Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

C Drive opens on startup ?


  • Please log in to reply

#1
mittz

mittz

    Member

  • Member
  • PipPip
  • 11 posts
Hi Everyone,
Hope someone can help me.The problem is when I start my pc my c drive opens up.This has been going on for a couple of months now.I have been on lots of different forums but to no avail.can anyone tell me how to stop this happening <_<
Thanks.
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Welcome mittz <_<

You mean Windows Explorer opens, exploring drive C:?
  • 0

#3
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
Thanks for the welcome.
Yes thats whats happeninig.I startup my pc,then while things are loading the c drive opens showing the folders.
Thanks.
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#5
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PTSPIExe.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\ZIPCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\MY BRIEFCASE\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/irongarage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presar...&query=%s&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {24FD403D-0289-480A-8030-8DDDA749D684} - (no file)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Tick gpl - {B1441E69-E3BA-5E0A-FB87-2F011D41D9BB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ZipCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
O4 - HKLM\..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7906.1503240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloff.../DMO1/IAicm.cab
  • 0

#6
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
What do I do next?
Remove the underlined?
Thanks for your time.
  • 0

#7
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presar...&query=%s&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {24FD403D-0289-480A-8030-8DDDA749D684} - (no file)
O3 - Toolbar: Tick gpl - {B1441E69-E3BA-5E0A-FB87-2F011D41D9BB} - (no file)
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloff.../DMO1/IAicm.cab

Any idea what this file is for? Find it right click and look at properties.
C:\WINDOWS\SYSTEM\PTSPIExe.EXE
If not, go ahead and fix it.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log.
  • 0

#8
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
Here are the results of my new scan.
C:\WINDOWS\SYSTEM\PTSPIExe.EXE is a database for my bussines.Had it a long time so no problems with that.

Logfile of HijackThis v1.97.7
Scan saved at 04:24:23, on 5/7/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PTSPIExe.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\ZIPCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\MY BRIEFCASE\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/irongarage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {24FD403D-0289-480A-8030-8DDDA749D684} - (no file)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Tick gpl - {B1441E69-E3BA-5E0A-FB87-2F011D41D9BB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ZipCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
O4 - HKLM\..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7906.1503240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Still some cleaning up to do....

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).

Go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {24FD403D-0289-480A-8030-8DDDA749D684} - (no file)
O3 - Toolbar: Tick gpl - {B1441E69-E3BA-5E0A-FB87-2F011D41D9BB} - (no file)
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O16 - DPF: Win32 Classes -

Find and delete this file:
C:\WINDOWS\SYSTEM\stcloader.exe <- this file

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log. <_<
  • 0

#10
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
Here is my latest scan,

Logfile of HijackThis v1.97.7
Scan saved at 09:23:45, on 5/7/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PTSPIExe.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\ZIPCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\MY BRIEFCASE\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/irongarage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=eng
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=eng
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ZipCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
O4 - HKLM\..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7906.1503240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
  • 0

Advertisements


#11
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Where do I go from here?

thanks for your time.
  • 0

#12
tazz1964

tazz1964

    Member

  • Member
  • PipPipPip
  • 608 posts
Hi
I know Admin is working on your log with you I just have one ? did this start after you installed a program?
<_<
  • 0

#13
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Tazz
To be honest with you I really don't know?I can't think of any programs i've downloaded recently.I just remember the c drive opening and i thought nothing of it at the time.But now it's more of a nuisance than anything.my pc seems to be running fine except for this.
any help or ideas appreciated.
thanks.

Edited by mittz, 09 May 2004 - 07:01 AM.

  • 0

#14
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Let's take a look at what's loading at startup using this tool:
http://www.spywarein...StartupList.exe

Copy and paste the log back to this topic. <_<
  • 0

#15
mittz

mittz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
Here is a copy of what came up.

StartupList report, 5/9/04, 06:39:51 PM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PTSPIExe.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\ZIPCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PHONE\PHONE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
Essdc = essdc.exe
SXGDSENU = SXGDSENU.exe
EACLEAN = C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
CPQEASYACC = "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
Aureal A3D Interactive Audio Init = A3dInit.exe
Compaq Internet Setup = C:\Compaq\Internet\InetWizard.exe /RUN
CISrvr Program = C:\COMPAQ\INTERNET\CISRVR.EXE
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
Adaptec DirectCD = C:\Program Files\ZipCD\DIRECTCD.EXE
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
LEDTRAY.EXE = C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
EM_EXEC = c:\MOUSE\SYSTEM\EM_EXEC.EXE
LexStart = Lexstart.exe
LexmarkPrinTray = PrinTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Aureal A3D Interactive Audio = sa3dsrv.exe
CBWHost = C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
CBWAttn = C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Evidence Eliminator = C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
SET BLASTER=A220 I5 D1
LH C:\WINDOWS\COMMAND\DOSKEY
if exist c:\pipost.bat call c:\pipost.bat
mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi)
mode con codepage select=850
keyb uk,,c:\windows\COMMAND\keyboard.sys
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0TO\ADOBEC~1;C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macr...director/sw.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...7906.1503240741

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[PopCapLoaderCtrl Class]
CODEBASE = http://zone.msn.com/...pcaploader1.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,666 bytes
Report generated in 0.936 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Thanks for your time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP