system 32 folder opens automatically

[Guest]

this is a copy of the registry (which I'm only able to see through a emergency utility). The first line in the registry reads: default reg_expand_sz data value: c:\windows\system32\ (i did not see this in the copy below) it says nothing in the run once key


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"BCMSMMSG"="BCMSMMSG.exe"
"iehelper"="C:\\Program Files\\syslaunch.exe"
"Yahoo Instant Messenger"="YAHOO.EXE"
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
"EPSON Stylus C84 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2D1.EXE /P23 \"EPSON Stylus C84 Series\" /O6 \"USB001\" /M \"Stylus C84\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

 

[Rick \Nutcase\ Rogers]

Hi DT,

Scan the system for viruses with a fully updated program - old definitions
only catch old viruses. First thing you need to do is get rid of the trojan

"iehelper"="C:\\Program Files\\syslaunch.exe"

But basically you will need to:

- Restart in Safe mode (hit F8 at boot to get the boot menu)
- Disable System Restore (this will delete any existing SR points and remove
any viruses housed in them)
- Run a full scan with an updated av program (you may wish to update before
you restart in Safe mode)
- Delete the above string from the system registry
- Restart normally

This page can help:
http://securityresponse.symantec.com/avcenter/venc/data/w32.a.d.clicker.g.trojan.html

Then, you have another issue. Do not reboot until you reach the third step
below.

1) Control Panel/Add & Remove, uninstall Wild Tangent:
http://www.blockbuster.co.uk/wildtangent/default.asp?genre=help&id=1#10
http://www.safersite.com/pestinfo/w/wildtangent.asp

2) If it still exists afterwards, delete this string from the registry:

"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"

3) Then, start/run msconfig, and on the general tab put yourself in
diagnostic mode. Click apply/ok and reboot.

4) Once back in normal mode, reset msconfig to the normal startup. Reboot
once more. The folder opening at startup should have ceased at this point.

5) Install and run Adaware from www.lavasoft.de, remove anything it finds.
Reboot and repeat this operation, make sure you use its "update" function
before running the system scan.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

this is a copy of the registry (which I'm only able to see through a

emergency utility). The first line in the registry reads: default
reg_expand_sz data value: c:\windows\system32\ (i did not see this
in the copy below) it says nothing in the run once key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"BCMSMMSG"="BCMSMMSG.exe"
"iehelper"="C:\\Program Files\\syslaunch.exe"
"Yahoo Instant Messenger"="YAHOO.EXE"

@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,5
3, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00

"EPSON Stylus C84

Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2D1.EXE /P23
\"EPSON Stylus C84 Series\" /O6 \"USB001\" /M \"Stylus C84\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\MAPI]

"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\MSFS]
"Installed"="1"