1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system32.exe - virus?

Discussion in 'Virus & Other Malware Removal' started by mtchevy, Sep 30, 2003.

Thread Status:
Not open for further replies.
  1. mtchevy

    mtchevy Thread Starter

    Joined:
    Sep 30, 2003
    Messages:
    1
    Whenever I boot up my computer I get this error message:

    Windows cannot find C:\Windows\System32\system32.exe. Make sure you typed the name correctly and then try again. To search for a file, click the start button, and then search.

    Here's my HijackThis summary:

    Logfile of HijackThis v1.97.2
    Scan saved at 5:54:02 PM, on 9/30/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AVPersonal\AVGUARD.EXE
    D:\Program Files\AVPersonal\AVWUPSRV.EXE
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\WINDOWS\System32\mnmsrvc.exe
    D:\WINDOWS\System32\NMSSvc.exe
    D:\WINDOWS\System32\rundll32.exe
    D:\Program Files\Norton Utilities\NPROTECT.EXE
    D:\Program Files\Speed Disk\nopdb.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.exe
    D:\WINDOWS\System32\PROMon.exe
    D:\WINDOWS\ProDsl.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\PROGRA~1\MICROS~6\GAMECO~1\Common\SWTrayV4.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Winamp\Winampa.exe
    D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    D:\Program Files\AVPersonal\AVGNT.EXE
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\QUICKENW\QWDLLS.EXE
    D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\PROGRA~1\WINZIP\winzip32.exe
    D:\Documents and Settings\BrianJ\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startribune.com/
    F0 - system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - D:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - D:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] D:\PROGRA~1\MICROS~6\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] "D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...&http://www.lexus.com/rx330/no_viewpoint.html
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37630.3821990741
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1634957-0DBA-4B5C-A28A-96E1DF83507B}: NameServer

    Any help on what to fix would be much appreciated! Thanks!

    MTCHEVY
     
  2. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Close all browser windows , Scan Hijack This , put a check in the following entries and hit ''Fix Checked'' ,

    F0 - system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe

    F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\System32.exe

    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - D:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - D:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    Shutdown & Reboot your computer

    Navigate to and Delete the following
    D:\Program Files\MySearch > Folder

    Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer.

    The following link can assist you in optimizing your start-up applications www.pacs-portal.co.uk/startup_pages/startup_full.htm

    Good luck
     
  3. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    In answer to the question, it definately ain't legit. Treat with caution.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168649

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice