Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"System32 Folder Opens At Startup" 2

Status
Not open for further replies.
seechance

seechance

IS-IT--Management
Joined
Aug 1, 2001
Messages
24
Location
US
Winows XP Pro:The System32 folder opens on startup when the desktop appears. I have to close it to get to the desktop.

Any help?

Chance
 
Sort by date Sort by votes
Hello

This normally occurs because a program is set to load from C:\Windows\System32 that doesn't exist. I would run MSConfig as you are on XP and check for programs that are set to load from that particular folder.

John
 
Upvote 0 Downvote
THANK YOU! I think I have it fixed! There where two entries that where like this C:windows\system32 Noting else. I check off on them and it seames to work.

Again,
Thanks
 
Upvote 0 Downvote
The problem has reoccurred! Here is what is going on. I clean the system with AD-Ware and Spy-Bot and remove all the junk! Then when I use Internet Explorer after I’m at the opening page, another Internet Explorer opens and connects to and the problems start all over again. I have to clean everything again. The only way I can keep from having to clean is to put sandboxer in the restricted zone BUT it still keeps opening every few seconds. Close it and it will open in a few seconds. If you leave it open another one will open etc.

Spy-Bot and AD-Ware clean the trash but can not stop this problem.

Anybody have any ideas!

Chance
 
Upvote 0 Downvote
Turn off System Restore before any cleaning.

See faq608-4620
 
Upvote 0 Downvote
Have you checked for updates within spybot to make sure you have all the latest? Have you used the immunize program in Spybot? You could also do a search in the registry for sandboxer and delete everything you find. Do a backup first just in case. Something is loading at startup it looks like and it is probably in the registry.
 
Upvote 0 Downvote
I have same type of problem. I am running WinXP Home.
When I launch Internet Explorer for the first time each day a C:\windows\system32 folder opens. I uncheck the two c:\windows\system32\ boxes in the msconfig starup put they restore the next day. I have also searched the regedit to see if it is in one of the run areas.
 
Upvote 0 Downvote
I have to get my faq's right.

Turn off system restore, and then follow faq608-4650
 
Upvote 0 Downvote
Thank you bcastner,
Today was my 1st time in weeks that I started up with out the pesty system32 window opening. The cure was running .cwshredder .SpyBot & .AdAware6 they found and fixed many files.

 
Upvote 0 Downvote
The pest \windows\system32 window opens when I start Exployer Browser. Even though I take the two ref out of the startup and remove it with regedit, it keeps coming back. Can you look at this HijackThis to see if something else is calling for system32 folder to open. Thanks

Logfile of HijackThis v1.97.7
Scan saved at 10:37:16 AM, on 1/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\EPOAgent\naimas32.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\EPOAgent\naimag32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\TDW\Desktop\Utl\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {111682c5-6608-43e6-8ecc-abf146ca2566} - C:\DOCUME~1\TDW\APPLIC~1\bzstdroxbl.dll (file missing)
O2 - BHO: (no name) - {4B9C9BCE-799A-3CDD-FFD5-E43D8F8C9C3B} - C:\WINDOWS\system32\iefuewbq.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {FE98CA0A-AB8A-0A08-EA24-9DC5EEC5CDEB} - C:\WINDOWS\system32\yksjlyee.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: uwckckeeche - {a058a538-f043-4126-a0eb-42b71b2d6310} - C:\DOCUME~1\TDW\APPLIC~1\bzstdroxbl.dll (file missing)
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
 
Upvote 0 Downvote
There are some suspect entries here. With System Restore disabled, remove these:

O2 - BHO: (no name) - {111682c5-6608-43e6-8ecc-abf146ca2566} - C:\DOCUME~1\TDW\APPLIC~1\bzstdroxbl.dll (file missing)
O2 - BHO: (no name) - {4B9C9BCE-799A-3CDD-FFD5-E43D8F8C9C3B} - C:\WINDOWS\system32\iefuewbq.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {FE98CA0A-AB8A-0A08-EA24-9DC5EEC5CDEB} - C:\WINDOWS\system32\yksjlyee.dll
O3 - Toolbar: uwckckeeche - {a058a538-f043-4126-a0eb-42b71b2d6310} - C:\DOCUME~1\TDW\APPLIC~1\bzstdroxbl.dll (file missing)

And taking these out should help:

O4 - HKLM\..\Run: [] c:\WINDOWS\System32O4 - HKCU\..\Run: [] c:\WINDOWS\System32
Reboot. Any better?

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
carr,

Sorry to be OT. Do you see anything here? thread779-752688

If you do, respond in that thread.

Again, sorry.

Bill
 
Upvote 0 Downvote
Can you check your add/remove programs:
Settings/Control Panel/ Add for a program
called Memory Watcher. Its an add Supported Freeware program. Remove it.
Also delete these:
O2 - BHO: (no name) - {111682c5-6608-43e6-8ecc-abf146ca2566} - C:\DOCUME~1\TDW\APPLIC~1\bzstdroxbl.dll (file missing
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)


"Sometimes I do not know but I try hard"- R.F. Haughty 1923
 
Upvote 0 Downvote
I am also having this problem after getting a download.trojan virus. Norton anti-virus did not prevent the virus from getting into my computer. I am running XP professional.

Norton AV qaurantined some files, but there a lot of spam ad-type pop-up software that I ad-ware deleted.

But going into msconfig and viewing the STARTUP tab I can see some lines that are suspect. One is a bridge.dll file that I earlier spotted and renamed it as it appeared to go out to the internet and bring back spam software (I'm not 100% sure what it was doing!).

My machine is also taking a couple of minutes to startup...

How do I clear these out of my machine ?

Thanks !
 
Upvote 0 Downvote
Run down the routines in this FAQ: faq608-4650
If no relief by the time you've finished, post your Hijack This! log here (preferably in a new post).

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
I now have in the system configuration startup two Items that have 27 squares or boxes in the startup and command colm. Any idea what they are and how to remove? I unchecked them put when I startup winxp home they still show up.
 
Upvote 0 Downvote
I found where to go in the regedit to remove unwanted junk items in the system configuration startup. It was in this hkey=> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
 
Upvote 0 Downvote
Im having the system32 folder problem as well. I've read this topic through and downloaded every program suggested and gone through every FAQ fowlowing the instructions exactly the way it told me to. I'm still getting a the annoying system32 pop up. I read that the last resort you guys prefer is that I use Hijackthis and paste the log file. I myself noticed a few problems in the log and many system32 references involved with websense. I HATE WEBSENSE. Heres my log. Any help is greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 7:08:22 PM, on 2/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.81.8.34:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SearchAt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [// Filename: master.] c:\WINDOWS\System32\// Filename: master.html
O4 - HKLM\..\Run: [// Description: The "master" block page sets up a Websense block page ] c:\WINDOWS\System32\// Description: The "master" block page sets up a Websense block page that
O4 - HKLM\..\Run: [// needs fra] c:\WINDOWS\System32\// needs frames.
O4 - HKLM\..\Run: [// Websense Inc. (Websense) has prepared this material for us] c:\WINDOWS\System32\// Websense Inc. (Websense) has prepared this material for use by
O4 - HKLM\..\Run: [// Websense personnel, licensees, and customers. The informa] c:\WINDOWS\System32\// Websense personnel, licensees, and customers. The information
O4 - HKLM\..\Run: [// contained herein is the property of Websense and shall no] c:\WINDOWS\System32\// contained herein is the property of Websense and shall not be
O4 - HKLM\..\Run: [// reproduced in whole or part without the prior written con] c:\WINDOWS\System32\// reproduced in whole or part without the prior written consent
O4 - HKLM\..\Run: [// of an authorized representative of Websense ] c:\WINDOWS\System32\// of an authorized representative of Websense Inc.
O4 - HKLM\..\Run: [// RESTRICTED RIGHTS LE] c:\WINDOWS\System32\// RESTRICTED RIGHTS LEGEND
O4 - HKLM\..\Run: [// Use, duplication or disclosure by the U.S. Government is sub] c:\WINDOWS\System32\// Use, duplication or disclosure by the U.S. Government is subject
O4 - HKLM\..\Run: [// to restrictions as set forth in subdivision (b)(3)(ii) of the Ri] c:\WINDOWS\System32\// to restrictions as set forth in subdivision (b)(3)(ii) of the Rights
O4 - HKLM\..\Run: [// in Technical Data and Computer Software clause at 52.227-7013. ] c:\WINDOWS\System32\// in Technical Data and Computer Software clause at 52.227-7013. All
O4 - HKLM\..\Run: [// other Government use , duplication or disclosure shall be gove] c:\WINDOWS\System32\// other Government use , duplication or disclosure shall be governed
O4 - HKLM\..\Run: [// exclusively by the terms of the Websense Subscription Agreem] c:\WINDOWS\System32\// exclusively by the terms of the Websense Subscription Agreement.
O4 - HKLM\..\Run: [// Websense, ] c:\WINDOWS\System32\// Websense, Inc.
O4 - HKLM\..\Run: [// Copyright (c) 1997 - ] c:\WINDOWS\System32\// Copyright (c) 1997 - 2003
O4 - HKLM\..\Run: [// 10240 Sorrento Valle] c:\WINDOWS\System32\// 10240 Sorrento Valley Rd
O4 - HKLM\..\Run: [// San Diego, CA 9] c:\WINDOWS\System32\// San Diego, CA 92121
O4 - HKLM\..\Run: [// (858) 320-] c:\WINDOWS\System32\// (858) 320-8000
O4 - HKLM\..\Run: [// The Websense Tokens contained in this page are the follow] c:\WINDOWS\System32\// The Websense Tokens contained in this page are the following:
O4 - HKLM\..\Run: [// 1) *WS_TOPFRAME] c:\WINDOWS\System32\// 1) *WS_TOPFRAMEURL*
O4 - HKLM\..\Run: [// - Outputs the target url for the upper frame. The default is] c:\WINDOWS\System32\// - Outputs the target url for the upper frame. The default is the
O4 - HKLM\..\Run: [// block.html block p] c:\WINDOWS\System32\// block.html block page.
O4 - HKLM\..\Run: [// 2) *WS_BOTTOMFRAME] c:\WINDOWS\System32\// 2) *WS_BOTTOMFRAMEURL*
O4 - HKLM\..\Run: [// - Outputs the target url for the lower frame. This depends on] c:\WINDOWS\System32\// - Outputs the target url for the lower frame. This depends on the
O4 - HKLM\..\Run: [// blocking option that is selec] c:\WINDOWS\System32\// blocking option that is selected.
O4 - HKLM\..\Run: [// 3) *WS_SESSIO] c:\WINDOWS\System32\// 3) *WS_SESSIONID*
O4 - HKLM\..\Run: [// - This is a mandatory token that must follow Websense speci] c:\WINDOWS\System32\// - This is a mandatory token that must follow Websense specified
O4 - HKLM\..\Run: [// *WS_TOPFRAMEURL* and *WS_BOTTOMFRAMEURL* tok] c:\WINDOWS\System32\// *WS_TOPFRAMEURL* and *WS_BOTTOMFRAMEURL* tokens.
O4 - HKLM\..\Run: [<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF] c:\WINDOWS\System32\<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF-8&quot;>
O4 - HKLM\..\Run: [<title>Blocked by Camp Doha Kuwait Websense</ti] c:\WINDOWS\System32\<title>Blocked by Camp Doha Kuwait Websense</title>
O4 - HKLM\..\Run: [<frameset rows=471 frameborder=0 borde] c:\WINDOWS\System32\<frameset rows=471 frameborder=0 border=0>
O4 - HKLM\..\Run: [<frame src=&quot; name=ws_block marginwidth=0 marginheight=0 scrolling=&quot;au] c:\WINDOWS\System32\<frame src=&quot; name=ws_block marginwidth=0 marginheight=0 scrolling=&quot;auto&quot;>
O4 - HKLM\..\Run: [<noframes>You have been blocked by Websense.<p>You must have a frames capable browser to view the remainder of this document correctly.</noframes></frameset></h] c:\WINDOWS\System32\<noframes>You have been blocked by Websense.<p>You must have a frames capable browser to view the remainder of this document correctly.</noframes></frameset></html>
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [<H] c:\WINDOWS\System32\<head>
O4 - HKCU\..\Run: [// Description: The &quot;master&quot; block page sets up a Websense block page ] c:\WINDOWS\System32\// Description: The &quot;master&quot; block page sets up a Websense block page that
O4 - HKCU\..\Run: [// needs fra] c:\WINDOWS\System32\// needs frames.
O4 - HKCU\..\Run: [/////////////////////////////////////////////////////////////////////////] c:\WINDOWS\System32\/////////////////////////////////////////////////////////////////////////////
O4 - HKCU\..\Run: [// PROPRIETARY MATER] c:\WINDOWS\System32\// PROPRIETARY MATERIALS
O4 - HKCU\..\Run: [// Websense Inc. (Websense) has prepared this material for us] c:\WINDOWS\System32\// Websense Inc. (Websense) has prepared this material for use by
O4 - HKCU\..\Run: [// Websense personnel, licensees, and customers. The informa] c:\WINDOWS\System32\// Websense personnel, licensees, and customers. The information
O4 - HKCU\..\Run: [// contained herein is the property of Websense and shall no] c:\WINDOWS\System32\// contained herein is the property of Websense and shall not be
O4 - HKCU\..\Run: [// reproduced in whole or part without the prior written con] c:\WINDOWS\System32\// reproduced in whole or part without the prior written consent
O4 - HKCU\..\Run: [// of an authorized representative of Websense ] c:\WINDOWS\System32\// of an authorized representative of Websense Inc.
O4 - HKCU\..\Run: [// RESTRICTED RIGHTS LE] c:\WINDOWS\System32\// RESTRICTED RIGHTS LEGEND
O4 - HKCU\..\Run: [// Use, duplication or disclosure by the U.S. Government is sub] c:\WINDOWS\System32\// Use, duplication or disclosure by the U.S. Government is subject
O4 - HKCU\..\Run: [// to restrictions as set forth in subdivision (b)(3)(ii) of the Ri] c:\WINDOWS\System32\// to restrictions as set forth in subdivision (b)(3)(ii) of the Rights
O4 - HKCU\..\Run: [// in Technical Data and Computer Software clause at 52.227-7013. ] c:\WINDOWS\System32\// in Technical Data and Computer Software clause at 52.227-7013. All
O4 - HKCU\..\Run: [// other Government use , duplication or disclosure shall be gove] c:\WINDOWS\System32\// other Government use , duplication or disclosure shall be governed
O4 - HKCU\..\Run: [// exclusively by the terms of the Websense Subscription Agreem] c:\WINDOWS\System32\// exclusively by the terms of the Websense Subscription Agreement.
O4 - HKCU\..\Run: [// Websense, ] c:\WINDOWS\System32\// Websense, Inc.
O4 - HKCU\..\Run: [// Copyright (c) 1997 - ] c:\WINDOWS\System32\// Copyright (c) 1997 - 2003
O4 - HKCU\..\Run: [// 10240 Sorrento Valle] c:\WINDOWS\System32\// 10240 Sorrento Valley Rd
O4 - HKCU\..\Run: [// San Diego, CA 9] c:\WINDOWS\System32\// San Diego, CA 92121
O4 - HKCU\..\Run: [// (858) 320-] c:\WINDOWS\System32\// (858) 320-8000
O4 - HKCU\..\Run: [// The Websense Tokens contained in this page are the follow] c:\WINDOWS\System32\// The Websense Tokens contained in this page are the following:
O4 - HKCU\..\Run: [// 1) *WS_TOPFRAME] c:\WINDOWS\System32\// 1) *WS_TOPFRAMEURL*
O4 - HKCU\..\Run: [// - Outputs the target url for the upper frame. The default is] c:\WINDOWS\System32\// - Outputs the target url for the upper frame. The default is the
O4 - HKCU\..\Run: [// block.html block p] c:\WINDOWS\System32\// block.html block page.
O4 - HKCU\..\Run: [// 2) *WS_BOTTOMFRAME] c:\WINDOWS\System32\// 2) *WS_BOTTOMFRAMEURL*
O4 - HKCU\..\Run: [// - Outputs the target url for the lower frame. This depends on] c:\WINDOWS\System32\// - Outputs the target url for the lower frame. This depends on the
O4 - HKCU\..\Run: [// blocking option that is selec] c:\WINDOWS\System32\// blocking option that is selected.
O4 - HKCU\..\Run: [// 3) *WS_SESSIO] c:\WINDOWS\System32\// 3) *WS_SESSIONID*
O4 - HKCU\..\Run: [// - This is a mandatory token that must follow Websense speci] c:\WINDOWS\System32\// - This is a mandatory token that must follow Websense specified
O4 - HKCU\..\Run: [// *WS_TOPFRAMEURL* and *WS_BOTTOMFRAMEURL* tok] c:\WINDOWS\System32\// *WS_TOPFRAMEURL* and *WS_BOTTOMFRAMEURL* tokens.
O4 - HKCU\..\Run: [//////////////////////////////////////////////////////////////////////////] c:\WINDOWS\System32\///////////////////////////////////////////////////////////////////////////-->
O4 - HKCU\..\Run: [<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF] c:\WINDOWS\System32\<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF-8&quot;>
O4 - HKCU\..\Run: [<title>Blocked by Camp Doha Kuwait Websense</ti] c:\WINDOWS\System32\<title>Blocked by Camp Doha Kuwait Websense</title>
O4 - HKCU\..\Run: [<frameset rows=471 frameborder=0 borde] c:\WINDOWS\System32\<frameset rows=471 frameborder=0 border=0>
O4 - HKCU\..\Run: [<frame src=&quot; name=ws_block marginwidth=0 marginheight=0 scrolling=&quot;au] c:\WINDOWS\System32\<frame src=&quot; name=ws_block marginwidth=0 marginheight=0 scrolling=&quot;auto&quot;>
O4 - HKCU\..\Run: [<noframes>You have been blocked by Websense.<p>You must have a frames capable browser to view the remainder of this document correctly.</noframes></frameset></h] c:\WINDOWS\System32\<noframes>You have been blocked by Websense.<p>You must have a frames capable browser to view the remainder of this document correctly.</noframes></frameset></html>
O4 - HKCU\..\Run: [MSMSGS] &quot;C:\Program Files\Messenger\MSMSGS.EXE&quot; /background
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BloodFeastMan
  • Locked
  • Question Question
Running a &quot;dir&quot; command from &quot;Scheduled Tasks&quot; returns entire registry
Replies
3
Views
515
strongm
strongm
Sebastian42
  • Locked
  • Question Question
How to automate a troublesome startup ?
2 3
Replies
48
Views
3K
Rick998
Rick998
Shimmy613
  • Locked
  • Question Question
Systematically and safely deleting folder shortcuts seemingly to itself
Replies
6
Views
687
Mike Lewis
Mike Lewis
Mike Lewis
  • Locked
  • Question Question
File associations for &quot;edit&quot;, &quot;print&quot;, etc.
Replies
6
Views
647
Mike Lewis
Mike Lewis
GriffMG
  • Locked
  • Question Question
Windows 10 - One CPU running at 100% after return from display being turned off
Replies
4
Views
554
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top