pshalm
asked on
Hijackthis log shows entry for systen.32/What is it?
There is a user at our company that is having problems with his taskbar in windows disappearing. He is a remote user with a laptop. I suggested that he run a full virus scan, Ewido (spyware removal) scan. Virus scan came back clean, but Ewido found over 400 infections that it either cleaned or quarenteened.. I then had him go though add/remove programs to remove any suspicious items from the list as well as his startup group and startup tab within msconfig. Had him download sysinternals autoruns. He said that he did not see anything showing within this application that referenced this "systen32.exe" file. He is is still having the same problem with his taskbar disappearing. He is able to alt-tab between applications, but he said that his laptop seems to be having performance (speed) problems since this started happening. I had him download hijackthis and asked that he email me the completed log file. I am pasting it below. I could not find anything that looked malicious within the log except for one line, near the bottom, that caught my attention.
O23 - Service: Windows User Mode Driver Fram - Unknown owner - C:\WINDOWS\systen32.exe
What is this systen.32 (notice the "n") ?? Is it anything to be concerned about? I am even wondering if it is related to the problem that he is having with his taskbar. I have done a google search trying to find additional information on this file, but have found very little information on what it is and if it is something that needs to be removed and how. Not really sure what to do at this point to resolve this. Any suggestions as soon as possible would be greatly appreciated Thank You.
Hijackthis log file:
Logfile of HijackThis v1.99.1
Scan saved at 2:39:49 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Intel\Wireless\Bin\E vtEng.exe
C:\Program Files\Intel\Wireless\Bin\S 24EvMon.ex e
C:\Program Files\Intel\Wireless\Bin\W LKeeper.ex e
C:\WINDOWS\system32\brsvc0 1a.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\brss01 a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgemc. exe
C:\Centenn.ial\Audit\CAgen t32.exe
C:\Centenn.ial\Audit\xferw an.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv .EXE
C:\Program Files\VERITAS NetBackup Professional\System\NBPCli entSvcush. exe
C:\OfficeScan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\R egSrvc.exe
c:\progra~1\softqu~1\remot e~1\raclie nt\raclien t.exe
C:\WINDOWS\system32\svchos t.exe
C:\OfficeScan NT\tmlisten.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLo gSvcu.exe
c:\_integra\bin\ccmagent.e xe
C:\WINDOWS\TEMP\MCBE49.EXE
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Intel\Wireless\Bin\Z cfgSvc.exe
C:\PROGRA~1\Intel\Wireless \Bin\1XCon fig.exe
C:\WINDOWS\system32\Ati2ev xx.exe
c:\_integra\bin\shstart.ex e
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e
C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\hpz tsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpm gr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digi tal Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex. exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl. exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\Program Files\Skype\Phone\Skype.ex e
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\VERITAS NetBackup Professional\NBPClientush. exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Palm\Palm.exe
C:\WINDOWS\system32\WISPTI S.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuaucl t.exe
C:\Documents and Settings\cob00857\Desktop\ hijackthis \HijackThi s.exe
F2 - REG:system.ini: UserInit=c:\windows\system 32\userini t.exe,c:\_ integra\bi n\shstart. exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0 B5F309A0E6 4} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 3.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs ync.exe /logon
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\Z CfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\hpz tsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm gr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digi tal Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump rep 0 -u
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex e" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\1 .0.720.364 0\GoogleTo olbarNotif ier.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NetBackup Professional Client.lnk = ?
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~ 1\GOEC62~1 .DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\L gNotify.dl l
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE ~1\avgemc. exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0 1a.exe
O23 - Service: CentennialClientAgent - Centennial UK Ltd. - C:\Centenn.ial\Audit\CAgen t32.exe
O23 - Service: CentennialIPTransferAgent - Centennial UK Ltd. - C:\Centenn.ial\Audit\xferw an.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E vtEng.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv .EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: VERITAS NetBackup Professional Client Service (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\VERITAS NetBackup Professional\System\NBPCli entSvcush. exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R egSrvc.exe
O23 - Service: RemoteAgent Client (RemoteAgent) - SoftQuest - c:\progra~1\softqu~1\remot e~1\raclie nt\raclien t.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S 24EvMon.ex e
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLo gSvcu.exe
O23 - Service: Symantec LiveState Agent for Windows (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.e xe
O23 - Service: Windows User Mode Driver Fram - Unknown owner - C:\WINDOWS\systen32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\W LKeeper.ex e
O23 - Service: Windows User Mode Driver Fram - Unknown owner - C:\WINDOWS\systen32.exe
What is this systen.32 (notice the "n") ?? Is it anything to be concerned about? I am even wondering if it is related to the problem that he is having with his taskbar. I have done a google search trying to find additional information on this file, but have found very little information on what it is and if it is something that needs to be removed and how. Not really sure what to do at this point to resolve this. Any suggestions as soon as possible would be greatly appreciated Thank You.
Hijackthis log file:
Logfile of HijackThis v1.99.1
Scan saved at 2:39:49 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Intel\Wireless\Bin\E
C:\Program Files\Intel\Wireless\Bin\S
C:\Program Files\Intel\Wireless\Bin\W
C:\WINDOWS\system32\brsvc0
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\brss01
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE
C:\PROGRA~1\Grisoft\AVGFRE
C:\PROGRA~1\Grisoft\AVGFRE
C:\Centenn.ial\Audit\CAgen
C:\Centenn.ial\Audit\xferw
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv
C:\Program Files\VERITAS NetBackup Professional\System\NBPCli
C:\OfficeScan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\R
c:\progra~1\softqu~1\remot
C:\WINDOWS\system32\svchos
C:\OfficeScan NT\tmlisten.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLo
c:\_integra\bin\ccmagent.e
C:\WINDOWS\TEMP\MCBE49.EXE
C:\WINDOWS\system32\svchos
C:\Program Files\Intel\Wireless\Bin\Z
C:\PROGRA~1\Intel\Wireless
C:\WINDOWS\system32\Ati2ev
c:\_integra\bin\shstart.ex
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\i
C:\WINDOWS\system32\spool\
C:\Program Files\HP\hpcoretech\hpcmpm
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digi
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\PROGRA~1\Grisoft\AVGFRE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Skype\Phone\Skype.ex
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\VERITAS NetBackup Professional\NBPClientush.
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Palm\Palm.exe
C:\WINDOWS\system32\WISPTI
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuaucl
C:\Documents and Settings\cob00857\Desktop\
F2 - REG:system.ini: UserInit=c:\windows\system
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\Z
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\i
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digi
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NetBackup Professional Client.lnk = ?
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\L
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0
O23 - Service: CentennialClientAgent - Centennial UK Ltd. - C:\Centenn.ial\Audit\CAgen
O23 - Service: CentennialIPTransferAgent - Centennial UK Ltd. - C:\Centenn.ial\Audit\xferw
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: VERITAS NetBackup Professional Client Service (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\VERITAS NetBackup Professional\System\NBPCli
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R
O23 - Service: RemoteAgent Client (RemoteAgent) - SoftQuest - c:\progra~1\softqu~1\remot
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLo
O23 - Service: Symantec LiveState Agent for Windows (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.e
O23 - Service: Windows User Mode Driver Fram - Unknown owner - C:\WINDOWS\systen32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\W
ASKER
Thank you for your comments, but as I stated in the original post, we had already gone through msconfig. Ewido has been run in safe mode as well as spybot and lavasoft adaware. Using 'Autoruns', he removed the checkbox by systen.32 and rebooted. After running hijackthis again, there is no longer a reference to it, but he is still having a problem with his taskbar disappearing. Starting to wonder if this is spyware or virus related at all... Just to satisfy my own curiosity, does anyone know what this systen32.exe file is and/or what it is related to? If anyone else has any suggestions about the taskbar disappearing, that would be helpful as well. I believe that I forgot to mention in the original post that this is a Dell Latitude D810 laptop running WinXp Pro on SP2.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, does this c:\_integra\bin\shstart.ex e look familiar to you? If not remove it.Could be related to teh Taskbar. Also, are you using Roaming profiles or any other types of Folder Redirection?
F2 - REG:system.ini: UserInit=c:\windows\system 32\userini t.exe,c:\_ integra\bi n\shstart. exe
Also remove
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - (no file)
Also, are you using Roaming profiles or any other types of Folder Redirection?
Here is a free utility to help with alot of Toolbar problems...
Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm
F2 - REG:system.ini: UserInit=c:\windows\system
Also remove
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
Also, are you using Roaming profiles or any other types of Folder Redirection?
Here is a free utility to help with alot of Toolbar problems...
Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm
As for the Systen32.exe, rpggamergirl said it best about the similar signatures.
Anything that morphs itself into a misspelled Service is usually bad.
Anything that morphs itself into a misspelled Service is usually bad.
ASKER
Great information... Thank you.
I am going to give the above options a try and will post the results as soon as I have them.
I am going to give the above options a try and will post the results as soon as I have them.
ASKER
Johnb6767. Thank you for your help. Fortunately, we did not have to use the taskbar utility that you mentioned, but good to know about. The entries that you mentioned are related to our corporate laptop configurations.
Rpggamergirl...you rock!! After disabling the service that you referenced, this seemed to take care of the problem. His taskbar has not disappeared since. Thank You. :-)
Rpggamergirl...you rock!! After disabling the service that you referenced, this seemed to take care of the problem. His taskbar has not disappeared since. Thank You. :-)
How to use MSConfig (Directions with screen shots)
http://www.netsquirrel.com/msconfig/
For Windows 2000 operating systems you can download and run
MSCONFIG from this location.
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
To check for malware run one or more of these free utilities in Safe Mode.
(Clear your IE temp files first.)
Anti-Malware suites.
Spybot:
http://www.safer-networking.org/en/download/index.html
AdAware:
http://www.lavasoftusa.com/products/ad-aware_se_personal.php
You might also want to try Ewido:
http://www.ewido.net/en/
Microsoft also has a free suite.
http://www.microsoft.com/athome/security/spyware/software/default.mspx
I normally use two or three suites together for more complete scans.
Go here for a wide varitey of free anti-malware and anti-virus suites.
http://www.freebyte.com/antivirus/
The systen32 is listed within an area of Windows NT Services.
I was unable to locate any malicious activity associated with this file.