//some 3rd party need geo

C\Windows\System32 opening in startup

  hawthorn59 02:45 26 Sep 04
Locked

Hi All.

I recently installed a new HD and had some problems with viruses and trojans, but now I think all are removed. I still just have XP installed with just 1 or 2 updates, so may install XP 2 soon. But the state of play with my PC now is as follows:

When I boot up, C\Windows\System 32 folder opens up on the screen. Dont know why. Also twice in last few days I've got this error:

Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close.

And the Data error report contained:

szAppName : szAppVer: 0.0.0.0 szModName: unknown szModVer: 0.0.0.0
offset: 00000000

The following files were included

C:\DOCUMENT~1\KEVINC~1\LOCALS~1\TEMP\WER1E.tmp.dir00\svchost.exe.mdmp\appcompat.txt


The PC froze and nothing would open or close, so I had to press the on/off button.
Now today I was online, going fine and the very same thing has just happened, and I had to turn on/off again. This also happened last week.

And of course c-windows-system32 still opens on booting up.

No virus present in AVG, I also ran Search and Destroy and Adaware, and they did remove a number of files.

Any ideas anyone, on the error, or on the system32? Or are they related?

Thanks KC

  powerless 02:53 26 Sep 04
  hawthorn59 01:29 28 Sep 04

Hi again!

Someone at PcPitstop advised me to run the Pitstop check, which i did and nothing major showed up. They also asked me to do some online virus checks. I did, with Housecall and Pitstop virus check, which i had to download.
Here are results from house call:

[B]WORM WOOTBOT.O C:\WINDOWS\system32\videosd.32.exe
WORM RBOT.NR C:\WINDOWS\system32\wngard.exe
TROJ DLOADER.QB C:\explorer.exe
C:\iexplorer.exe
TROJ LOWZONES.C C:\mms.exe
REG LOWZONES.A C:\re11.REG
TROJ DLOADER.PE C:\xbbgs.exe
TROJ LOWZONES.C C:\xmmc.exe
TROJ LOWZONES.C C:\xnnc.exe
TROJ LOWZONES.C C:\xrttc.exe
TROJ LOWZONES.C C:\xssss.exe
TROJ DLOADER.PE C:\xttgs.exe[/B]

And from Pitstop:

[B] The Trj/Downloader.TC Virus was found in file C:\opens.html

The W32/Gaobot.AQE.worm Virus was found in file C:\WINDOWS\system32\videosd32.exe

The W32/Gaobot.ASO.worm Virus was found in file C:\WINDOWS\system32\wngard.exe [/B]

Interestingly a scan with AVG showed NOTHING unusual! Surely it should have spotted something, or are the other programs giving false results?

Where do I go from here!!!??

  hawthorn59 01:31 28 Sep 04

Sorry i copied and pasted that last reply, I will try to format it better:


WORM WOOTBOT.O C:\WINDOWS\system3\videosd.32.exe
WORM RBOT.NR C:\WINDOWS\system32\wngard.exe
TROJ DLOADER.QB C:\explorer.exe
C:\iexplorer.exe
TROJ LOWZONES.C C:\mms.exe
REG LOWZONES.A C:\re11.REG
TROJ DLOADER.PE C:\xbbgs.exe
TROJ LOWZONES.C C:\xmmc.exe
TROJ LOWZONES.C C:\xnnc.exe
TROJ LOWZONES.C C:\xrttc.exe
TROJ LOWZONES.C C:\xssss.exe
TROJ DLOADER.PE C:\xttgs.exe[/B]

And from Pitstop:

The Trj/Downloader.TC Virus was found in file C:\opens.html

The W32/Gaobot.AQE.worm Virus was found in file C:\WINDOWS\system32\videosd32.exe

The W32/Gaobot.ASO.worm Virus was found in file C:\WINDOWS\system32\wngard.exe [/B]


Where do I go from here!!!??

  beeuuem 02:24 28 Sep 04

Go to

click here

System32 Folder Opens When Logging on to Windows XP, Windows 2000, or Windows NT 4.0

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry
SYMPTOMS
When you log on to Microsoft Windows, a Microsoft Windows Explorer window may open that displays the contents of the System32 folder.

This behavior also occurs if there is a String value that contains only a single quote character (") as the Value data in the following Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CAUSE
This behavior can occur if a null, incomplete, or damaged entry exists in the registry.
RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Use Registry Editor to view the following two Windows registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Verify that all the values in these keys do not contain any incorrect, incomplete, or null entries (such as "").
MORE INFORMATION
An incorrect entry in the following registry value has been confirmed to cause the behavior described above:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: ActiveMovie File Extensions
Value Type: REG_SZ
Value Data: ActMovie.exe /Check
If the value data for this entry is null or appears in Registry Editor as quotation marks, you may experience the problem described above. To correct the problem, change the value data to match the entry above or delete the ActiveMovie File Extensions value.

This behavior can also occur if the Reminder value that has "" next to it is in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run

You can resolve this behavior by deleting the Remainder value.

If you are uncertain whether an entry is incorrect or incomplete, you may want to delete all entries other than the default Windows entry. The following entry to run the System Tray is the only required Windows default entry:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: SystemTray
Value Type: REG_SZ
Value Data: SysTray.exe

This thread is now locked and can not be replied to.

What is Google Allo? What is Google Duo? Google Allo UK release date rumours and features: Google…

1995-2015: How technology has changed the world in 20 years

These clever designs help visualise a complex intelligence tool

iOS 10 troubleshooting tips: Simple fixes for the most common iOS 10 problems, from network…