Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows XP / Security and Administration / August 2005

Tip: Looking for answers? Try searching our database.

C:\WINDOWS\System32

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
sccola - 25 Aug 2005 19:35 GMT
"C:\WINDOWS\System32" pops up everytime I start my computer.  I have run
Spybot S&D and installed Microsoft's antispyware.  HELP!!!

Thank you in advance.
Reply to this Message
Notan - 25 Aug 2005 19:42 GMT
> "C:\WINDOWS\System32" pops up everytime I start my computer.  I have run
> Spybot S&D and installed Microsoft's antispyware.  HELP!!!

http://support.microsoft.com/?kbid=170086

Notan
Reply to this Message
Wesley Vogel - 25 Aug 2005 23:01 GMT
System32 Folder Opens When Logging on to Windows XP
http://support.microsoft.com/?kbid=170086

For an automated Edit go here:
http://www.kellys-korner-xp.com/xp_tweaks.htm

Read the instructions at the top of the page.
Scroll down to:
260. Right hand side.
System32 Folder Opens Upon Boot

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> "C:\WINDOWS\System32" pops up everytime I start my computer.  I have run
> Spybot S&D and installed Microsoft's antispyware.  HELP!!!
>
> Thank you in advance.
Reply to this Message
sccola - 26 Aug 2005 19:59 GMT
I tried the aoutomatic fix, and got this message "this script cannot repair
your issue. The expected Registry value was not found."

I am too initmidated to try the manual fix, after reading all the warnings
about screwing up my system.

Anymore suggestions?

Thank you in advance.

sccola

> System32 Folder Opens When Logging on to Windows XP
> http://support.microsoft.com/?kbid=170086
[quoted text clipped - 11 lines]
> >
> > Thank you in advance.
Reply to this Message
Wesley Vogel - 27 Aug 2005 00:01 GMT
sccola,

xp_system32opens.vbs is looking for the value SB Audigy 2 Startup Menu
in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Since the script didn't find SB Audigy 2 Startup Menu, you received,
"This script cannot repair your issue. The expected Registry value was not
found."

This fix, obviously, doesn't fix everything related to System32 Folder Opens
When...

Go here and read the instructions...
System32 Folder Opens When Logging on to Windows XP
http://support.microsoft.com/?kbid=170086

Open the Registry Editor...
Start | Run | Type:    regedit   | Click OK |
Navigate to >>>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Right click on the Run folder and select Export.
An Export Registry File window will popup.
Click Desktop in the left hand pane.
Type HKCU in the File name box.
Click the V in the Save as type box and select Text Files (*.txt).
Click the Save button.
A file named HKCU.txt will appear on your Desktop.

Navigate to >>>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Right click on the Run folder and select Export.
An Export Registry File window will popup.
Click Desktop in the left hand pane.
Type HKLM in the File name box.
Click the V in the Save as type box and select Text Files (*.txt).
Click the Save button.
A file named HKLM.txt will appear on your Desktop.

Close the Registry Editor.

Copy and paste all the text from HKCU.txt and HKLM.txt into a message and
post back.  Someone will help you find the goofy entry causing the problem.

You will see something simalar too this...
Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Class Name:        <NO CLASS>
Last Write Time:   7/7/2005 - 11:29 PM
Value 0
 Name:            My Indexdat Killer
 Type:            REG_SZ
 Data:            C:\run.bat

Value 1
 Name:            AVG7_CC
 Type:            REG_SZ
 Data:            C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

Value 2
 Name:            Mygetridofstuff
 Type:            REG_SZ
 Data:            C:\Mygetridofstuff.bat
-----

I only included a couple of entries.

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> I tried the aoutomatic fix, and got this message "this script cannot
> repair your issue. The expected Registry value was not found."
[quoted text clipped - 29 lines]
>>>
>>> Thank you in advance.
Reply to this Message
shane_ishga - 28 Aug 2005 08:27 GMT
i did much the same thing 'here' (http://tinyurl.com/b4xvc)  and nobody
can help me :confused:

Signature

shane_ishga

Reply to this Message
shane_ishga - 28 Aug 2005 08:27 GMT
can you help me

--
shane_ishga
Reply to this Message
Wesley Vogel - 28 Aug 2005 18:06 GMT
shane_ishga,

Apparently you copied and pasted run2 twice instead of run1 and run2.  You
have two copies of what's in...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

There is nothing listed from ion your post...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Never the less, I do not see anything that should be causing the System32
folder to open at boot.

However, you have some bad stuff.

time.exe seen here...
Value 9
Name: Time Sync
Type: REG_SZ
Data: C:\Program Files\Time Sync\time.exe

time.exe is something that you do not want to have.  It is a trojan.

Bleeping Computer - time.exe - File Information
http://www.bleepingcomputer.com/startups/time.exe-7262.html

Update your antivirus software and run a complete system scan.  Also update
and run scans with your antispyware programs.

I see that you have Microsoft AntiSpyware and AVG FREE 7.

Value 12
Name: WildTangent CDA

Did you install this on purpose?  Do you play games?  Wild Tangent is
considered scumware because of it's underhanded method of getting installed
on a users machine without their knowledge.  If you do not play games you do
not need Wild Tangent.  Uninstall it in Add or Remove Programs from the
Control Panel.  If you want to keep it, that's OK.

tsl2.exe is no good either.

Value 13
Name: Tsl2
Type: REG_SZ
Data: C:\PROGRA~1\COMMON~1\tsa\tsl2.exe

[[tsl2.exe is an advertising program by Travelling Salesman Spyware. This
process monitors your browsing habits and distributes the data back to the
author's servers for analysis. This also prompts advertising popups. This
program is a registered security risk and should be removed immediately. ]]

After you get rid of the crap, if you still have System32 folder opening on
startup, either post back with the contents of..
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
or try this.

What you're going to have to do is get rid of startup items one at a time
and keep rebooting until you find the offending entry.

Open the  System Configuration Utility...
Start | Run | Type:   msconfig    | Click OK |
Click the Startup tab.
UNCheck one item (Not AVG7_CC, this is your antivirus, leave this item
checked).
Click the Apply button.
Click the Close button.
You will see this message...

[[You must restart your computer for some of the changes made by
System Configuration to take effect.]]

Click the Restart button.
Your machine will then reboot.

After your machine reboots, you will get the MSCONFIG Reminder Message...

[[You have used the System Configuration Utility to change the way Windows
starts.
The System Configuration Utility is currently in Diagnostic or Selective
Startup mode, causing this message to be displayed and the utility to run
every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally
and undo the changes you made using the System Configuration Utility.]]

Check: "Don't show this message or launch the System Configuration Utility
when Windows starts" and click OK.

If System32 folder opened...

Start | Run | Type:   msconfig    | Click OK |
Click the Startup tab.
UNCheck another item.
Click the Apply button.
Click the Close button.
You will see the Restart message again.
Click the Restart button.
Your machine will then reboot.

You'll have to keep doing this until the guilty item is found.  Since you
have a boatload of startup items, this will take a while.

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> can you help me?
>
> --
> shane_ishga
Reply to this Message
shane_ishga - 29 Aug 2005 06:48 GMT
thank you soo much
i got rid of those things and found my system32 problem
it was a invalid regkey i think it looked like this - /r and that was
its comand directory aswell

Signature

shane_ishga

Reply to this Message
shane_ishga - 29 Aug 2005 10:47 GMT
hey i cant get rid of that wildtanget
it just wont uninstall

and i removed tsl2 from startup but the rest i dunno

Value 12
Name: WildTangent CDA

Did you install this on purpose?  Do you play games?  Wild Tangent is
considered scumware because of it's underhanded method of gettin
installed
on a users machine without their knowledge.  If you do not play game
you do
not need Wild Tangent.  Uninstall it in Add or Remove Programs fro
the
Control Panel.  If you want to keep it, that's OK.

tsl2.exe is no good either.

Value 13
Name: Tsl2
Type: REG_SZ
Data: C:\PROGRA~1\COMMON~1\tsa\tsl2.exe

[[tsl2.exe is an advertising program by Travelling Salesman Spyware
This
process monitors your browsing habits and distributes the data back t
the
author's servers for analysis. This also prompts advertising popups
This
program is a registered security risk and should be remove
immediately. ]

--
shane_ishga
Reply to this Message
Wesley Vogel - 29 Aug 2005 16:30 GMT
Instructions here...
WildTangent Removal
http://www.iamnotageek.com/a/245-p1.php

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> hey i cant get rid of that wildtanget
> it just wont uninstall
[quoted text clipped - 31 lines]
> --
> shane_ishga
Reply to this Message
shane_ishga - 30 Aug 2005 11:50 GMT
thankyou
that worke

--
shane_ishga
Reply to this Message
Wesley Vogel - 30 Aug 2005 15:30 GMT
Glad to hear it.  Keep having fun.  :-)

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> thankyou
> that worked
>
> --
> shane_ishga
Reply to this Message
Wesley Vogel - 28 Aug 2005 19:10 GMT
sccola,

This message?
[[This script cannot repair your issue. The expected Registry value was not
found.]]

The script looks for SB Audigy 2 Startup Menu value in
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This is a real common problem with Dell machines that have an OEM version of
the Sound Blaster Audigy 2 sound card.  But it isn't the only thing that
causes the System32 folder to open at startup.

Look at this...
System32 Folder Opens When Logging on to Windows XP
http://support.microsoft.com/?kbid=170086

If you aren't sure about what's goofy, open the Registry Editor...
Start | run | Type:      regedit       | Click OK |
Navigate to >>>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Right click on the Run folder | Click Export | Select Desktop | For file
name Run1 | For Save as type select Text File | Click the Save button

Navigate to >>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Right click on the Run folder | Click Export | Select Desktop | For file
name Run2 | For Save as type select Text File | Click the Save button

Go to the Desktop and open both Run1.txt and Run2.txt, copy everything and
paste it into a message and post back.

Signature

Hope this helps.  Let us know.

Wes
MS-MVP Windows Shell/User

> I tried the aoutomatic fix, and got this message "this script cannot
> repair your issue. The expected Registry value was not found."
[quoted text clipped - 29 lines]
>>>
>>> Thank you in advance.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.