1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Pop-up when booting

Discussion in 'Earlier Versions of Windows' started by JimL904, Jan 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. JimL904

    JimL904 Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    2
    I get a pop-up window when I boot. It also creates a directory called ecommerce with a couple files in it. In addition, it creates an icon on my desktop. When I delete these things, and re-boot, the directory, icons, files, and pop-up re-appear. I use AOL with dial up access so I know I'm not online when this happens. I have run startuplist and included it here for analysis:

    StartupList report, 1/9/03, 8:36:48 PM
    StartupList version: 1.50
    Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\IRE\CISCO SECURE VPN CLIENT\IPSECMON.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\S3TRAY.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\WINDOWS\SYSTEM\THOTKEY.EXE
    C:\WINDOWS\SYSTEM\PWRTRAY.EXE
    C:\WINDOWS\SYSTEM\PSPCCARD.EXE
    C:\WINDOWS\SYSTEM\TESCKEY.EXE
    C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
    C:\TOSHIBA\IVP\ISM\PINGER.EXE
    C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\DSLAUNCH.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    aol.lnk = C:\Program Files\America Online 8.0\aol.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    S3TRAY = S3tray.exe
    TOSHIBSU = TOSHIBSU.EXE
    THotkey = THotkey.exe
    TDspOff = TDspOff.Exe B
    PowerTray = PwrTray.EXE
    PsPCCard = PsPCCard.EXE
    TEscKey = TEscKey.exe
    TFunckey = TFuncKey.exe
    EM_EXEC = c:\mouse\system\em_exec.exe
    Pinger = C:\TOSHIBA\IVP\ISM\pinger.exe
    TgAddServer = "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
    Tgcmd = "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
    tgsetsite = "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
    IrMon = IrMon.exe
    YAMAHA DS-XG Launcher = c:\windows\dslaunch.exe
    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
    Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    SystemTasks = C:\sexicamz.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    Encompass_ENCMONTR = C:\Program Files\Easy Internet\ENCMONTR.EXE
    HDDPwd =
    IREIKE = C:\Program Files\IRE\Cisco Secure VPN Client\IreIKE.exe start
    IPSecMon = C:\Program Files\IRE\Cisco Secure VPN Client\IPSecMon.exe start
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

    [>PerUser_MSN_Clean] *
    StubPath = c:\windows\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = c:\windows\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

    [>IEPerUser] *
    StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SCIENCE.SCR
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 5/1/2003, 12:20:44)

    [rename]
    nul=c:\windows\TEMP\~f1d055.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    @C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
    PATH=C:\DOS
    IF EXIST TOSCD001 LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    DEVICE=C:\WINDOWS\HIMEM.SYS
    DEVICE=C:\WINDOWS\EMM386.EXE X=C000-CFFF
    LASTDRIVE=Z
    DEVICE=c:\windows\Panning.SYS

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    @echo off
    REM
    REM
    IF EXIST TOSCD001 C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001
    c:\mouse\mouse.exe

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Scan For Viruses.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
    CODEBASE = http://aft.ancestry.com/aftfiles/files/install/AncestryFamilyTree.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
    CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab

    --------------------------------------------------
    End of report, 7,818 bytes
    Report generated in 0.848 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. rugrat

    rugrat

    Joined:
    Dec 16, 2001
    Messages:
    1,869
    First, Welcome to TSG!


    Next I would go here http://tomcoyote.com/SPYBOT/

    And download and run spybot.
    If this does not solve the problem, I would click on the report tab at the top of the post and ask a moderator to move this to security so the people who know what they are looking at can have a better look at your post. If you want to try additional things such as online virus scanners etc... Go here http://forums.techguy.org/t110854/sc53a516cad96cdef3db9ba30a4837132.html
    Rog has done a great job with linking additional resources.


    Let us know
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You've got a lot of funky Toshiba laptop stuff there and lord knows whether you need everything you have running at startup.

    But the ads might be coming from:

    TgAddServer = "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"

    See this link and do ctrl-f to find specific startups such as TgAddServer:

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

    I don't think Spybot will remove it, but it's still worth installing and running.

    Startup programs can be disabled by going to Start>Run and entering msconfig

    Just uncheck them under the startup tab to troubleshoot, or leave them permanently unchecked if you don't really use or need them.
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  5. JimL904

    JimL904 Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    2
    Spybot found the problem files and deleted them just as I had done manually only to have them return upon re-boot. Tony's link above provided the exact instructions needed for a permanent fix. Thanks to all for the assist. Jim
     
  6. rugrat

    rugrat

    Joined:
    Dec 16, 2001
    Messages:
    1,869
    And again I must bow to Tony's wisdom. You really should see his Guru picture:D
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Yup, here's another picture of me, on my way to solve yet another computer problem!

    <img src= "http://www.sikhnet.com/thesikhs/images/Guru%20Nanak%20Traveling%20the%20Country%20Side.jpg">

    :D
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112380

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice