|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
My C drive's Windows folder opens up everytime I start up
I am transfering this request from the Windows 98 OS Forum: http://www.cybertechhelp.com/forums/...861#post350861
On the suggestion of another member, I am posting my HijackThis log here in search of further help. Prior to running HijackThis, I ran SpyHunter, which only found stuff in the IE Temp Files folder. I deleted these as usual. Here is the log: ------ I use a Sony Vaio laptop (PCG-Z505JE) with few problems. I do my best to keep Windows 98 updated and I use Symantec Virus software regularly. Nevertheless, I'm facing a recent problem when I start up my computer. After everything loads up/starts up, the C drive's Windows folder is left open in front of the desktop. I haven't touched a thing, and yet, it's open! I always have to close it, before getting started with my work, and I worry that my system has been compromised in some way. Hard to describe, so I hope that this all makes sense. I can try to describe this better, if not. I've searched the forums and can't seem to find anything quite like this issue out there, so I don't know what to try next. I really appreciate any help anyone can offer! ![]() ----- Logfile of HijackThis v1.99.1 Scan saved at 8:24:53 PM, on 2/23/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\PROMON.EXE C:\WINDOWS\DSLAUNCH.EXE C:\WINDOWS\IRXFER.EXE C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE C:\PROGRAM FILES\APOINT\APOINT.EXE C:\PROGRAM FILES\SONY\JOG DIAL UTILITY\JOGSERV2.EXE C:\PROGRAM FILES\D-LINK\AIR UTILITY\AIRCFG.EXE C:\PROGRAM FILES\ALPHA NETWORKS\ANIWZCS SERVICE\WZCSLDR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\TPPALDR.EXE C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE C:\WINDOWS\SYSTEM\PELMICED.EXE C:\WINDOWS\SYSTEM\E_S4I2L1.EXE C:\PROGRAM FILES\APOINT\APWHEEL.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\PROGRAM FILES\D-LINK\AIR UTILITY\AIRCFG.EXE O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [Smart Label OServer] C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKCU\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /M "Stylus CX6400" /EF "HKCU" O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab |
#2
|
|||
|
|||
![]()
Come on...
No one want's to take a crack at this? Pretty please.... ![]() |
#3
|
|||
|
|||
Hi zferis
Hi all ![]() i've had the same problem for a while on my main PC But i've solved it try this The Problem was in the registry - Stop back up your registry first - as this is my first posting you may not wish to trust me or any one that asks you to alter there registry click Start\ Run in the box enter " regedit " without the quotes " click OK click on the + next to HKEY-CURRENT_USER " " + next to Software " " + next to Microsoft " " + next to Windows " " + next to Current Version then click on the name Explorer In the right hand window will \ should be a DWORD Value (Blue Flag) called "DesktopProcess" it should have a value of (0) if it is (1) right click on DesktopProcess and salect Modify and change the (1) to (0) I hope it works for you as it did for me My Wife is off my back for a while Last edited by Gnome; May 8th, 2005 at 07:51 PM. |
#4
|
|||
|
|||
Agh! Gnome, thank you so much for your reply! Unfortunately, I ended up selling that laptop not long ago. Well, it's my problem no longer! Hah!
Listen though, thanks for the time you spent sharing this knowledge. If we've had the same problem, someone else will soon enough. Hope they find their way here. Thanks! |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Strange website opens on windows start | dotty23 | Malware Removal | 8 | June 22nd, 2015 03:36 PM |
1st windows folder(Microsoft) opened on boot, now Microsoft Works Portfolio opens | GretaLovejoy | Windows XP | 0 | December 31st, 2010 04:56 PM |
W32.ircbot.gen detected everytime IE opens | sethlives1 | Malware Removal | 8 | December 12th, 2006 12:31 AM |
Windows32 Folder opens at Start-Up | ChrisPDavies | Windows XP | 5 | June 2nd, 2006 02:58 PM |
My C drive's Windows folder opens up everytime I start up | zferis | Windows 98 | 7 | February 24th, 2005 02:55 AM |
All times are GMT +1. The time now is 04:12 PM.