System32 Folder

[Guest]

When I open Windows XP it opens the system 32 folder in explorer. I can see it happens to many others as well
I have downloaded and run help from KELLYS-KORNER but all I get is: "This script cannot repair your issue. The expected Registry value was not found
Please HELP (I'm not expert)
Migue
my e-mail: (e-mail address removed)

 

[Bruce Chambers]

Greetings --

This can be caused by a blank entry, such as can be left behind by
an incomplete program removal, in the
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and/or
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run keys.

System32 Folder Opens When Logging on to Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;170086


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

When I open Windows XP it opens the system 32 folder in explorer. I

can see it happens to many others as well.

I have downloaded and run help from KELLYS-KORNER but all I get is:

"This script cannot repair your issue. The expected Registry value was
not found"

 

[Rick \Nutcase\ Rogers]

Hi Miguel,

Please see:

System32 Folder Opens When Logging on to Windows
http://support.microsoft.com/?kbid=170086

Also, start/run msconfig, and see if there is a line that loads /L:ENG. If
so, disable it. It comes from a SoundBlaster Audigy driver, but should not
affect that hardware. You can also repair the registry entry if you like by
removing the leading space in the string that loads it.

However, it can also be caused by other incorrectly built registry strings.
Could you please export and post the contents of these keys in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

To do this, start/run regedit, expand the branches to each key (do this one
at a time). Click on the key, then on file/export. Give it any name, then
save to the desktop. Once you have saved both keys, close the registry
editor. Right-click one of the saved files on the desktop, choose edit, it
should open in notepad. Click edit/select all/edit/copy. Open a response to
this post and click in the message text area. Hit ctrl+v to paste the
contents. Repeat for the other saved key, then send the post for
examination.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

When I open Windows XP it opens the system 32 folder in explorer. I can

see it happens to many others as well.

I have downloaded and run help from KELLYS-KORNER but all I get is: "This

script cannot repair your issue. The expected Registry value was not found"

 

[Guest]

Hi Ric
Thanks for your hel
I didn't get nowhere with msconfi
Take a look at the keys in the registry and let me kno

Windows Registry Editor Version 5.0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /startmonitor
"<H"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,48,00,45,00,41, 00,44,00,3e,00,00,0
" <TITLE>Error</TI"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57, 00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,20,00, 20,00,3c,00,54,00,49,00,54,00,4c,00,45,00,3e,00,45,00,72,00,72,00,6f,00,72, 00,3c,00,2f,00,54,00,49,00,54,00,4c,00,45,00,3e,00,00,0
"</H"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,2f,00,48,00,54, 00,4d,00,4c,00,3e,00,00,0
"<B"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,42,00,4f,00,44, 00,59,00,3e,00,00,0
"The site you have requested doesn't ex"=hex(2):63,00,3a,00,5c,00,57,00,49,00, 4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33, 00,32,00,5c,00,54,00,68,00,65,00,20,00,73,00,69,00,74,00,65,00,20,00,79,00, 6f,00,75,00,20,00,68,00,61,00,76,00,65,00,20,00,72,00,65,00,71,00,75,00,65, 00,73,00,74,00,65,00,64,00,20,00,64,00,6f,00,65,00,73,00,6e,00,27,00,74,00, 20,00,65,00,78,00,69,00,73,00,74,00,2e,00,00,0
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,0
"The associated domain name has probably been reserved by a client "=hex(2):63, 00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00, 73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,54,00,68,00,65,00,20,00,61,00,73, 00,73,00,6f,00,63,00,69,00,61,00,74,00,65,00,64,00,20,00,64,00,6f,00,6d,00, 61,00,69,00,6e,00,20,00,6e,00,61,00,6d,00,65,00,20,00,68,00,61,00,73,00,20, 00,70,00,72,00,6f,00,62,00,61,00,62,00,6c,00,79,00,20,00,62,00,65,00,65,00, 6e,00,20,00,72,00,65,00,73,00,65,00,72,00,76,00,65,00,64,00,20,00,62,00,79, 00,20,00,61,00,20,00,63,00,6c,00,69,00,65,00,6e,00,74,00,20,00,66,00,72,00, 6f,00,6d,00,00,0
"<A HREF=\"http://www.gandi.net/\">GANDI</A> then par"=hex(2):63,00,3a,00,5c, 00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00, 65,00,6d,00,33,00,32,00,5c,00,3c,00,41,00,20,00,48,00,52,00,45,00,46,00,3d, 00,22,00,68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,2e,00, 67,00,61,00,6e,00,64,00,69,00,2e,00,6e,00,65,00,74,00,2f,00,22,00,3e,00,47, 00,41,00,4e,00,44,00,49,00,3c,00,2f,00,41,00,3e,00,20,00,74,00,68,00,65,00, 6e,00,20,00,70,00,61,00,72,00,6b,00,65,00,64,00,2e,00,00,0
"</B"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,2f,00,42,00,4f, 00,44,00,59,00,3e,00,00,0

AN

Windows Registry Editor Version 5.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe
"Imonitor"="\"C:\\Program Files\\McAfee\\QuickClean\\PlgUni.exe\" /START
"Adult_Chat"="C:\\WINDOWS\\Adult_Chat.exe -n
"RapidBlaster"="C:\\Program Files\\RapidBlaster\\rb32.exe
"Adut_Chat"="C:\\WINDOWS\\Adut_Chat.exe -n
"LesbianAction_gb"="c:\\program files\\comsoft\\dialers\\lesbianaction_gb\\lesbianaction_gb.exe /noconnect
"CallControl 4.5"="C:\\PROGRAM FILES\\FAXTALK COMMUNICATOR\\FTCtrl32.exe /autoload
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe
"blss"="C:\\Program Files\\blss\\blss.exe"
"ToPicks Starter"="C:\\Program Files\\ToPicks\\Bin\\Idhost.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Titanium\\APVXDWIN.EXE\" /s"
"<H"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,48,00,45,00,41, 00,44,00,3e,00,00,00
" <TITLE>Error</TI"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57, 00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,20,00, 20,00,3c,00,54,00,49,00,54,00,4c,00,45,00,3e,00,45,00,72,00,72,00,6f,00,72, 00,3c,00,2f,00,54,00,49,00,54,00,4c,00,45,00,3e,00,00,00
"</H"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,2f,00,48,00,54, 00,4d,00,4c,00,3e,00,00,00
"<B"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,42,00,4f,00,44, 00,59,00,3e,00,00,00
"The site you have requested doesn't ex"=hex(2):63,00,3a,00,5c,00,57,00,49,00, 4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33, 00,32,00,5c,00,54,00,68,00,65,00,20,00,73,00,69,00,74,00,65,00,20,00,79,00, 6f,00,75,00,20,00,68,00,61,00,76,00,65,00,20,00,72,00,65,00,71,00,75,00,65, 00,73,00,74,00,65,00,64,00,20,00,64,00,6f,00,65,00,73,00,6e,00,27,00,74,00, 20,00,65,00,78,00,69,00,73,00,74,00,2e,00,00,00
@=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53, 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,00,00
"The associated domain name has probably been reserved by a client "=hex(2):63, 00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00, 73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,54,00,68,00,65,00,20,00,61,00,73, 00,73,00,6f,00,63,00,69,00,61,00,74,00,65,00,64,00,20,00,64,00,6f,00,6d,00, 61,00,69,00,6e,00,20,00,6e,00,61,00,6d,00,65,00,20,00,68,00,61,00,73,00,20, 00,70,00,72,00,6f,00,62,00,61,00,62,00,6c,00,79,00,20,00,62,00,65,00,65,00, 6e,00,20,00,72,00,65,00,73,00,65,00,72,00,76,00,65,00,64,00,20,00,62,00,79, 00,20,00,61,00,20,00,63,00,6c,00,69,00,65,00,6e,00,74,00,20,00,66,00,72,00, 6f,00,6d,00,00,00
"<A HREF=\"http://www.gandi.net/\">GANDI</A> then par"=hex(2):63,00,3a,00,5c, 00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00, 65,00,6d,00,33,00,32,00,5c,00,3c,00,41,00,20,00,48,00,52,00,45,00,46,00,3d, 00,22,00,68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,2e,00, 67,00,61,00,6e,00,64,00,69,00,2e,00,6e,00,65,00,74,00,2f,00,22,00,3e,00,47, 00,41,00,4e,00,44,00,49,00,3c,00,2f,00,41,00,3e,00,20,00,74,00,68,00,65,00, 6e,00,20,00,70,00,61,00,72,00,6b,00,65,00,64,00,2e,00,00,00
"</B"=hex(2):63,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00, 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,3c,00,2f,00,42,00,4f, 00,44,00,59,00,3e,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


Thanks very much

Miguel

 

[Rick \Nutcase\ Rogers]

Hi Miguel,

Looks like this issue is being caused by spyware installed on the system.
Let's look at these:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adult_Chat"="C:\\WINDOWS\\Adult_Chat.exe -n"

Pretty obvious what this is from the name, this is a dialer program that
installed itself while someone was surfing through some less than honorable
sites, this can help:
http://www.pestpatrol.com/PestInfo/a/adult_chat_dialer.asp

"RapidBlaster"="C:\\Program Files\\RapidBlaster\\rb32.exe"

Another bit of spyware, see:
http://www.doxdesk.com/parasite/RapidBlaster.html

"Adut_Chat"="C:\\WINDOWS\\Adut_Chat.exe -n"

Same problem as above.

"LesbianAction_gb"="c:\\program

files\\comsoft\\dialers\\lesbianaction_gb\\lesbianaction_gb.exe /noconnect"

Um, the name speaks for itself, another dialer program.

"New.net Startup"="rundll32

C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"

Control Panel/Add & Remove, uninstall newdotnet. See this link for full
removal steps:
http://www.newdotnet.com/#remove

"blss"="C:\\Program Files\\blss\\blss.exe"

Another dialer program.

"ToPicks Starter"="C:\\Program Files\\ToPicks\\Bin\\Idhost.exe"

BHO parasite, a toolbar that is crapping up the place, see:
http://www.doxdesk.com/parasite/TOPicks.html

Use the following to help remove this garbage:

Adaware www.lavasoft.de
Spybot www.safer-networking.org

This one can help you avoid these programs from being installed in the first
place:
Spyware Blaster: www.javacoolsoftware.com/spywareblaster.html

When removal is complete, if the folder is still opening at startup/logon,
then start/run msconfig. On the general tab click on diagnostic mode. Click
apply/ok and reboot. Reverse the changes, the problem should disappear.

FYI, you also have a number of other unnecessary startup files, though these
are not malicious. You may want to disable them on the startup tab of
msconfig in order to improve system performance:

"CallControl 4.5"="C:\\PROGRAM FILES\\FAXTALK COMMUNICATOR\\FTCtrl32.exe /autoload"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program

Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"

"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe

SYSTEMBOOTHIDEPLAYER"

This one here may conflict with your Mcafee AV software and should be
disabled as well (or remove Mcafee, which is up to you, but two AV programs
often hinder system performance as they conflict trying to monitor the
system)

"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus

Titanium\\APVXDWIN.EXE\" /s"

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



<snipped for brevity>