Solved

can't set my home page

Posted on 2003-11-09
23
2,616 Views
Last Modified: 2013-12-29
Hi guys.
I am using IE 6, and I have run into a problem. I can reset my home page and close IE and when I open it back up it will stay the same. But if I restart my computer it changes to an adult search page, and puts two icons on my desktop. I have deleated the icons and they come back. I have ran a virus scan and found a trogan called Start Page Q. I thought that sounded promissing so I deleated it to no avail. I have checked my start list and don't see anything new there. I have run searches on key words and come up empty. When I go to properties on the desktop icon it tells me it is a URL link but doesn't show me the path to the actual culprit. So how do I find out what I have picked up? Where it is located? and how to deleat or uninstall all of it, as I have checked my add/remove programs list and also find nothing new there.
Thanks
0
Comment
Question by:sfogle
  • 8
  • 6
  • 4
  • +3
23 Comments
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
Check for spywares

Spyware/Adware removal tools:
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml

Ad-aware : http://www.webattack.com/download/dladaware.shtml

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm

Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml


Also repair IE

Description of the Internet Explorer Repair Tool
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/supp

ort/kb/articles/Q194/1/77.asp&NoWebContent=1

How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/?kbid=318378

Repair Internet Explorer 6
http://www.theeldergeek.com/repair_ie6.htm

http://support.microsoft.com/?kbid=293907

Unable to Open Link
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281679&sd=tech


Also repair using this


Start > Run rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet

Explorer\Setup\SETUP.EXE" /g

or

Start > Run rundll32.exe setupapi,InstallHinfSection DefaultInstall 132

C:\windows\inf\ie.inf

Sunray
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
you have been hijacked
get ad-aware from www.lavasoft.de
and run it
0
 

Author Comment

by:sfogle
Comment Utility
I forgot to tell you I do have Ad-Ware 6.0 instaled and have run it, no nothing came up
0
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
Have you checked all the softwares I have sent and still not able to set  home page .....

Try eradicating IE and download and install a new one

IE Eradicators:
---------------

http://www.litepc.com/ieradicator.html

http://www.webattack.com/get/ieradicator.shtml

Downloads:
----------

IE Download (From 2.0 to 6.0) and Service Packs/Patches
http://helpdesk.uvic.ca/how-to/support/win95/msiexpl.html

IE Download (From 1.0 to 6.0) and service Packs
http://browsers.evolt.org/?ie/32bit

Sunray
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
check in your add/remove programs for soomething unusual
0
 
LVL 17

Expert Comment

by:rayt333
Comment Utility
Take a look at what is loading at bootup (MSCONFIG) and see what is there you don't want or need.  If nothing stands out then try unchecking them all and reboot and see if it is the same, if not then add them back one at a time (reboot in between) and watch for the offending one.
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
Hey Ray!! Cold down there too?
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
Greetings, sfogle!

A Search site has downloaded something into your computer.

2. Use the following scanners to find and remove the website. These have been listed by sunray, but make sure you have the latest updates when you run Adaware or Spybot.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
 

Author Comment

by:sfogle
Comment Utility
Thanks for all the comments guys. I had to take a break for church, but I am back now and will try to sort through all this info. Let you know what I find latter.
0
 

Author Comment

by:sfogle
Comment Utility
I am trying to download Spybots but due to the fact that I live in the sticks I am still stuck with dialup, and it isn't cowaperating today. I have two questions. Should I have a firewall installed such as Zone alarm (or do you have a better suggestion). Will that help with this problem in the future.(I already took the suggestion from war1 and unchecked the enable on demand buttons).
Also what do you think about those pop up adds for history killers. (and popup killers)Should I have one installed and which one. (it always seemed crazy to me that these boxes keep poping up to tell me how to keep this from happening)
Thanks guys, no luck getting that download done yet but i will keep trying.
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
Good luck with the download.

Firewall does not help with Spyware but may help others probing your computer.

No, don't download those ads.  You will get more adware and spyware.  If you want a good free popup killer that comes from the Internet, get Popup Stopper

http://www.panicware.com/product_psfree.html
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 17

Expert Comment

by:rayt333
Comment Utility
Hey Steve
Yes it is cold here, but not as cold as up your way. I went to a swap meet yesterday up near Akron and I froze my @ss off, it must have been 20 degrees colder there and the wind was blowing making it feel worse.
0
 

Expert Comment

by:trecherus
Comment Utility
It would be good to see a list of the programs that run at startup.  
Start->Run.. type "msconfig".   Go to the Startup Tab.  This may be time consuming but list what is checked.  We may be able to discover the culprit from experience.
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
sfogle,
   We have not heard from you in awhile? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1
0
 

Author Comment

by:sfogle
Comment Utility
Sorry guys.
I am self employed in the construction buisness so I don't have alot of time to fix these things.
I finally got spybot, and hijackthis downloaded.

Spybot came back with some promising stuff but when deleted didn't solve problem. Now I am immunized and showing no threats.

Adware 6 showed several entries but none matched my problem, and they were all new. nothing unusual.

A search for hosts brought back two for spybot and one svchostsc.
I deleted it and it comes back at reboot. I also have an ilegal operation box popping up with svchostsc as the title. I hit ctrl, alt, del and end task on it but at reboot there it is again. I see nothing in my startup that is suspocious or new.

I will post a log of my start menu and hijack this when I can get my wife on it she is a 1000% better typest than me. Are there any other list you want to see?
Also can you recomend a good download manager to restart downloads  after I get disconnected.

Thanks guys I know this is getting a little more in than the original points, so let's keep trying and I'll take care of you guys.

0
 
LVL 97

Expert Comment

by:war1
Comment Utility
You can copy and paste the HijackThis log, don't have to type it all out.
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
also try this
Start->Run MsConfig
 Go to tab Startup tab
Look for the any line with the command having regedit.exe inside.
e.g Regedit.exe /s C:\anyfile.tmp
Start->Run Regedit
In the menu > Edit->Find
Type in the File Name (in this case it is C:\anyfile.tmp)
Delete all entries containing that File Name
Open Windows Explorer
Delete the File
Open Internet Options
 Change the startup address
Reboot
0
 

Author Comment

by:sfogle
Comment Utility
Here is the logs for hijack this and adware 6. I will get my start menu typed up since I can't find a way to copy or save it.

Im not apposed to eradicating IE6 and reinstalling it, but if I take it off how do I get the new one on without a browser to download from.

I also ran
Also repair using this

Start > Run rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet

Explorer\Setup\SETUP.EXE" /g

It screwed it up worse. Now if I open with the IE short cut I get an error message, but if I go to start>favorites it will run just fine.




Here is the log from Hijack this.Logfile of HijackThis v1.97.5
Scan saved at 5:08:15 PM, on 11/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SVCHOST.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\SONIQUE\SQSTART.EXE
C:\PROGRAM FILES\SYMPHONY\MAESTRO.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\MSMFEC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ESS CD Button Monitor] C:\Program Files\AudioRack\esscdmon.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Maestro.lnk = C:\Program Files\Symphony\MAESTRO.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.1,10.0.0.1
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)



This one is from Adware 6

Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :Tuesday, November 18, 2003 5:10:32 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R217 08.09.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


11-18-03 5:10:33 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4279211679
    Threads            : 4
    Priority           : High
    FileSize           : 460 KB
    FileVersion        : 4.10.2222
    ProductVersion     : 4.10.2222
    Copyright          : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Win32 Kernel core component
    InternalName       : KERNEL32
    OriginalFilename   : KERNEL32.DLL
    ProductName        : Microsoft(R) Windows(R) Operating System
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:2 [msgsrv32.exe]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4294959623
    Threads            : 1
    Priority           : Normal
    FileSize           : 11 KB
    FileVersion        : 4.10.2222
    ProductVersion     : 4.10.2222
    Copyright          : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows 32-bit VxD Message Server
    InternalName       : MSGSRV32
    OriginalFilename   : MSGSRV32.EXE
    ProductName        : Microsoft(R) Windows(R) Operating System
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:3 [mprexe.exe]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4294956471
    Threads            : 1
    Priority           : Normal
    FileSize           : 28 KB
    FileVersion        : 4.10.1998
    ProductVersion     : 4.10.1998
    Copyright          : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName        : Microsoft Corporation
    FileDescription    : WIN32 Network Interface Service Process
    InternalName       : MPREXE
    OriginalFilename   : MPREXE.EXE
    ProductName        : Microsoft(R) Windows(R) Operating System
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:4 [mmtask.tsk]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4294954879
    Threads            : 1
    Priority           : Normal
    FileSize           : 1 KB
    FileVersion        : 4.03.1998
    ProductVersion     : 4.03.1998
    Copyright          : Copyright  
    CompanyName        : Microsoft Corporation
    FileDescription    : Multimedia background task support module
    InternalName       : mmtask.tsk
    OriginalFilename   : mmtask.tsk
    ProductName        : Microsoft Windows
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:5 [encmontr.exe]
    FilePath           : C:\PROGRAM FILES\EASY INTERNET\
    ProcessID          : 4294848215
    Threads            : 1
    Priority           : Normal
    FileSize           : 108 KB
    FileVersion        : 1, 0, 0, 1
    ProductVersion     : 1, 0, 0, 1
    Copyright          : Copyright  
    CompanyName        : Yahoo! Inc.
    FileDescription    : EncMontr Application
    InternalName       : EncMontr
    OriginalFilename   : EncMontr.EXE
    ProductName        : EncMontr Application
    Created on         : 5/3/00 11:27:45 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 11/4/99 10:36:34 PM

#:6 [mstask.exe]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4294855327
    Threads            : 2
    Priority           : Normal
    FileSize           : 109 KB
    FileVersion        : 4.71.1972.1
    ProductVersion     : 4.71.1972.1
    Copyright          : Copyright (C) Microsoft Corp. 2000
    CompanyName        : Microsoft Corporation
    FileDescription    : Task Scheduler Engine
    InternalName       : TaskScheduler
    OriginalFilename   : mstask.exe
    ProductName        : Microsoft
    Created on         : 6/18/01 8:33:20 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 6/18/01 8:33:20 PM

#:7 [mcvsrte.exe]
    FilePath           : C:\PROGRAM FILES\MCAFEE.COM\VSO\
    ProcessID          : 4294848459
    Threads            : 2
    Priority           : Normal
    FileSize           : 104 KB
    FileVersion        : 8, 0, 0, 12
    ProductVersion     : 8, 0, 0, 0
    Copyright          : Copyright  
    CompanyName        : Networks Associates Technology, Inc
    FileDescription    : McAfee VirusScan Real-time Engine
    InternalName       : mcvsrte
    OriginalFilename   : mcvsrte.exe
    ProductName        : McAfee VirusScan
    Created on         : 8/9/03 2:04:38 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 8/9/03 2:04:38 AM

#:8 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 4294898131
    Threads            : 14
    Priority           : Normal
    FileSize           : 176 KB
    FileVersion        : 4.72.3110.1
    ProductVersion     : 4.72.3110.1
    Copyright          : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    OriginalFilename   : EXPLORER.EXE
    ProductName        : Microsoft(R) Windows NT(R) Operating System
    Created on         : 4/24/99 6:22:00 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:9 [taskmon.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 4278320967
    Threads            : 1
    Priority           : Normal
    FileSize           : 28 KB
    FileVersion        : 4.10.1998
    ProductVersion     : 4.10.1998
    Copyright          : Copyright (C) Microsoft Corp. 1998
    CompanyName        : Microsoft Corporation
    FileDescription    : Task Monitor
    InternalName       : TaskMon
    OriginalFilename   : TASKMON.EXE
    ProductName        : Microsoft(R) Windows(R) Operating System
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:10 [evntsvc.exe]
    FilePath           : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
    ProcessID          : 4278314983
    Threads            : 2
    Priority           : Normal
    FileSize           : 143 KB
    FileVersion        : 0.1.0.880
    ProductVersion     : 0.1.0.880
    Copyright          : Copyright  
    CompanyName        : RealNetworks, Inc.
    FileDescription    : RealNetworks Scheduler
    InternalName       : schedapp
    OriginalFilename   : evntsvc.EXE
    ProductName        : RealOne Player (32-bit)
    Created on         : 8/13/02 5:05:35 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 8/13/02 5:05:36 AM

#:11 [loadqm.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 4278316487
    Threads            : 3
    Priority           : Normal
    FileSize           : 7 KB
    FileVersion        : 5.4.1103.3
    ProductVersion     : 5.4.1103.3
    Copyright          : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName        : Microsoft Corporation
    FileDescription    : Microsoft QMgr
    InternalName       : LOADQM.EXE
    OriginalFilename   : LOADQM.EXE
    ProductName        : QMgr Loader
    Created on         : 1/5/03 5:35:42 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 5/4/00 1:23:10 AM

#:12 [tppaldr.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 4278309035
    Threads            : 1
    Priority           : Normal
    FileSize           : 116 KB
    FileVersion        : 5.00.1055.0
    ProductVersion     : 5.00.1055.0
    Copyright          : Copyright (C) 1998-2001 In-System Design, Inc.
    CompanyName        : In-System Design, Inc.
    FileDescription    : TPP Auto Loader Application
    InternalName       : TPPALDR.EXE
    OriginalFilename   : TPPALDR.EXE
    ProductName        : TPP Storage Adapter
    Created on         : 3/3/02 1:47:38 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 6/29/01 9:39:30 PM

#:13 [syntplpr.exe]
    FilePath           : C:\PROGRAM FILES\SYNAPTICS\SYNTP\
    ProcessID          : 4278201575
    Threads            : 2
    Priority           : Normal
    FileSize           : 80 KB
    FileVersion        : 5.0.45 10SEP99
    ProductVersion     : 5.0.45 10SEP99
    Copyright          : Copyright  
    CompanyName        : Synaptics, Inc.
    FileDescription    : TouchPad Driver Helper Application
    InternalName       : SynTPLpr
    OriginalFilename   : SynTPLpr.exe
    ProductName        : Progressive Touch
    Created on         : 5/3/00 11:27:44 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 9/11/99 9:49:54 AM

#:14 [syntpenh.exe]
    FilePath           : C:\PROGRAM FILES\SYNAPTICS\SYNTP\
    ProcessID          : 4278190119
    Threads            : 3
    Priority           : Normal
    FileSize           : 186 KB
    FileVersion        : 5.0.45 10SEP99
    ProductVersion     : 5.0.45 10SEP99
    Copyright          : Copyright  
    CompanyName        : Synaptics, Inc.
    FileDescription    : Synaptics TouchPad Enhancements
    InternalName       : Scrolleroo
    OriginalFilename   : SynTPEnh.exe
    ProductName        : Progressive Touch
    Created on         : 5/3/00 11:27:51 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 9/11/99 9:49:26 AM

#:15 [gemback.exe]
    FilePath           : C:\PROGRAM FILES\AMD\POWERNOW!\
    ProcessID          : 4278210803
    Threads            : 2
    Priority           : Normal
    FileSize           : 104 KB
    FileVersion        : 1, 0, 0, 1
    ProductVersion     : 1, 0, 0, 1
    Copyright          : Copyright (C) 1999
    FileDescription    : gemback MFC Application
    InternalName       : gemback
    OriginalFilename   : gemback.EXE
    ProductName        : gemback Application
    Created on         : 5/3/00 11:46:05 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/19/00 11:53:46 PM

#:16 [hpgs2wnd.exe]
    FilePath           : C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\
    ProcessID          : 4278232751
    Threads            : 3
    Priority           : Normal
    FileSize           : 56 KB
    FileVersion        : 2,4,0,26
    ProductVersion     : 2,4,0,26
    Copyright          : Copyright  
    CompanyName        : Hewlett-Packard
    FileDescription    : hpgs2wnd
    InternalName       : hpgs2wnd
    OriginalFilename   : hpgs2wnd.exe
    ProductName        : Hewlett-Packard hpgs2wnd
    Created on         : 6/1/03 3:14:35 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 7/3/01 5:11:52 PM

#:17 [systray.exe]
    FilePath           : C:\WINDOWS\SYSTEM\
    ProcessID          : 4278227355
    Threads            : 2
    Priority           : Normal
    FileSize           : 32 KB
    FileVersion        : 4.10.2222
    ProductVersion     : 4.10.2222
    Copyright          : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName        : Microsoft Corporation
    FileDescription    : System Tray Applet
    InternalName       : SYSTRAY
    OriginalFilename   : SYSTRAY.EXE
    ProductName        : Microsoft(R) Windows(R) Operating System
    Created on         : 1/1/01
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/24/99 6:22:00 AM

#:18 [mcagent.exe]
    FilePath           : C:\PROGRAM FILES\MCAFEE.COM\AGENT\
    ProcessID          : 4278206023
    Threads            : 1
    Priority           : Normal
    FileSize           : 240 KB
    FileVersion        : 4, 3, 0, 10
    ProductVersion     : 4, 3, 0, 0
    Copyright          : Copyright  
    CompanyName        : Networks Associates Technology, Inc
    FileDescription    : McAfee SecurityCenter Agent
    InternalName       : mcagent
    OriginalFilename   : mcagent.exe
    ProductName        : McAfee SecurityCenter
    Created on         : 8/27/03 7:00:12 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 8/27/03 7:00:12 PM

#:19 [hpgs2wnf.exe]
    FilePath           : C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\
    ProcessID          : 4278248399
    Threads            : 2
    Priority           : Normal
    FileSize           : 64 KB
    FileVersion        : 2,4,0,26
    ProductVersion     : 2,4,0,26
    Copyright          : Copyright 2001
    FileDescription    : hpgs2wnf Module
    InternalName       : hpgs2wnf
    OriginalFilename   : hpgs2wnf.EXE
    ProductName        : hpgs2wnf Module
    Created on         : 6/1/03 3:14:35 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 7/3/01 5:17:04 PM

#:20 [mcvsshld.exe]
    FilePath           : C:\PROGRAM FILES\MCAFEE.COM\VSO\
    ProcessID          : 4278395739
    Threads            : 1
    Priority           : Normal
    FileSize           : 160 KB
    FileVersion        : 8, 0, 0, 15
    ProductVersion     : 8, 0, 0, 0
    Copyright          : Copyright  
    CompanyName        : Networks Associates Technology, Inc
    FileDescription    : McAfee VirusScan ActiveShield Resource
    InternalName       : msvcshld
    OriginalFilename   : mcvsshld.exe
    ProductName        : McAfee VirusScan
    Created on         : 8/18/03 5:50:34 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 8/18/03 5:50:34 AM

#:21 [svchost.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 4278417783
    Threads            : 3
    Priority           : Normal
    FileSize           : 19 KB
    Created on         : 11/6/03 9:35:30 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 11/18/03 4:43:10 AM

#:22 [mcvsescn.exe]
    FilePath           : C:\PROGRAM FILES\MCAFEE.COM\VSO\
    ProcessID          : 4278404519
    Threads            : 1
    Priority           : Normal
    FileSize           : 404 KB
    FileVersion        : 8, 0, 0, 20
    ProductVersion     : 8, 0, 0, 0
    Copyright          : Copyright  
    CompanyName        : Networks Associates Technology, Inc
    FileDescription    : McAfee VirusScan E-mail Scan Module
    InternalName       : mcvsescn
    OriginalFilename   : mcvsescn.EXE
    ProductName        : McAfee VirusScan
    Created on         : 9/28/03 9:47:00 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 9/28/03 9:47:00 PM

#:23 [p2p networking.exe]
    FilePath           : C:\WINDOWS\SYSTEM\P2P NETWORKING\
    ProcessID          : 4278405687
    Threads            : 9
    Priority           : Normal
    FileSize           : 469 KB
    FileVersion        : 1, 24, 0, 70
    ProductVersion     : 1, 24, 0, 70
    Copyright          : Copyright  
    CompanyName        : Joltid Ltd.
    FileDescription    : P2P Networking
    InternalName       : P2P Networking
    OriginalFilename   : P2P Networking.exe
    ProductName        : P2P Networking
    Created on         : 11/7/03 4:01:34 PM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 11/7/03 4:01:22 PM

#:24 [sqstart.exe]
    FilePath           : C:\PROGRAM FILES\SONIQUE\
    ProcessID          : 4278413503
    Threads            : 1
    Priority           : Normal
    FileSize           : 68 KB
    Created on         : 3/3/02 5:58:04 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 3/3/02 5:58:06 AM

#:25 [maestro.exe]
    FilePath           : C:\PROGRAM FILES\SYMPHONY\
    ProcessID          : 4278325923
    Threads            : 3
    Priority           : Normal
    FileSize           : 689 KB
    FileVersion        : 1.0-B2
    ProductVersion     : 1.0-B2
    Copyright          : Copyright (C) 1997, 1998
    CompanyName        : Proxim, Inc.
    FileDescription    : Symphony Configuration Utility
    InternalName       : Symphony Maestro
    OriginalFilename   : Maestro.exe
    ProductName        : Symphony Cordless Networking
    Created on         : 3/3/02 1:06:41 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 4/23/99 2:38:54 AM

#:26 [wzqkpick.exe]
    FilePath           : C:\PROGRAM FILES\WINZIP\
    ProcessID          : 4278349267
    Threads            : 1
    Priority           : Normal
    FileSize           : 104 KB
    FileVersion        : 1.0 (32-bit)
    ProductVersion     : 8.1  (4319)
    Copyright          : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
    CompanyName        : WinZip Computing, Inc.
    FileDescription    : WinZip Executable
    InternalName       : WZQKPICK.EXE
    OriginalFilename   : WZQKPICK.EXE
    ProductName        : WinZip
    Created on         : 11/11/03 4:56:50 AM
    Last accessed      : 11/18/03 8:00:00 AM
    Last modified      : 2/11/03 4:10:00 PM

#:27 [findfast.exe]
    FilePath           : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID          : 4278340391
    Threads            : 2
    Priority           : Normal
    FileSize           : 108 KB
    Copyright          :

0
 

Author Comment

by:sfogle
Comment Utility
No regedit.exe in my start menu
0
 
LVL 97

Accepted Solution

by:
war1 earned 200 total points
Comment Utility
Check these items in HijackThis and have HT remove them.  I included the Google Toolbar, as it can be the source of many spyware.  You can reinstall later if you need it.

O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\MSMFEC.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll

O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.1,10.0.0.1


0
 

Author Comment

by:sfogle
Comment Utility
Bingo. I don't know which one did it but it seems to be back to normal.
Can you recomend a download manager. I have problems getting large files done before my isp cuts me off.
Thanks a bunch man. I'll give you a heads up. I am going to ask another question in a couple of minutes.
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
Glad the problem is fixed.  Regarding download manager, I recommend

Download Express
http://www.metaproducts.com/mp/ mpProducts_Downloads_Current.asp

Star Downloader
http://www.stardownloader.com/downloads.php

but don't get Download Accelerator Plus. It is considerd spyware.
0
 

Author Comment

by:sfogle
Comment Utility
Thanks. I'll give it a try
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

If you Lost your Administrator password for Windows XP, Vista, or 7 this CD will help you reset the password to blank so you can log in. Once in you should change that blank password to something!! Download the ISO on this page http://www.spl…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now