system 32 folder opens on boot - help

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

can anyone help
i have found the following in the registery and believe that the last 5 or six rows are causing my problem
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\StartEAK.exe"
"ATIModeChange"="Ati2mdxx.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"rbenh ml710e"="\"C:\\Program Files\\RBEnhance\\rbenh.exe\""
"sncntr"="c:\\windows\\system32\\sncntr.exe /nocomm"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"Winhost"="C:\\WINDOWS\\winh.exe"
"nvid"="C:\\WINDOWS\\System32\\uqtwdaic.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"CTFMON.EXE"="C:\\WINDOWS\\ctfmon.exe ."
"The site you have requested doesn't ex"="c:\\WINDOWS\\System32\\The site you have requested doesn't exist."
"The associated domain name has probably been reserved by a client "="c:\\WINDOWS\\System32\\The associated domain name has probably been reserved by a client from"
"<H"="c:\\WINDOWS\\System32\\<HEAD>"
"<B"="c:\\WINDOWS\\System32\\<BODY>"
"</H"="c:\\WINDOWS\\System32\\</HEAD>"
"</B"="c:\\WINDOWS\\System32\\</BODY>"
" <TITLE>Error</TI"="c:\\WINDOWS\\System32\\ <TITLE>Error</TITLE>"
 
You have more than one problem here.

Get rid of the scumware and possible virus and then worry about the system32
folder!!!

"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
wupdater.exe is Scumware!!

KeenValue\keenware\wupdater.exe
http://www.safersite.com/pestinfo/k/keenvalue.asp

Wupdater.exe
http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm

-------------
rbenh.exe
RapidBlaster
http://www.pestpatrol.com/PestInfo/r/rapidblaster.asp

RapidBlaster
http://www.doxdesk.com/parasite/RapidBlaster.html

-------------------
sncntr.exe
TrojanDownloader.Win32.Dluca
http://www.pestpatrol.com/pestinfo/t/trojandownloader_win32_dluca.asp

-----------------
You probably want to get of this.

cmesys - cmesys.exe - Process Information
Process File: cmesys or cmesys.exe
Process Name: Gator GAIN Adware
Description: Gator GAIN, adware that is installed by certain free software
and is advertising spyware that runs in the background and displays
advertisements.
Company: ThiefWare.com
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes

------------------------
winh.exe
LolaWeb.winhost - Trojan horse removal instructions
http://www.kephyr.com/spywarescanner/library/lolaweb.winhost/index.phtml

----------------------
uqtwdaic.exe could be a virus or scumware.
UPDATE your Norton anti virus software and run a full system scan!!!

----------------------------
ctfmon.exe doesn't need to run.

To prevent Ctfmon.exe from running, follow these steps.
OFFXP: What Is CTFMON and What Does It Do?
http://support.microsoft.com/default.aspx?scid=kb;en-us;282599

HOW TO: Turn Off the Speech Recognition and Handwriting Recognition Features
in Office 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;823586

HOW TO: Turn Off the Speech Recognition and Handwriting Recognition Features
in Office XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;326526

====================

First. Make sure of these settings and nothing will install without you
answering YES. (Except what may install as part of some other software.)
Don't click YES if you don't know/trust the source.

Start | Settings | Control Panel | Internet Options | Advanced tab |
Make sure both of these are NOT checked.

 Enable Install On Demand (Internet Explorer)
[[Specifies to automatically download and install Internet Explorer
components if a Web page needs them in order to display the page properly or
perform a particular task.]]

 Enable Install On Demand (Other)
[[Specifies to automatically download and install Web components if a Web
page needs them in order to display the page properly or perform a
particular task.]]

Apply | OK

 Enable Install On Demand (Other)
Is part of the driveby downloading of unwanted programs. i.e. Scumware or
whatever will install w/o you even being aware of it.
=================================

Second. If you need a scan right now.

Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

======================

Third.
It is known as scumware. Visit these sites. 1, 2, 3 and 4 are really good.
Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates.

1) CWShredder direct download:
http://216.180.233.163/~merijn/files/CWShredder.exe

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (some other stuff that may be of interest also)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware
http://www.lavasoft.de/support/download/

===============

Problems uninstalling? Here's some advice.
http://www.kephyr.com/spywarescanner/uninstallproblems.phtml

Additional information & instructions.
A wealth of information here, boys and girls.

THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.htm

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Bugs, Glitches & Stuffups
http://www.mvps.org/inetexplorer/Darnit.htm

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315#appliesto

Spyware and Deceptive Software
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx?gssnb=1

What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp

Cleaning Up XP
http://www.kellys-korner-xp.com/xp_c.htm#cleanup

--
Hope this helps. Let us know.
Wes

In
roy said:
can anyone help
i have found the following in the registery and believe that the last
5 or six rows are causing my problem
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button
Support\\StartEAK.exe" "ATIModeChange"="Ati2mdxx.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator
5\\DirectCD\\DirectCD.exe\"" "rbenh ml710e"="\"C:\\Program
Files\\RBEnhance\\rbenh.exe\""
"sncntr"="c:\\windows\\system32\\sncntr.exe /nocomm"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"Winhost"="C:\\WINDOWS\\winh.exe"
"nvid"="C:\\WINDOWS\\System32\\uqtwdaic.exe" "ccApp"="\"C:\\Program
Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet
Security\\UrlLstCk.exe" "CTFMON.EXE"="C:\\WINDOWS\\ctfmon.exe ." "The
site you have requested doesn't ex"="c:\\WINDOWS\\System32\\The site
you have requested doesn't exist." "The associated domain name has
probably been reserved by a client "="c:\\WINDOWS\\System32\\The
associated domain name has probably been reserved by a client from"
"<H"="c:\\WINDOWS\\System32\\<HEAD>"
"<B"="c:\\WINDOWS\\System32\\<BODY>"
"</H"="c:\\WINDOWS\\System32\\</HEAD>"
"</B"="c:\\WINDOWS\\System32\\</BODY>" "
<TITLE>Error</TI"="c:\\WINDOWS\\System32\\ <TITLE>Error</TITLE>"
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows XP Regedit and taskmanager will not stay open 3
Windows XP Dell PC: c:\WINDOWS\system32\wavojami.dll not valid Windows image 2
Howzit!!! :) 2
Windows XP svchost.exe errors 1
'C:\Windows\System32' pops up when starting up 1
Windows XP Windows XP Malware, Please Help. 2
Anti-Spyware 2010 trojan that i cant budge! please help 3
Is this a lot to have running at one time? 7

Back
Top