F
Frank
System 32 folder opens at start up, how can I stop this
and why is it happening?
and why is it happening?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
-----Original Message-----
System 32 folder opens at start up, how can I stop this
and why is it happening?
.
spyware or virus creates the entry
go to msconfig startup and find the entry then go to its
actual location and delete it.
update virus definitions and run a full system scan
download and run spybot ,security.kolla.de
R
Rick \Nutcase\ Rogers
Hi Frank,
Please see:
System32 Folder Opens When Logging on to Windows
http://support.microsoft.com/?kbid=170086
Also, start/run msconfig, and see if there is a line that loads /L:ENG. If
so, disable it. It comes from a SoundBlaster Audigy driver, but should not
affect that hardware. You can also repair the registry entry if you like by
removing the leading space in the string that loads it.
However, it can also be caused by other incorrectly built registry strings.
Could you please export and post the contents of these keys in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
To do this, start/run regedit, expand the branches to each key (do this one
at a time). Click on the key, then on file/export. Give it any name, then
save to the desktop. Once you have saved both keys, close the registry
editor. Right-click one of the saved files on the desktop, choose edit, it
should open in notepad. Click edit/select all/edit/copy. Open a response to
this post and click in the message text area. Hit ctrl+v to paste the
contents. Repeat for the other saved key, then send the post for
examination.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
Please see:
System32 Folder Opens When Logging on to Windows
http://support.microsoft.com/?kbid=170086
Also, start/run msconfig, and see if there is a line that loads /L:ENG. If
so, disable it. It comes from a SoundBlaster Audigy driver, but should not
affect that hardware. You can also repair the registry entry if you like by
removing the leading space in the string that loads it.
However, it can also be caused by other incorrectly built registry strings.
Could you please export and post the contents of these keys in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
To do this, start/run regedit, expand the branches to each key (do this one
at a time). Click on the key, then on file/export. Give it any name, then
save to the desktop. Once you have saved both keys, close the registry
editor. Right-click one of the saved files on the desktop, choose edit, it
should open in notepad. Click edit/select all/edit/copy. Open a response to
this post and click in the message text area. Hit ctrl+v to paste the
contents. Repeat for the other saved key, then send the post for
examination.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
G
Guest
Rick,
I have been following the other discussions about this problem. Can't identify whether the values in my HKLM /. . ./Run and HKCU/. . ./Run keys are errant or not. Nothing leaps out at me, and I don't want to create worse problems by playing around with the registry when I don't really know what I'm looking for!
I noticed that you kindly offered to look over the contents of their keys. Could you do the same for me? Here are the contents, copied as per your instructions:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CARPService"="carpserv.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KAZAA"="C:\\Documents and Settings\\Isabelle\\My Documents\\Other docs\\kazaa.exe /SYSTRAY"
"OmniPage"="C:\\Program Files\\Caere\\OmniPagePro90\\opware32.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RunDLL"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"WinFavorites"="c:\\program files\\winfavorites\\WinFavorites.exe1"
"oclaecrc"="C:\\WINDOWS\\xavxltky.exe"
"nvid"="C:\\WINDOWS\\System32\\oasgzbqj.exe"
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
"systray"="C:\\WINDOWS\\System32\\a.exe"
"pvsetupd"="C:\\WINDOWS\\System32\\pvsetupd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
and:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
I should be grateful if you could identify any entries I need to edit.
Thanks,
I have been following the other discussions about this problem. Can't identify whether the values in my HKLM /. . ./Run and HKCU/. . ./Run keys are errant or not. Nothing leaps out at me, and I don't want to create worse problems by playing around with the registry when I don't really know what I'm looking for!
I noticed that you kindly offered to look over the contents of their keys. Could you do the same for me? Here are the contents, copied as per your instructions:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CARPService"="carpserv.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KAZAA"="C:\\Documents and Settings\\Isabelle\\My Documents\\Other docs\\kazaa.exe /SYSTRAY"
"OmniPage"="C:\\Program Files\\Caere\\OmniPagePro90\\opware32.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RunDLL"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"WinFavorites"="c:\\program files\\winfavorites\\WinFavorites.exe1"
"oclaecrc"="C:\\WINDOWS\\xavxltky.exe"
"nvid"="C:\\WINDOWS\\System32\\oasgzbqj.exe"
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
"systray"="C:\\WINDOWS\\System32\\a.exe"
"pvsetupd"="C:\\WINDOWS\\System32\\pvsetupd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
and:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
I should be grateful if you could identify any entries I need to edit.
Thanks,
R
Rick \Nutcase\ Rogers
Hi gerontius,
Trojans:
Boot to safe mode, delete these strings and the files they refer to.
Crapware:
Try something like adaware (www.lavasoft.de) to remove these parasites.
These should be disabled from the startup tab of msconfig.
When the cleanup is completed, start/run msconfig. Put the system in
diagnostic mode and boot normally. If all goes well, the system32 folder
should not show at logon. If it does, it means you missed something. Put
your self back in normal startup mode and reboot once more to be sure (you
may also find that the system loads faster now).
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
are errant or not. Nothing leaps out at me, and I don't want to create worse
problems by playing around with the registry when I don't really know what
I'm looking for!
instructions:
3, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
3, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
Trojans:
"oclaecrc"="C:\\WINDOWS\\xavxltky.exe"
"nvid"="C:\\WINDOWS\\System32\\oasgzbqj.exe"
"pvsetupd"="C:\\WINDOWS\\System32\\pvsetupd.exe"
Boot to safe mode, delete these strings and the files they refer to.
Crapware:
See: http://www.pestpatrol.com/PestInfo/h/ht_patch.asp"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"RunDLL"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"WinFavorites"="c:\\program files\\winfavorites\\WinFavorites.exe1"
"systray"="C:\\WINDOWS\\System32\\a.exe"
Try something like adaware (www.lavasoft.de) to remove these parasites.
Files\\QuickTime\\qttask.exe\" -atboottime""QuickTime Task"="\"C:\\Program
Files\\Real\\Update_OB\\realsched.exe\" -osboot""KAZAA"="C:\\Documents and Settings\\Isabelle\\My Documents\\Other docs\\kazaa.exe /SYSTRAY"
"TkBellExe"="\"C:\\Program Files\\Common
These should be disabled from the startup tab of msconfig.
When the cleanup is completed, start/run msconfig. Put the system in
diagnostic mode and boot normally. If all goes well, the system32 folder
should not show at logon. If it does, it means you missed something. Put
your self back in normal startup mode and reboot once more to be sure (you
may also find that the system loads faster now).
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
identify whether the values in my HKLM /. . ./Run and HKCU/. . ./Run keysgerontius said:Rick,
I have been following the other discussions about this problem. Can't
are errant or not. Nothing leaps out at me, and I don't want to create worse
problems by playing around with the registry when I don't really know what
I'm looking for!
Could you do the same for me? Here are the contents, copied as per yourI noticed that you kindly offered to look over the contents of their keys.
instructions:
Files\\QuickTime\\qttask.exe\" -atboottime"Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CARPService"="carpserv.exe"
"QuickTime Task"="\"C:\\Program
Files\\Real\\Update_OB\\realsched.exe\" -osboot""KAZAA"="C:\\Documents and Settings\\Isabelle\\My Documents\\Other docs\\kazaa.exe /SYSTRAY"
"OmniPage"="C:\\Program Files\\Caere\\OmniPagePro90\\opware32.exe"
"TkBellExe"="\"C:\\Program Files\\Common
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,5"RunDLL"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"WinFavorites"="c:\\program files\\winfavorites\\WinFavorites.exe1"
"oclaecrc"="C:\\WINDOWS\\xavxltky.exe"
"nvid"="C:\\WINDOWS\\System32\\oasgzbqj.exe"
3, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,5"systray"="C:\\WINDOWS\\System32\\a.exe"
"pvsetupd"="C:\\WINDOWS\\System32\\pvsetupd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo
mponents\IMAIL][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo"Installed"="1"
mponents\MAPI][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo"Installed"="1"
"NoChange"="1"
mponents\MSFS]
"Installed"="1"
and:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
3, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
G
Guest
Cheers, Rick. All done and problem fixed
R
Rick \Nutcase\ Rogers
Excellent, glad to have helped.
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
--
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!
Associate Expert - WinXP - Expert Zone
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.