mapsonx Posted June 28, 2005 Share Posted June 28, 2005 Just did a clean OS reinstall like I have many times before, & before I reinstalled very may extra items, all which were there before the OS reinstall, the C:\ directory.started to automatically open after bootup. Used exact procedure I have in the past, & never happened before, & this was before I connected to the net. Nothing unusual in msconfig, nothing in the startup folder, and nothing unusual in the "Run" portion of the registry. Link to comment Share on other sites More sharing options...
WarStorm Posted June 28, 2005 Share Posted June 28, 2005 This problem starts to happen after you install a program. Have you updated a program?? You have to slowly disable items in your startup until it doesnt come up with it anymore. You could download Hijackthis and post your log file? Link to comment Share on other sites More sharing options...
jwjw1 Posted June 28, 2005 Share Posted June 28, 2005 is it actually the C:\ or system32 folder?....this is a fix for the system32 folder problem..but might also be a help if its the C:\ http://support.microsoft.com/default.aspx?id=170086 Link to comment Share on other sites More sharing options...
mapsonx Posted June 30, 2005 Author Share Posted June 30, 2005 is it actually the C:\ or system32 folder?....this is a fix for the system32 folder problem..but might also be a help if its the C:\http://support.microsoft.com/default.aspx?id=170086 586131889[/snapback] I googled the issue before coming here, trying to fix it myself & not have to bother anybody, so your query is not unexpected. Unfortunately for me, it is the C:\ directory. According to the MS article If you are uncertain whether an entry is incorrect or incomplete, you may want to delete all entries other than the default Windows entry. The following entry to run the System Tray is the only required Windows default entry: I wonder if there is any foreseeable problem trying that in Win98? Probably couldn't hurt to try if I can't find another answer. I've already made the necessary .reg backups My Hijackthis scan, taken directly after starup, is reflected in the log below. NOTE: No windows security patches installed at the time the problem started. Logfile of HijackThis v1.97.7Scan saved at 6:16:03 AM, on 6/30/2005 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CLOSER2.0\CLOSER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HIJACKTHIS 1.97.7\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=127.0.0.1:1;http=127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com; windowsupdate.com; localhost, 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://google.com/ O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX (skipped, 1676800 bytes) O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun (f123231689e2ab2fa5c636b99314501f, 86016 bytes) O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe (f795110611101279aa15997801abaca0, 28672 bytes) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (3857d93aa630abbd63467db4aeffce2c, 24576 bytes) O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (3857d93aa630abbd63467db4aeffce2c, 24576 bytes) O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE (cbd841775a04e82b2828fc301aafee70, 9088 bytes) O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide (9a0940332f74d77210185b77e22295a0, 389120 bytes) O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE (5854dd4916841fca81781c3a7276da75, 89088 bytes) O4 - Startup: Closer.lnk = C:\Program Files\closer2.0\Closer.exe (5364a1367f8c544d17f86af2237f1312, 36864 bytes) O8 - Extra context menu item: &DeBug - c:\windows\web\debug.htm (82616b270d994060fb637382a292725b, 182 bytes) O8 - Extra context menu item: &Bypass - c:\windows\web\bypass.htm (33782c2248de7629aa811354b644c26d, 171 bytes) O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm (c19ac6598a17a5630a124367f45879ac, 272 bytes) O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm (02a3713396dea33fe8012d08c5d8c010, 72 bytes) O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm (c4a7daccf223ad5d6d7024f4f3f3be3e, 277 bytes) O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm (5f161957f895bc40c1146b0b4a07397c, 1892 bytes) O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm (ae6ec185f71ade39d3719f244edf23f4, 507 bytes) O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm (1709a3eb9e13fec97de1aaeeb2e83261, 507 bytes) O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm (005c6139f60cf6954ff72cdab97244d8, 16017 bytes) O8 - Extra context menu item: Spellin&g - C:\WINDOWS\web\Spell_It.htm (file missing) O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GOOGLETOOLBAR_EN_1.1.62-DELEON.DLL/cmsearch.html (file missing) O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GOOGLETOOLBAR_EN_1.1.62-DELEON.DLL/cmcache.html (file missing) O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GOOGLETOOLBAR_EN_1.1.62-DELEON.DLL/cmsimilar.html (file missing) O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GOOGLETOOLBAR_EN_1.1.62-DELEON.DLL/cmbacklinks.html (file missing) O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GOOGLETOOLBAR_EN_1.1.62-DELEON.DLL/cmtrans.html (file missing) O9 - Extra button: Offline (HKLM) O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM) O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8531.1322453704 O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab StartupList report StartupList report, 6/30/2005, 6:14:43 AMStartupList version: 1.52 Started from : C:\PROGRAM FILES\HIJACKTHIS 1.97.7\HIJACKTHIS.EXE Detected: Windows 98 SE (Win9x 4.10.2222A) Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CLOSER2.0\CLOSER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HIJACKTHIS 1.97.7\HIJACKTHIS.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] Closer.lnk = C:\Program Files\closer2.0\Closer.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\All Users\Start Menu\Programs\StartUp] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = C:\WINDOWS\scanregw.exe /autorun TaskMonitor = C:\WINDOWS\taskmon.exe SystemTray = SysTray.Exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE PersFw = "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run TClockEx = C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe "%1" %* -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [setupcPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf [AppletsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf [FontsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf [PerUser_ICW_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{89820200-ECBD-11cf-8B85-00AA005B4395}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 [>PerUser_MSN_Clean] * StubPath = C:\WINDOWS\msnmgsr1.exe [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] * StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [PerUser_Msinfo] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf [PerUser_Msinfo2] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf [MotownMmsysPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf [MotownAvivideoPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf [MmoptPreferredAudioDevices] * StubPath = rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SPCI\VEN_1013&DEV_6005&SUBSYS_00000000&REV_01\BUS_00&DEV_0A&FUNC_00 [MotownMPlayPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf [PerUser_Base] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf [shellPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf [shell2PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf [PerUser_winbase_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_winapps_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_LinkBar_URLs] * StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L [TapiPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1 [PerUserOldLinks] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf [MmoptRegisterPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf [OlsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf [OlsMsnPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf [PerUser_Paint_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_Calc_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_CVT_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf [MotownRecPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf [PerUser_Vol] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf [PerUser_MSWordPad_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf [PerUser_RNA_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf [PerUser_Sysmon_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Sysmeter_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_CharMap_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Dialer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_ClipBrd_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf [PerUser_CDPlayer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install [MmoptMusicaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptJunglePerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptRobotzPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptUtopiaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- C:\WINDOWS\WININIT.INI listing: *File not found* -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 30/6/2005, 4:1:20) [rename] NUL=C:\PROGRA~1\TRENDM~1\ANTISP~1\SSENGINE.DLL NUL=C:\WINDOWS\APPLIC~1\TRENDM~1\ANTISP~1\TMP\3 NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\WPEFSP6J\TMAS-W~1.EXE -------------------------------------------------- C:\AUTOEXEC.BAT listing: echo off C:\WINDOWS\cwcdata\cwrdos.exe -------------------------------------------------- C:\CONFIG.SYS listing: *File not found* -------------------------------------------------- C:\WINDOWS\WINSTART.BAT listing: *File not found* -------------------------------------------------- C:\WINDOWS\DOSSTART.BAT listing: C:\WINDOWS\cwcdata\CWRDOS.EXE -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is NOT normal! (C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe %1 %*) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [internet Explorer Classes for Java] CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd [update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8531.1322453704 [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN60.OCX CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll -------------------------------------------------- Enumerating Win9x VxD services: NDIS: ndis.vxd,ndis2sup.vxd JAVASUP: JAVASUP.VXD CONFIGMG: *CONFIGMG NTKern: *NTKERN VWIN32: *VWIN32 VFBACKUP: *VFBACKUP VCOMM: *VCOMM IFSMGR: *IFSMGR IOS: *IOS MTRR: *mtrr SPOOLER: *SPOOLER UDF: *UDF VFAT: *VFAT VCACHE: *VCACHE VCOND: *VCOND VCDFSD: *VCDFSD VXDLDR: *VXDLDR VDEF: *VDEF VPICD: *VPICD VTD: *VTD REBOOT: *REBOOT VDMAD: *VDMAD VSD: *VSD V86MMGR: *V86MMGR PAGESWAP: *PAGESWAP DOSMGR: *DOSMGR VMPOLL: *VMPOLL SHELL: *SHELL PARITY: *PARITY BIOSXLAT: *BIOSXLAT VMCPD: *VMCPD VTDAPI: *VTDAPI PERF: *PERF VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386 VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd VNETBIOS: vnetbios.vxd fwdrv: fwdrv.vxd -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- End of report, 19,712 bytes Report generated in 0.072 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Link to comment Share on other sites More sharing options...
+orgitnized Subscriber¹ Posted June 30, 2005 Subscriber¹ Share Posted June 30, 2005 I think I might know what's causing it. Can you do something first though? Can you use MSCONFIG to start Windows in Diagnostic mode (loading bare-minimum resources) and tell us if the C drive still opens? Link to comment Share on other sites More sharing options...
SergeantNoob Posted June 30, 2005 Share Posted June 30, 2005 what's dis C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE Link to comment Share on other sites More sharing options...
mapsonx Posted July 1, 2005 Author Share Posted July 1, 2005 I think I might know what's causing it. Can you do something first though? Can you use MSCONFIG to start Windows in Diagnostic mode (loading bare-minimum resources) and tell us if the C drive still opens? 586143158[/snapback] I gotta bad feelin' this isn't the answer you're looking for, but it still occurs in Diagnostic mode.what's disIt's a Windows security update file protecting against a "Vulnerability in cursor and icon format handling could allow remote code execution". With the April 12, 2005 release of the file it runs as a service from the following registry entry:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Name Data KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE Link to comment Share on other sites More sharing options...
Damrock2002 Posted July 1, 2005 Share Posted July 1, 2005 This happened to me. I forgot about it, guess it just stopped after a while. Link to comment Share on other sites More sharing options...
CruJones Posted July 1, 2005 Share Posted July 1, 2005 It happens to me also.. i dont' know how to fix it.. every time i boot up windows it opens explorer.exe to the c:\ folder. If you find a fix please let me know.. im using windows xp sp2 with all updates.. I think mine started after i installed mysql, but im not for sure. Link to comment Share on other sites More sharing options...
mapsonx Posted July 1, 2005 Author Share Posted July 1, 2005 (edited) The following may or may not have any relevance whatsoever, but I thought I should mention a couple other strange things I can't explain that occurred around the same time. I'm gonna get wordy here, but I want to give all the details just in case we might hopefully discover six or less degrees of separation. Who knows, maybe I can get several things solved here (won't hold my breath...lol) Problem #1: For quite some time I've had the benefit of using a little dos utility named PowerOff http://elektron.et.tudelft.nl/~witteman/PowerOff.html Poweroff.exe is an MSDOS program that is able to shutdown the power of the latest ATX powersupplies from the commandline using the APM functionalities supplied by the motherboard BIOS. Poweroff.exe is to DOS, what Shutdown is to Win95. When PowerOff.exe is placed in c:\, & PowerOff.exe is included just before "exit" at the bottom of Clean9x.bat (from Fred Langa), a system cleanup batch file that must run in real DOS, the system shuts down. Very handy. Instead of the system rebooting after running Clean9x.bat (like it would with a typical batch file), I can now use it to clean my TIF, Temp files, cookies index.dat, etc, etc. & then shut down my unit directly thereafter, automatically, unattended, with virtually the same effort it takes to normally shut down. Which typically became my routine when shutting down. That is, until I did the OS reinstall. Let me preface all this by saying that I actually did 2 reformats & reinstalls in a row. After I did the first, I noticed that PowerOff was no longer working. Due to that & a small problem with a driver installation, I decided to start over, hoping whatever weirdness that took place during the Os reinstall that caued the problems would be cured by repeating it. Wrong. Poweroff still doesn't work. Very annoying. The only prerequisite for it's use is having APM activated, & as far as I can see, it is. I've done nothing to change any of the default "Power Management" settings in windows, & I went into the BIOS to see if anything looked different, but it looks normal to me. Like I said, I've done the same exact OS reinstall literally dozens of time. The only thing that ever varies is when the pre-install scandisk procedure finds an error. The first time it found some "Lost File Fragments" on my F:\ partitiion, & asked if I wanted to save them as check files, which I believe I declined. That was the only deviation from a run of the mill iinstall. I would appreciate any suggestions for this whether it relates to the C:\ directory issue or not. Problem#2: Before I posted the first time I ran both F-Prot (DOS version) viru scan (clean) & Adaware (nothing unusual found). After the post, I tried TrendMicro. The virus scan came up clean, but their new Spyware scan came up with the "UCMore Toolbar Extension" http://www.spywareremove.com/removeucmoreiexexe.html This is a complete mystery to me. I didn't knowingly download or install it, there was no vivible evidence of it (supposed to appear in the IE toolbar), Adaware didn't come up with it, I don't have ucmoreie.exe anywhere on my sysem, & cannot explain the presence of the registry value Trend Micro came up with, which I allowed TrendMicro to remove. I guess I could have missed it since I use Firefox, but the initial thing I did when re-connecting to the net for the first time after the OS reinstall was go straight to Windows Update, using IE of course, to verify the proper installation of locally stored security patches. I think I would have noticed a rogue toolbar. But maybe you have use the IE "customize" toolbar function to put it out there. I dunno. The only thing different I installed thus far this time around is WMP9 & it's related security patches, in place of WMP 7.1. Well, there is all the dirt I can dig up. Oh, & BTW, aside from the irritating C:\ opening up, everything else is working fine. No other symptoms. Maybe I should be thankful after all...lol Edited July 1, 2005 by mapsonx Link to comment Share on other sites More sharing options...
+orgitnized Subscriber¹ Posted July 1, 2005 Subscriber¹ Share Posted July 1, 2005 I do have 2 ideas, having seen this behavior numerous time before. If it was me personally, here's what I would attempt: Go and grab the stand-alone version (free) of Mike Lin's Startup Control Panel and open it on your system. What I want you to do is disable every single thing from all the tabs and tell me if the behavior still persists after you reboot. You can simply uncheck the box next to each startup item to accomplish this. If it doesn't, then you know it's something that happening in one of those keys during your desktop load phase. Even though you use MS' Diagnostic mode, it doesn't always stop every single startup entry that you have. I just wanted to try it without having to go with a 3rd party until if we didn't need to. My next suggestion (whether or not that works) is to put quotes around any startup entry that has a directory longer than 8 characters. This may or may not surprise you, but even in Windows, when you see startup entries with characters that are longer than 8, Windows more times than not will open the folder instead of the actual application itself. Many times this is a result of the path statements not being fully loaded in the early load stages of the registry and desktop. You can normally test this behavior because if you use the Startup Control Panel applet to disable everything and then reboot, and everything comes up fine...then go back in to the applet and right-click each entry and hit "Run Now" and see if one opes a folder instead of an application, like it should be doing. Most times you won't see the folder open, because by the time you go in to load these apps or services manually, Windows has setup the path statements properly. At any rate, this has happened to me in Windows XP on several occasions, and I use the SCP to take care of it, every single time. Notice Kerio: PersFw = "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide For the best compatibility, they put quotes around their load statement so Windows understands it completely. Now look at this one: TClockEx = C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE That one right there could be your culprit realistically. No quotes can confuse Windows when having to load that statement. You modify the application's run line by using the SCP and then right-clicking the one in question and hitting "Edit" to edit the command. Just put some quotes around it and let's see if that helps. Link to comment Share on other sites More sharing options...
Jerry Grey Member Posted July 1, 2005 Member Share Posted July 1, 2005 (edited) ...Notice Kerio: PersFw = "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide For the best compatibility, they put quotes around their load statement so Windows understands it completely. Now look at this one: TClockEx = C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE ... 586148001[/snapback] Thats should be it, because Window might have been trying to open C:\PROGRAM and then FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE. I had the same problem, after I did that the problem was gone... :) EDIT: Is it just me, or is there something very wrong with that line: Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS - .reg open command is NOT normal! (C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe %1 %*) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check failed! EDIT2: Also pop into regedit and run and change TClockEx: From: C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE To: "C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE" As you can see there too many spaces ^ Edited July 1, 2005 by Gerry Link to comment Share on other sites More sharing options...
mapsonx Posted July 2, 2005 Author Share Posted July 2, 2005 (edited) Is it just me, or is there something very wrong with that line: I believe that's just Script Sentry doing it's job. Also pop into regedit and run and change TClockEx:From: C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE To: "C:\PROGRAM FILES\TCLOCKEX V1.4.2\TCLOCKEX.EXE" As you can see there too many spaces ^ Too many spaces???? Don't understand. Go and grab the stand-alone version (free) of Mike Lin's Startup Control Panel and open it on your system. Tryin' to cover all the bases here. This started happening very shortly after the OS reinstall. I don't remember if it occurred after it happened during the initial desktop load after reinstall, but I don't think so. The problem is that it was so unexpected. That's why I think something other than a faulty portion of the reinstall is responsible. I just started adjusting settings & restoring things that had been previously installed (not to mention having used them for quite some time without incident) when I noticed somethinhg wasn't right. I just wish I could pinpoint the exact time along the process. There's so much restarting/rebooting going on amid the installation of drivers & programs. When I first noticed C:\ opening up I thought it was because It was left it open before initiating a restart. In that type of scenario of course, when the system reboots, by nature c:\ will reopen, so I thought nothing of it. At least that's how I remember it. It's a little fuzzy, but that's basically it.. One thing for sure, I don't want to do another OS reinstall. Sheeesh, what a pain. That's why I knew none of the items suggested (Tclock, script sentry) were not responsible, because they were put in long after, but I followed your suggestions anyway to satisfy the investigation. I've also used SCP for years, so that was easy enough, but do you mean you want me to put quotes aorund these paths as well?: C:\WINDOWS\scanregw.exe /autorun C:\WINDOWS\taskmon.exe C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE Rundll32.exe powrprof.dll,LoadCurrentPwrScheme SysTray.Exe The only thing I didn't uncheck was the systray. Edited July 2, 2005 by mapsonx Link to comment Share on other sites More sharing options...
+orgitnized Subscriber¹ Posted July 6, 2005 Subscriber¹ Share Posted July 6, 2005 I don't remember if it occurred after it happened during the initial desktop load after reinstall, but I don't think so.When I first noticed C:\ opening up I thought it was because It was left it open before initiating a restart. Sometimes this happens because Windows 98 loves saving settings from Windows that you have open and it gets stuck. Ugh! This used to happen on Windows Me all the time! Have you tried restarting in safe mode (via F8 and confirming that the window won't open) and then restarting in normal mode to see if it opens up? In that type of scenario of course, when the system reboots, by nature c:\ will reopen, so I thought nothing of it.I've also used SCP for years, so that was easy enough, but do you mean you want me to put quotes aorund these paths as well?: C:\WINDOWS\scanregw.exe /autorun C:\WINDOWS\taskmon.exe C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE Rundll32.exe powrprof.dll,LoadCurrentPwrScheme SysTray.Exe The only thing I didn't uncheck was the systray. 586151633[/snapback] Nope - those paths are fine, because all the directories all contain less than 8 characters. Read on... You cannot prevent Windows from saving your settings when you exit. The Windows user interface does not include a way to prevent saving your settings when you exit. To prevent your settings from being saved, add (or modify) the NoSaveSettings field in the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Setting the NoSaveSettings field to 1 prevents your settings from being saved. When you set this value, the following items are not saved when you exit Windows: -Changed icon positions on the desktop. -Windows that are open when you exit. -The size and position of the taskbar. BTW: When you start Windows in Safe mode, all shell settings return to their default values. When you next restart Windows normally, most of the shell settings return to their prior values. However, some shell settings, including the taskbar options, are not restored. After starting Windows in Safe mode and then restarting Windows normally, you must reselect any non-default taskbar options. Give that registry entry a shot and let us know if that helps you out at all. Thanks! Link to comment Share on other sites More sharing options...
mapsonx Posted July 8, 2005 Author Share Posted July 8, 2005 Hi Ghost, Have you tried restarting in safe mode That's the next thing I tried after your SCP suggestion To prevent your settings from being saved, add (or modify) theNoSaveSettings Had to create a "NoSaveSettings" DWord value & set it to "1", but it had no effect. Thx Link to comment Share on other sites More sharing options...
uziq Posted July 9, 2005 Share Posted July 9, 2005 I'm just quickly passing through, and didn't fully read the thread. Get rid of any .inf files in C:\ (and make sure they're not hidden) Link to comment Share on other sites More sharing options...
mapsonx Posted July 10, 2005 Author Share Posted July 10, 2005 I'm just quickly passing through, and didn't fully read the thread.Get rid of any .inf files in C:\ (and make sure they're not hidden) 586188438[/snapback] The only *.inf files on C:\ are in subdirectories. Are you suggesting I remove all *.inf files on c:\, including all subdirectories? Link to comment Share on other sites More sharing options...
pacifica Posted July 10, 2005 Share Posted July 10, 2005 i've run into this problem before and i found something that many people overlook. check both your run keys for the machine and the current user and make sure that the default key is BLANK. sometimes it will contain either garbage or may have -hidewindow as the value. if it has anything other than a blank clear it out. i've fixed this nagging problem many times and each time this has been the culprit. Link to comment Share on other sites More sharing options...
Glorious Posted July 10, 2005 Share Posted July 10, 2005 I get this on my old Windows 98 SE machine where C:\PROGRAM opens up on startup, never got rid of it and the folder doesn't even exist in C:\ - I just learned to live with it. Link to comment Share on other sites More sharing options...
mapsonx Posted July 11, 2005 Author Share Posted July 11, 2005 i've run into this problem before and i found something that many people overlook. check both your run keys for the machine and the current user and make sure that the default key is BLANK. sometimes it will contain either garbage or may have -hidewindow as the value. if it has anything other than a blank clear it out.i've fixed this nagging problem many times and each time this has been the culprit. 586190236[/snapback] (Value not set) for both keys. Link to comment Share on other sites More sharing options...
uziq Posted July 11, 2005 Share Posted July 11, 2005 The only *.inf files on C:\ are in subdirectories. Are you suggesting I remove all *.inf files on c:\, including all subdirectories? 586190199[/snapback] no, I meant only the root. sometimes inf files sneak into your boot paths, and cause the problem you're having. maybe you should do a search for autorun.inf, install.inf or something like that. Link to comment Share on other sites More sharing options...
mapsonx Posted July 11, 2005 Author Share Posted July 11, 2005 (edited) no, I meant only the root. sometimes inf files sneak into your boot paths, and cause the problem you're having. maybe you should do a search for autorun.inf, install.inf or something like that. 586196256[/snapback] You were on the right track. I finally found the answer. Here's what I found in the MS Win98 newsgroup, courtesy of "AlmostBob" Here is a post and the answer to it from Alan Edwards, same problem I think,the solution may be the same, it worked for me. item 2 delete the desktop process --Quote-- It is not even normal for a C:\ window to open at startup in safe mode. Try these notes I have on file: 1. Check Win.ini for odd spaces or unnecessary punctuation (or even a C:\) in the run= or load= lines. 2. Windows Explorer Starts When You Start Your Computer http://support.microsoft.com?kbid=228502 Delete the 'DesktopProcess' value from the following registry key: HKEY CURRENT USER\Software\Microsoft\Window?s\CurrentVersion\Explorer 3. Delete any C:\Autorun.inf files. 4. If you have ever loaded a copy of IE6 that is not the public preview, then delete the contents of this Registry key: HKEY_USERS\.Default\Software\M?icrosoft\Windows\CurrentVersio?n\Explorer\Res tartCommands ...Alan -- Alan Edwards, MS MVP W95/98 Systems Deleting the "DesktopProcess" value is what finally did the trick. Still don't know how or why it happened in the first place, but I won't push my luck...lol The "DesktopProcess" value doesn't re-create itself after startup, but I'm assuming that won't pose further issues. Thanks to everyone who tried to help. ~J Edited July 11, 2005 by mapsonx Link to comment Share on other sites More sharing options...
Recommended Posts