System32 folder appears and STacSV error

I have two problems when my PC starts up, which I am hoping that you can help with:

 

a)      The C:\WINDOWS\system32 folder opens by itself

 

b)      An error appears indicating:  STacSV Module has encountered a problem and needs to close

 

The folder opening has been there for a while.  The StacSV Module error just started yesterday, after a group of “high priority” Windows Updates were applied.  I have listed them at the end of this message.

 

It may or may not be relevant, but the Windows updates were applied after cleaning the PC from several infections.  Details:  A rather obscene pop-up window appeared on its own in my browser earlier in the week, leading me to discover that McAfee had been disabled and the PC was infected.  I downloaded and ran Microsoft Security Scanner, using the quick scan, which found and removed Win32Necurs and WINNT/NecursA.  I then removed and reinstalled McAfee Total Protection, ensured that it was up-to-date, and then ran a full scan.  It found and removed Exploit-CVE-2012-1723.genA, ZeroAcess.hr and PWS-Zbos-FASG!… (didn’t get all of that last one noted down).  I then tried to run Microsoft Updates, but got an error.  The auto-fix did not work, but the troubleshooting steps led to the discovery that some services (including Windows Update) were stopped.  Once those were re-started, there was still an error, but then the auto-fix was able to correct it, and the updates were run.  A final round of scans was then run to make sure that the PC was clean:  a SpyBot full scan found 2 tracking cookies, but nothing else; another full McAfee scan did not find anything; and then the Microsoft security scanner was downloaded and run again, this time with a full scan.  Surprisingly, it found and removed Exploit-Java/CVE-2013-0431 and 1493.  The Windows update history shows that no updates were applied (despite being configured to be automatic) between February and yesterday.

 

The computer is a Dell Dimension 9150 running Windows XP with SP3.  McAfee Total Protection and SpyBot-SD resident are currently running.  This is my web surfing and entertainment PC.  I keep most of my important stuff on a newer PC where the only internet sites visited are secure sites for banking, etc.

 

What I see when the PC boots up is as follows:

- Dell logo screen

- Windows XP logo screen 

- black screen

- Windows welcome screen

- Desktop background image appears

- time appears in right corner of toolbar

- Icon **IDS_SYSTRAY_TOOLTIP appears in right corner of toolbar (audio control panel)

- C:\WINDOWS\system32 folder appears on the screen (this and the above are at the same time as far as I can tell)

- Volume control icon appears in right corner of toolbar

- Icon for McAfee Total Protection appears in right corner of toolbar

- The boot appears to be complete and I can start working

- About a minute and a half later, regardless of whether I do anything or not, an error message appears indicating that: “STacSV Module has encountered a problem and needs to close.  We are sorry for the inconvenience.”

 

If I try to open the audio control panel from the icon, it does not work.  This, however, is not something that normally use, and I am not really sure what it is for.  I can play MP3 files, and the sound is fine.

 

Following suggestions in another thread about the System32 folder appearing, I looked at msconfig to see what was in the startup.  The only thing pointing to the System32 folder was CTFMON, which is a program that does exist in that folder, and that appears to be required according to Microsoft.

 

In observing what happens at startup so that I could write it up, I rebooted several tines.  On the one occasion where I rebooted without waiting for the STacSV error to appear, the shutdown process seemed to stall for a long time before getting to the shutdown scripts stage.

 

The Windows updates that were applied were:

Windows XP

Windows Malicious Software Removal Tool - May 2013 (KB890830)

08 June 2013

Microsoft Update

Windows XP

Security Update for Internet Explorer 8 for Windows XP (KB2847204)

08 June 2013

Microsoft Update

Windows XP

Cumulative Security Update for ActiveX Killbits for Windows XP (KB2820197)

08 June 2013

Microsoft Update

Windows XP

Security Update for Windows XP (KB2829361)

08 June 2013

Microsoft Update

Windows XP

Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2829530)

08 June 2013

Microsoft Update

Windows XP

Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2804577)

08 June 2013

Microsoft Update

Windows XP

Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2804576)

08 June 2013

Microsoft Update

Windows XP

nVidia - Other hardware - NVIDIA GeForce 7300 LE

08 June 2013

Microsoft Update

Windows XP

Security Update for Windows XP (KB2813345)

08 June 2013

Microsoft Update

Windows XP

Security Update for Windows XP (KB2813170)

08 June 2013

Microsoft Update

Windows XP

Security Update for Windows XP (KB2820917)

08 June 2013

Microsoft Update

Silverlight

Security Update for Microsoft Silverlight (KB2814124)

08 June 2013

Microsoft Update

Windows XP

Security Update for Windows XP (KB2807986)

08 June 2013

Microsoft Update

Windows XP

Update for Windows XP and Windows Server 2003 (KB2798897)

08 June 2013

Microsoft Update

Windows XP

Update for Windows XP and Windows Server 2003 (KB2798897)

08 June 2013

Automatic Updates








 

 
Question Info

Last updated March 26, 2018 Views 239 Applies to:
You've been busy.

The first thing after this I would ask is how do you think McAfee is protecting your system?

McAfee is a known CPU and memory hog and sometimes causes problems, so you might consider replacing it with Microsoft Security Essentials which has a smaller footprint.  Your system will reward you with better performance.

If you choose to uninstall your McAfee, be sure to use their uninstaller that you can find here:

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

Get MSE here:

http://windows.microsoft.com/en-us/windows/security-essentials-download


You don't HAVE to use MSE, but you might think about it - at least temporarily since McAfee seems to have let you down.

Since you have had some malware it never hurts to do this:

No matter what else you are using for malware protection, do this:

Download, install, update and do a quick scan with these free malware detection programs:

Malwarebytes (MBAM):  http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

SAS will probably report a bunch of tracking cookies and you can just let it delete them.

Do a full scan once in a while when you have more time (perhaps hours).

They can be uninstalled later if desired.

Regarding your system32 folder opening, Microsoft knows why and tells you here:

http://support.microsoft.com/?kbid=170086

Here is what Microsoft does not tell you in that article (one way to backup your registry):

Before making registry changes, backup your registry with this popular free and easy to use tool:

http://www.snapfiles.com/get/erunt.html

The reason your system got this way in the first place is usually due to some malicious software infections.  It could be a current malicious software infection or residue from one that was partially removed by your current tools leaving behind bogus startup entries in your configuration.  You must finish the cleanup yourself.

Your STacSV error is coming from the audio device on your Dell, so you might need to reinstall those drivers from the Dell WWW site.  Sounds like it is trying to startup something and some part of it is now broken even though it seems to sound okay.  You might be able to disable the startup item to stop the error but that will not "fix" the real problem.

If the program can't start, that could be why you can't open it from Control Panel.

If you are not sure what you need, do this:

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select All, Copy and then paste the information back here.

There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.

This will minimize back and forth Q&A and eliminate guesswork.

For video driver information, expand the Components, click Display, click Edit, Select All, Copy and then paste the information back here.

For audio information, expand the Components, click Sound Device, click Edit, Select All, Copy and then paste the information back here.

There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.

One of your updates was to your NVIDIA video system and it is generally never a good idea to accept any hardware drivers from MS Updates.  MS doesn't know what the best drivers are for your system.  It is best to decline any hardware driver updates from MS and tell MS Update to never offer them to you again.

Even if it seems to be working, you might want to let NVIDIA take a look at your system: 

I would navigate to the NVIDIA website and let their online scanner take a look at your video system and see what it suggests for drivers and consider their analysis if they suggest a new driver.

Here is the address to the NVIDIA page:

http://www.nvidia.com/Download/index.aspx?lang=en-us


Read the directions, then click the GRAPHICS DRIVERS button to start the scan and respond in the affirmative if asked to install the plugin necessary to run the NVIDIA scan (I would not allow the installation of any Ask Toolbars, Google Toolbars, McAfee or other "extras") and follow their advice to download and install the latest drivers that are right for your video card.


Did this solve your problem?

Sorry this didn't help.

Wow, thanks for the detailed response ElderL !

Yes, McAfee has been disappointing.  This is not the first time that I have had to clean up an infection despite having it, and I have used Malwarebytes before in that process in addition to the tools I mentioned.  I do a lot of research of products, locations, etc., and I have seen things start popping up after opening a web site marked as safe from a search result set.  I believe that the source is usually a legitimate web site that has been hacked/compromised, and somehow injects the infection as soon as it is accessed.

Easy stuff first:  Malwarebytes quick scan found and fixed 4 problems in the registry, listed below.  Nothing else was found on the full scan.  SAS found a bunch of tracking cookies on the quick scan, which were then deleted, and nothing else on the full scan.  The nVidia site confirmed that I have the right driver.
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\syshost32|ImagePath (Trojan.Agent) -> Data: "C:\WINDOWS\Installer\{DE5A48E4-8A03-6FED-8F26-47C26EC50E29}\syshost.exe" /service -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter)

I looked at the MS KB article about the System32 folder appearing, backed up the registry, and then checked out those keys expecting to see something obvious to fix.  The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run one looks very strange to me -- it looks like the beginning of some of the values are missing, as well as the leading quotes.  Please see below (not sure if an image paste will work).  In case it doesn't, one example is for Value_name=TrueImageMonitor.exe, Value_date=ITOR.EXE"  What do you conclude from this ?




I will have a look at the audio part another night.

Thanks again !

Did this solve your problem?

Sorry this didn't help.

I prefer to have zero startup items, but depending on what you have installed, you could have something(s) in there.  You are looking for one that does not make sense.  Just take your time.

These malware scanners - no single one seems to know about everything so it is prudent to do some supplemental scans with things like MBAM and SAS.  "My McAfee says my system it clean".  Well I would interpret that to mean that McAfee didn't find anything it knows about.

I think TrueImageMonitor belongs to Acronis, so if you have that installed you may need it (and that is fine).

After the MBAM and SAS scans you still have the annoying message?  They are pretty good scanners but they are also thoughtful and can't do everything.

You can right clisk your RUN registry key and Export it to a text file, then open that text file with something like Wordpad or Notepad, select all the txt and copy/paste it back here and somebody can take e look at it,

Malware can be tricky sometimes...  It wants you to think you have to reinstall your whole systemand that is never the case.  If you were ever to choose to do that, then the malware wins (and they know it).  There might not always be some cowabunga solution that fixes everything so you might have to look around some.

Did this solve your problem?

Sorry this didn't help.