Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log/system 32 folder at startup


  • Please log in to reply
5 replies to this topic

#1 closetcomputergeek

closetcomputergeek

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 18 November 2004 - 03:21 PM

I'm fixing my friend's laptop computer. At startup, a SYSTEM32 folder appears with a bunch of pop up windows that don't make any sense. I used AD AWARE and cleaned off the pop up windows, but the system 32 folder is still the problem. Also, I get a signal with my wireless receiver but cannot open a web browser...I see a brief flash of something WINDOWS/SYSTEM32.DLL on the progress bar and then told "Cannot open page". I've also used Registry Mechanic and now have come accross Hijackthis. Below is my log - can someone hook me up with some advice on what to do?! Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 10:48:39 PM, on 11/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\vflrlfpa.exe
C:\WINDOWS\System32\uaxebs.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\knmeauai.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\sqprrxx\xxuuopv.exe
C:\PROGRA~1\sqprrxx\vpouuxx.exe
C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
C:\PROGRA~1\COMMON~1\tsa\tsm.exe
C:\PROGRA~1\COMMON~1\tsa\ts.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {3DEC5C49-6CC7-1DFA-C02F-57AA13976F9D} - C:\WINDOWS\System32\clhgmufy.dll
O2 - BHO: (no name) - {96D29378-6F8A-348C-6C8F-A559CBC98733} - C:\WINDOWS\System32\qvysncln.dll
O2 - BHO: (no name) - {96E24229-3516-CF84-1794-5CDA5C9F0DBA} - C:\WINDOWS\System32\iaabhafq.dll
O2 - BHO: (no name) - {CDC412A1-A395-7226-4A1B-CA7708E27FFA} - C:\WINDOWS\System32\nxaqtpej.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [zugstluy] C:\WINDOWS\vflrlfpa.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [a] C:\WINDOWS\System32\uaxebs.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [knmeauai] C:\WINDOWS\System32\knmeauai.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [QgpHZA1w] C:\PROGRA~1\sqprrxx\xxuuopv.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8110.3051388889
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://usa-download.strip-player.com/downl...tup_minsize.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_2.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uwsp.edu
O17 - HKLM\Software\..\Telephony: DomainName = uwsp.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{29E17101-2D31-4D1D-A058-C8ED01E614B6}: NameServer = 66.190.0.100,66.190.0.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25E70B7-0641-4BD1-B445-181E734DD25A}: NameServer = 192.168.1.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uwsp.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = uwsp.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = uwsp.edu

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:38 PM

Posted 18 November 2004 - 04:28 PM

See if this helps:
http://support.microsoft.com/?kbid=170086
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 closetcomputergeek

closetcomputergeek
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 November 2004 - 11:44 AM

Thanks for the link - I'm still having trouble connecting to the web. A friend of mine told me that I'm likely missing a DLL file that's allowing for me to connect my browser to my wireless adapter...hence my issue of connecting to the net is still a problem. After viewing many posts on Hijackthis, I was hoping someone could help me interpret my log so I could take care of my problem via that? Still desperately seeking help from one of you geniuses! Thanks for taking time to read my plea!

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:38 PM

Posted 19 November 2004 - 12:51 PM

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here
Follow the directions, EXACTLY! This is important!

Then, run a log, and post it in the HJT forum here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 closetcomputergeek

closetcomputergeek
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 November 2004 - 05:26 PM

Thanks a TON for your help!

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:38 PM

Posted 19 November 2004 - 06:25 PM

You're welcome.
Sorry I couldn't get you fixed up.

Do you know the name of the .dll file that is supposed to be missing?
You might be able to find it here:
dll-files.com
OR:
dlldump.com

Good luck.

Edited by tg1911, 19 November 2004 - 06:26 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users