Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

c:\windows\system32 folder opens at startup


  • Please log in to reply

#1
rmerli

rmerli

    New Member

  • Member
  • Pip
  • 8 posts
Hello!

When I log on to my XP, the folder c:\windows\system32 opens automaticly. It doesn't seem to do anything, just opens.
How can I stop this from opening every time?
  • 0

Advertisements


#2
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hi rmerli...

Let's check a few settings first. Click Start, point to "All Programs", then point to "Startup". Is System32 (or something containing System32) in the resulting menu? If yes, list them here for me.

If no, click Start, then Run, type msconfig, and click "Ok". Click the "Startup" tab. Once again, is there anything in the list that references System32? If yes, list them here.

wannabe1
  • 0

#3
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi!
Only two entries in start - all programs - startup : "Microsoft office" and HP Digital Image Monitor"
None of them with system32

In msconfig i find one entry:E_S4I091 c:\windows\System32\spool\drivers\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /06 "USB001" /M "Stylus C48"
  • 0

#4
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry, one more entry;
c:\windows\system32\dojijq.exe
  • 0

#5
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I think its to late in the evening, I found one more:
c:\windows\system32\hphmon05.exe
  • 0

#6
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
c:\windows\system32\dojijq.exe <----This one bothers me...it appears to have a random name and may be malware.

Uncheck the checkbox next to it and "Apply" the change. Reboot. Upon restart, you will receive a Selective Startup dialog box...this is normal. Tick the box to not show it again and click "Ok".

Does the System32 folder still open on startup?
  • 0

#7
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi!

I am still getting the folder after removing the tag and a restart.
  • 0

#8
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Click Start, then Run, type regedit, and click "Ok".

In Registry Editor, expand (click +) HKEY_LOCAL_MACHINE, then SOFTWARE, then Microsoft, then Windows, then CurrentVersion, and click on Run.

Is the top entry in the right pane "(Default)"?

Then expand (click +) HKEY_CURRENT_USER, then SOFTWARE, then Microsoft, then Windows, then CurrentVersion, and click on Run.

Is the top entry in the right pane "(Default)"?

Look at each value in the right pane under the "Data" heading. If any values appear as "" let me know what they are.
  • 0

#9
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have a Norwegian Version, but I think it translates like this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

The top line says:
ab(Default) REG_SZ (No Value recorded)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion

The top line says the same:

ab(Default) REG_SZ (No Value recorded)
  • 0

#10
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Are there any other entries in the right pane...other than (Default)?
  • 0

Advertisements


#11
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I tried to log in as a guest-user, and does not get the same folder opened.
Under Current_User - Current version, I have no other entries
  • 0

#12
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Go into your "Control Panel" and open "Folder Options", under the "View" tab make sure that "Restore previous folder windows at logon" is unchecked, click "Apply", then "Ok".

The odd-named file is still bothering me. Please download HiJackThis, run it and save a log. Attach the log to your next post for me.
  • 0

#13
rmerli

rmerli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 01:43:06, on 08.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Edit by wannabe1: Attached HJT log

Attached Files


  • 0

#14
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
You have a pretty good malware infection going on in there. I see a couple of entries that may be related to your problem... :whistling:

Please go to the Malware Forum and follow the instructions.

That will give you several steps that will help you clean up 70 percent of all problems by yourself...then post a hijackthis log in THAT forum. Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

wannabe1
  • 0

#15
woohoofulness

woohoofulness

    Member

  • Member
  • PipPip
  • 56 posts
JUST FIND THE MALWARE AND OBLITERATE IT!!!!! lol, i hate spyware....and sometimes malware will hide registry entries in weird places, so even when you get rid of it....use a registry sweeper or go through your registry and delete the malware entries, or else sometimes it will reinstall itself.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP