looked at Kelly's script, and it a specific fix for a specific problem with a specific corrupt registry entry for a SB Audigy 2 card in HKCU\...\CurrentVersion\Run. Looking at your startup dump you posted, that's not the issue.

Looking at your entries, the following line doesn't look very promising:

"MotiveBBM"=" -AppKey=ATT-SST -URL=\\\\Start.htm?vendorID=ATT-SST,ConnectivityRequired=true,flowId=HOMEPAGE -windowcontext=ATT-SST"

It doesn't have an executable, but only it's command line options. Let's disable it and see if the problem goes away.

Click Start -> Run...

Type "msconfig" in the box that pops up and click "OK".

This will start the System Configuration Utility.

Click on the "Startup" tab.

Scroll down and uncheck the box by the "MotiveBBM" entry.

Click "OK" at the bottom. The computer will want you to restart the system. Do it.

Check and see if the problem went away.

If and *ONLY* if the problem went away, run the attatched batch file to fix your problem entry. This batch file is crafted specifc to you. Noone else should ever use it. :thumbsup:



----
tinkersomes_fix.bat contains... my batch code to add or remove the registry entry based on weither or not the needed file exists:
@echo off
If not exist "C:\Program Files\ATT-SST\McciBrowser.exe" goto remove

echo Windows Registry Editor Version 5.00 > %TEMP%\~adfions.reg
echo. >> %TEMP%\~adfions.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] >> %TEMP%\~adfions.reg
echo "MotiveBBM"="C:\\Program Files\\ATT-SST\\McciBrowser.exe -AppKey=ATT-SST -URL=\\\\Start.htm?vendorID=ATT-SST,ConnectivityRequired=true,flowId=HOMEPAGE -windowcontext=ATT-SST" >> %TEMP%\~adfions.reg
regedit /s %TEMP%\~adfions.reg

goto end

:remove
echo Windows Registry Editor Version 5.00 > %TEMP%\~adfions.reg
echo. >> %TEMP%\~adfions.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] >> %TEMP%\~adfions.reg
echo "MotiveBBM"=- >> %TEMP%\~adfions.reg
regedit /s %TEMP%\~adfions.reg

:end
if exist %TEMP%\~adfions.reg del %TEMP%\~adfions.reg


Edit: removed batch file to keep innocents from running it and wondering why it's not working.

Edited by Gabrial, 26 September 2010 - 11:12 PM.


#11 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 10:14 PM

sorry i had to step away abit....ok i found it gonna give it a try

Edited by tinkersome, 26 September 2010 - 10:35 PM.


#12 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 10:47 PM

Cool, let me know how it goes.

#13 tinkersome

tinkersome
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 11:06 PM

omg!...ya'll are awesome thank you so much budapest & gabrial....it is all back to normal

#14 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 September 2010 - 11:11 PM

Glad to be of help. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users