Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Why does system32 popup when i start my computer?

Status
Not open for further replies.
pitcher5

pitcher5

MIS
Joined
May 16, 2004
Messages
1
Location
US
the system32 folder continuously pops up (6 or 7 ) times whenever i start my computer...here is my logfile..
any help is appreciated,
Thank you

Logfile of HijackThis v1.97.7
Scan saved at 6:16:44 PM, on 1/19/2000
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\irun4.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Java\j2re1.4.1_02\bin\javaw.exe
C:\Documents and Settings\user\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [fgvg] pztgabk.exe autorun
O4 - HKLM\..\Run: [] c:\WINDOWS\System32O4 - HKLM\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKLM\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKLM\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Gifts</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#D3DBE4><img src=" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src=" height=1 width=174></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Home</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Health</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Entertainment</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Shopping</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Computing</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Hobbies</A></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKLM\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKLM\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKLM\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKLM\..\Run: [ var screen_width = '&sw=' + screen.wi] c:\WINDOWS\System32\ var screen_width = '&sw=' + screen.width;
O4 - HKLM\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKLM\..\Run: [if (screen.colorDept] c:\WINDOWS\System32\if (screen.colorDepth) {
O4 - HKLM\..\Run: [ var color_depth = '&cd=' + screen.colorDe] c:\WINDOWS\System32\ var color_depth = '&cd=' + screen.colorDepth;
O4 - HKLM\..\Run: [data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_vers] c:\WINDOWS\System32\data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_version;
O4 - HKLM\..\Run: [data = data + java_enabled + screen_width + screen_height + color_de] c:\WINDOWS\System32\data = data + java_enabled + screen_width + screen_height + color_depth;
O4 - HKLM\..\Run: [<img border=0 hspace=0 vspace=0 src="] c:\WINDOWS\System32\<img border=0 hspace=0 vspace=0 src="O4 - HKLM\..\Run: [LimeShop] C:\Program Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kbgf] C:\WINDOWS\kbgf.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [ssate.exe] C:\WINDOWS\System32\irun4.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32O4 - HKCU\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKCU\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ <td align="right" background=" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background=" class="head">beneditutti.com is under construction.</td>
O4 - HKCU\..\Run: [ <td align="left" background=" class="wtext"><img src=" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background=" class="wtext"><img src=" width="24" height="25" align="absmiddle"></td>
O4 - HKCU\..\Run: [ <td><img src=" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src=" width="10" height="25"></td>
O4 - HKCU\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKCU\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKCU\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td><img src=" height=10 width=10><] c:\WINDOWS\System32\ <td><img src=" height=10 width=10></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [   <b>·</b> <a href=" Ticket</a>] c:\WINDOWS\System32\   <b>·</b> <a href=" Ticket</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [   <b>·</b> <a href=" Decorating</a>] c:\WINDOWS\System32\   <b>·</b> <a href=" Decorating</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [   <b>·</b> <a href="] c:\WINDOWS\System32\   <b>·</b> <a href="O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Gifts</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#D3DBE4><img src=" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src=" height=1 width=174></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Home</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Health</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Entertainment</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Shopping</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Computing</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src=" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href=" class=category>Hobbies</A></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKCU\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKCU\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKCU\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKCU\..\Run: [ var screen_width = '&sw=' + screen.wi] c:\WINDOWS\System32\ var screen_width = '&sw=' + screen.width;
O4 - HKCU\..\Run: [if (screen.heigh] c:\WINDOWS\System32\if (screen.height) {
O4 - HKCU\..\Run: [if (screen.colorDept] c:\WINDOWS\System32\if (screen.colorDepth) {
O4 - HKCU\..\Run: [ var color_depth = '&cd=' + screen.colorDe] c:\WINDOWS\System32\ var color_depth = '&cd=' + screen.colorDepth;
O4 - HKCU\..\Run: [data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_vers] c:\WINDOWS\System32\data = 'a=track' + domain_name + referrer_website + browser_name + full_browser_info + app_version;
O4 - HKCU\..\Run: [data = data + java_enabled + screen_width + screen_height + color_de] c:\WINDOWS\System32\data = data + java_enabled + screen_width + screen_height + color_depth;
O4 - HKCU\..\Run: [<img border=0 hspace=0 vspace=0 src="] c:\WINDOWS\System32\<img border=0 hspace=0 vspace=0 src="O4 - Startup: Download Plus.lnk = C:\Documents and Settings\user\Application Data\DownloadPlus.exe
O4 - Global Startup: LimeWire 3.8.5.lnk = C:\Program Files\LimeWire\3.8.5\LimeWire.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lakesideschool.org
O17 - HKLM\Software\..\Telephony: DomainName = lakesideschool.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lakesideschool.org
 
Sort by date Sort by votes
You don't see many logs that size. With all the mention of System32 sprinkled through it, no wonder it is opening 6 or 7 times. See if these get you going in the right direction.




Reading HijackThis log files
An introduction to the analysis of a HijackThis log file
faq760-4897

Removing adware & spyware
faq608-4650
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Keyboy
  • Locked
  • Question Question
Computer freezing up
Replies
3
Views
2K
Rick998
Rick998
kwunder
  • Locked
  • Question Question
APNS Certificate popup
Replies
0
Views
345
kwunder
kwunder
jjjthird333
  • Locked
  • Question Question
rename a doamin computer when it is offline?
Replies
3
Views
653
goombawaho
goombawaho
Flinx
  • Locked
  • Question Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
3K
Flinx
Flinx
Marguerite Bourgeois
  • Locked
  • Question Question
I have a document in which margins
Replies
2
Views
454
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top