Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32 Window won't go away


  • Please log in to reply
41 replies to this topic

#1 kamerlet

kamerlet

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 06 August 2009 - 06:55 PM

My desktop computer is an old HP Pavillion running XP. Everytime I boot up the System32 window opens on my desktop. It doesn't keep the computer from working properly; it's just annoying to always have to X it out. Is there way I can keep this from happening?

Thanks!
If Jimmy cracks corn and nobody cares, why did they write a song about him?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 AM

Posted 06 August 2009 - 07:04 PM

Try the fix at Kelly's Korner.

System32 Folder Opens Upon Boot - #260 on the right.

Right click on it and save the .vbs file to your desktop. Then, double click on the file icon (on your desktop) to run the script. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 kamerlet

kamerlet
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 06 August 2009 - 07:19 PM

Good Day Budapest!

Thanks for the info. Can you direct me a little more on the ERUNT page. I'm not sure where to click. Server 1, 2...
If Jimmy cracks corn and nobody cares, why did they write a song about him?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 AM

Posted 06 August 2009 - 07:25 PM

It doesn't matter which one you use. They are just different download locations where you can download the file from. But it's the same file regardless of which one you pick.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 kamerlet

kamerlet
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 06 August 2009 - 07:31 PM

ok. gottcha.
If Jimmy cracks corn and nobody cares, why did they write a song about him?

#6 kamerlet

kamerlet
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 06 August 2009 - 07:47 PM

I ran it and it says

The script can not repair your issue. The expected Registry value was not found.
If Jimmy cracks corn and nobody cares, why did they write a song about him?

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 AM

Posted 06 August 2009 - 10:12 PM

Try this:

http://support.microsoft.com/kb/170086
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:19 PM

Posted 07 August 2009 - 03:55 AM

If you feel confused how to go through your registry, just run the attached file. It would generate c:\registry_start.txt. Copy/paste its contents here and we will tell you how and which entry is to be deleted in your registry.

#9 joseibarra

joseibarra

  • Members
  • 1,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:19 PM

Posted 07 August 2009 - 05:49 AM

XP wants to run some programs when your system starts and when you login and if it can't figure it out because the registry contains an invalid parameter (usually double quotes ""), Windows will politely offer you the Explorer window for you to find it.

After backing up your registry, read the Resolution section of the Microsoft article - that says it best.

Navigate to those two places - the HKLM is for when the machine starts, and the HKCU is for when somebody logs in. Check them both.

With the Run key highlighted on the left, look at the Data column on the right for missing, incomplete, corrupt or "" (double quotes). These are wrong and the entire key should be deleted.

Pay attention to the Name column to see if it is some program you need that might need to be reinstalled. It may be something you uninstalled before this started happening. Anything look familiar?

If you are not sure, post the info about the contents of the Run folder here for analysis.

I am just not sure how Kelly's #260 is going to fix this (in spite of the title) or the zip file download. Maybe Budapest and Romeo29 can look at those and double check and enlighten me.

A bogus Run entry could also have been created by malware so a good malware scan won't hurt:

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#10 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:19 PM

Posted 07 August 2009 - 08:11 AM

I am just not sure how Kelly's #260 is going to fix this (in spite of the title) or the zip file download. Maybe Budapest and Romeo29 can look at those and double check and enlighten me.


The zip file I attached has a program which dumps all registry entries of HKLM > RUN and HKCU > RUN keys into a text file. If you run it ad paste the result here, we can see which entry is faulty and then we can tell which registry entry is to be deleted. It is safer than to trying to edit Registry by oneself. I could have written the program to auto-repair but then the faulty key may have a value single quote, empty double quote or just any incomplete command line. This is why I thought it is better to review the registry values manually and then decide which of them are faulty and need to be removed.

Kelly's #260 is useless as it looks for only a specific entry in Registry - a long shot.

#11 joseibarra

joseibarra

  • Members
  • 1,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:19 PM

Posted 07 August 2009 - 10:14 AM

Oh, I see, yeah - good idea. I did not read :thumbsup: .

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#12 kamerlet

kamerlet
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 07 August 2009 - 10:34 AM

Good Morning everyone

Thank you all for your input. I freely admit this is way new territory for me so I'm moving slowly. I must of read the Microsoft page 10 times and just didn't really get it.

I opted to download the reg_start zip and run it. I'm hoping this is what it was supposed to provide. Let me know if I did this right.

Thanks again.



[HKLM ---> Run]hpsysdrv ==> [c:\windows\system\hpsysdrv.exe]KBD ==> [C:\HP\KBD\KBD.EXE]Recguard ==> [C:\WINDOWS\SMINST\RECGUARD.EXE]NvCplDaemon ==> [RUNDLL32.EXE NvQTwk,NvCplDaemon initialize]IgfxTray ==> [C:\WINDOWS\System32\igfxtray.exe]HotKeysCmds ==> [C:\WINDOWS\System32\hkcmd.exe]S3TRAY2 ==> [S3tray2.exe]PS2 ==> [C:\WINDOWS\system32\ps2.exe]DXM6Patch_981116 ==> [C:\WINDOWS\p_981116.exe /Q:A]Messenger Plus ==> [ ]DeadAIM ==> [rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs]JDJTFPVBH ==> [C:\WINDOWS\JDJTFPVBH.exe]e ==> [C:\WINDOWS\System32\eimgvo.exe] ==> [c:\WINDOWS\System32\]QuickTime Task ==> ["C:\Program Files\QuickTime\qttask.exe" -atboottime]PrimaLauncher ==> [C:\WINDOWS\system32\Launcher.exe]EPSON Stylus CX4800 Series ==> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"]HostManager ==> [C:\Program Files\Common Files\AOL\1183654668\ee\AOLSoftware.exe]iTunesHelper ==> ["C:\Program Files\iTunes\iTunesHelper.exe"]LELA ==> ["C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized]nmctxth ==> ["C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"]WebEx Document Loader ==> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P21 "WebEx Document Loader" /O26 "WebEx Document Loader Port" /M "Stylus CX4800"]mcagent_exe ==> ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey]SunJavaUpdateSched ==> ["C:\Program Files\Java\jre6\bin\jusched.exe"]TkBellExe ==> ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot]Adobe Reader Speed Launcher ==> ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"][HKCU ---> Run]Microsoft Works Update Detection ==> [c:\Program Files\Microsoft Works\WkDetect.exe]Yahoo! Pager ==> [C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet] ==> [c:\WINDOWS\System32\]ctfmon.exe ==> [C:\WINDOWS\system32\ctfmon.exe]Aim6 ==> []swg ==> [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]
If Jimmy cracks corn and nobody cares, why did they write a song about him?

#13 joseibarra

joseibarra

  • Members
  • 1,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:19 PM

Posted 07 August 2009 - 11:08 AM

Don't sweat the learning process!

Did you run MBAM and SAS yet? You really should, THEN see what we got.

Your output is curious to I will see what the experts have to say.

I think it's just a scratch. Run the scans ASAP so we will know what it is not.


FYE - here is my results of the reg_start.exe:

[HKLM ---> Run]
SoundMAXPnP ==> [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]

[HKCU ---> Run]


I run lean... :thumbsup:

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#14 kamerlet

kamerlet
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:19 PM

Posted 07 August 2009 - 11:17 AM

I ran MBAM. But I can run them again. Should I run them in Safe Mode?
If Jimmy cracks corn and nobody cares, why did they write a song about him?

#15 joseibarra

joseibarra

  • Members
  • 1,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:19 PM

Posted 07 August 2009 - 12:08 PM

From the MBAM page:

Quick scan in Normal Mode, that is the best for detection rates.

For best scan results, clean out temporary folders.
--------------------
Marcin Kleczynski
Posts: 3,663
Malwarebytes President and CEO



I always do a full scan with MBAM in Normal Mode. How can full hurt (except it takes longer).

SAS page seems to recommend Safe Mode as the first place to start. Can't get a CEO quote though.

If someone has a more definitive answer, I will be glad to hear and adjust.

Removing malware sometimes leave little things behind - I think this is you.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users