System 32 Window

My mcafee virus scan found a PUP called PrcViewer which it could not delete. I quarantined it and from quarantine folder, I deleted it. Now upon startup, my System 32 window comes up.

Would appreciate any help in fixing.

See if this helps:
http://support.microsoft.com/?kbid=170086

Welcome to BC Cajun

If tg1911's instructions do not work, Click Here to open a Kelly's Korner vbs script . Download a small .vbs file to your desktop.

Once it's downloaded, run it according to the directions at the top of the Kelly's Korner page.

Let me know what happens

David

I think this page is the one that David is referring to.

Welcome to BC Cajun.

Ooops..thanks Leurgy
David

Thank you, everyone, for the welcome and the suggestions. I am thrilled that Davids' vbs file did indeed fix my problem.

tg1911, thank you for your link. (Love your coat-of-arms). I have to admit that reading about editing the registry not only scares the $#!@ out of me, it makes my brain get fuzzy. Sometimes I know just enough to get myself in trouble.

Any ideas on where I may have picked up PrcViewer? Could it be the Dell Support stuff? Is it malicious or legit?

Anyway, thanks for the solution!

Great, glad it worked for you

'PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc. '

I'm sure it's legit. Does this help?

David

Thanks David. I just don't know how I picked it up and mcafee couldn't delete it. when I quarantined it and then deleted it, it created my System 32 window problem. if it was legitimately bundled with Dell Support or something else, I would have left it alone to begin with.

Might you be thinking of prcview.exe? That's completely different to the prcview program....
David

David,
McAfee identifies it as a PUP ... PrcViewer. It showed up in Documents and Settings yesterday and I quarantined it.
Today it is showing up as

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008038.exe

and

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008039.exe

I just wish I knew if is legitimately bundled with something. I have uninstalled the Dell Support software thinking it might have been with them. I rebooted, ran virus scan and the above showed up. Don't know if I should quarantine, try to delete or leave alone.

Note: I just noticed The two files in quarantine that PrcViewer is associated with are smitrem.exe and process.exe. I had downloaded smitRem exe. as a fix for removing winhound. It is still on my desktop.

I'm dizzy.

Here is information or the to .exe files you were wondering about.

Process.exe

smitrem.exe

ackan is on the right track there however the process.exe that is bundled in smitrem is not a malicious file but rather part of the smitrem removal tool. It also gives false positives with Kapersky AV and A-Squared Trojan Remover, and perhaps other anti malware programs but those are the only two I'm aware of. There is also a pv.exe included in smitrem.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008038.exe

This is part of your XP System Restore. You can remove both those entries by turning off and re-enabling System Restore. This will delete those restore points and create a new (hopefully) clean one. See Windows XP System Restore Guide