1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system 32 page opening

Discussion in 'Windows XP' started by classylassy, Jan 24, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    My mum has a new pc. When her windows start the system 32 page appears.. how can she stop this from happening?

    Thanks
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    It could be a few things. First I'd have her post a Hijack log.

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    Thanks for your reply , here is the log

    .Logfile of HijackThis v1.99.1
    Scan saved at 17:15:26, on 29/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\TGVFDMsgservice.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\KMaestro\KMaestro.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLHostManager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLServiceHost.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    c:\program files\common files\aol\1137767749\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLServiceHost.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137767749\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm590YYGB
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25D2070B-286F-42E4-B69B-9D3716712CC1}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Uninstall MyWebSearch from Add/Remove Programs.

    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  5. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    Thank you for your reply

    My web search was not found in Add/Remove programs
    Ewido report

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 17:40:48, 05/02/2006
    + Report-Checksum: 330C2518

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-2037846321-4144312925-1307462437-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-2037846321-4144312925-1307462437-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Shirley\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup


    ::Report End


    Hijack report
    Logfile of HijackThis v1.99.1
    Scan saved at 17:51:24, on 05/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TGVFDMsgservice.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\KMaestro\KMaestro.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLServiceHost.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    c:\program files\common files\aol\1137767749\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1137767749\ee\AOLServiceHost.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137767749\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm590YYGB
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25D2070B-286F-42E4-B69B-9D3716712CC1}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    System page 32 page is still opening on start up.
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm590YYGB


    Boot into Safe Mode.

    Navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    It's normal if some files don't delete!

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new Hijack This log.
     
  7. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    Logfile of HijackThis v1.99.1
    Scan saved at 17:10:11, on 12/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\TGVFDMsgservice.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\KMaestro\KMaestro.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm590YYGB
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Fix this entry with Hijack This:

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm590YYGB

    Reboot.

    Is the System32 folder still coming up?
    If so, check out this link: http://support.microsoft.com/kb/q170086/

    Then, click here to download StartDreck: http://www.greyknight17.com/spy/StartDreck.zip

    UnZip the startdreck.zip file first. DoubleClick: 'StartDreck.exe'
    First click on the config button.
    Now click the Unmark all button
    Put a check by these boxes only:

    * In the Registry column select "Run keys"
    *In the Files column select "Autostart folders"

    Hit >OK.

    Now click the Save button to save that log. Go to the StartDreck folder and find the Startdreck.log file.

    Copy and Paste the contents of that log back here and await further instructions.
     
  9. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    yes it is still coming up, will look at the link u sent.

    this will not go away, in hi jack this... O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I know. That's why we will use StartDreck. That *should* remove it.
     
  11. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    thanks for all your help!
    We have looked at the link u gave for the system 32 page, but am sorry to say that i just dont understand exactly what we are looking for, we went into the registry and followed the key and couldnt see anything the link mentioned, but then again am not sure if we are doing it right. :rolleyes: would u be able to explain? thanks
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Let's try this
    Go here: http://www.kellys-korner-xp.com/xp_tweaks.htm
    Scroll to # 260 System32 Folder Opens Upon Boot
    Download the VBS file
    To use the VBS Files: Download .vbs file and save it to your hard drive (you may want to right click and use Save Target As). Double
    click the vbs file. You will be prompted when the script is done.

    NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled. These scripts are not malicious, but they do make changes to the System Registry.
     
  13. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    stardreck log. I hope wasnt sure.

    StartDreck (build 2.1.7 public stable) - 2006-02-19 @ 15:08:42 (GMT +00:00)
    Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
    Internet Explorer: 6.0.2900.2180
    Logged in as Shirley at BUBBLES

    »Registry
    »Run Keys
    »Current User
    »Run
    *Power2GoExpress="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    +BtcMaestro
    *ModelName=5545URF
    *Version=2.1.1-130AU MUL
    *Language=
    *KeyboardID=
    *MouseID=
    *KeyboardSID=
    *MouseSID=
    *RxSecret=
    *RMenuSel=
    *AddMouse=
    *JumpPickLevel=
    *KeyboardBat=
    *MouseBat=
    *KeyboardCh=
    *MouseCh=
    +Config
    *DisplayLabel=
    *TaskbarIcon=
    *Autoplay=
    *F091=0Q;my music
    *L091=My Music
    *F090=0P;my pictures
    *L090=My Pictures
    *F089=0J;joystick on
    *L089=Joy Stick ON
    *F088=0J;joystick off
    *L088=Joy Stick OFF
    *F087=F;next track
    *L087=Next Track
    *F086=G;previous track
    *L086=Previous Track
    *F085=E;stop
    *L085=Stop
    *F084=0H;mouse fifth button
    *L084=Mouse 5th Button
    *F083=C;volume down
    *L083=Volume Down
    *F082=B;volume up
    *L082=Volume Up
    *F081=D;play
    *L081=Play/Pause
    *F080=0G;mouse fourth button
    *L080=Mouse 4th Button
    *F079=0F;scroll right
    *L079=Middle + Wheel Down
    *F078=0E;scroll left
    *L078=Middle + Wheel Up
    *F077=J;www(AC)
    *L077=www
    *F076=0I;quick jump
    *L076=Mouse Middle Button
    *F075=0F;scroll right
    *L075=Middle + Right
    *F074=0E;scroll left
    *L074=Middle + Left
    *F073=m;scroll down
    *L073=Scroll Wheel Down
    *F072=l;scroll up
    *L072=Scroll Wheel Up
    *F071=0I;quick jump
    *L071=Quick Jump
    *F070=0F;scroll right
    *L070=Scroll Right
    *F069=0E;scroll left
    *L069=Scroll Left
    *F068=0D:set SID final
    *L068=Set SID Final
    *F067=0C:paint
    *L067=Paint
    *F066=0B;mouse middle button
    *L066=Mouse Middle Button
    *F065=0A;europe dollar(OF)
    *L065=Europe Dollar
    *F064=0-;reply all(OF)
    *L064=Reply All
    *F063=09;eject 2
    *L063=Eject/Close 2
    *F062=08:help(OF)
    *L062=Help
    *F061=07;redo(OF)
    *L061=Redo
    *F060=06;undo(OF)
    *L060=Undo
    *F059=05;task pane(OF)
    *L059=Task pane
    *F058=04;send(OF)
    *L058=Send
    *F057=03;f'ward(OF)
    *L057=F'ward
    *F056=02;reply(OF)
    *L056=Reply
    *F055=01;bullets(OF)
    *L055=Bullets
    *F054=00;spell(OF)
    *L054=Spell
    *F053=z;bold(OF)
    *L053=Bold
    *F052=y;replace(OF)
    *L052=Replace
    *F051=x;save(OF)
    *L051=Save
    *F050=w;open(OF)
    *L050=Open
    *F049=v;new(OF)
    *L049=New
    *F048=u;copy(OF)
    *L048=Copy
    *F047=t;cut(OF)
    *L047=Cut
    *F046=s;mark(OF)
    *L046=Mark
    *F045=r;paste(OF)
    *L045=Paste
    *F044=q;calendar(OF)
    *L044=Calendar
    *F043=p;power point(OF)
    *L043=Power Point
    *F042=o;excel(OF)
    *L042=Excel
    *F041=n;word(OF)
    *L041=Word
    *F040=m;scroll down
    *L040=Scroll Down
    *F039=l;scroll up
    *L039=Scroll Up
    *F038=k;Configure
    *L038=Configure
    *F037=j;keyboard and mouse battery low
    *L037=Keyboard and Mouse Battery Low
    *F036=i;mouse battery low
    *L036=Mouse Battery Low
    *F035=h;keyboard battery low
    *L035=Keyboard Battery Low
    *F034=g;keyboard and mouse battery OK
    *L034=
    *F033=f:wake up
    *L033=Wake Up
    *F032=e:sleep
    *L032=Sleep
    *F031=d;power off
    *L031=Power Off
    *F030=c;mf
    *L030=F-Lock
    *F029=b;app. close
    *L029=App. Close
    *F028=a;app. switch
    *L028=App. Switch
    *F027=Z;log off
    *L027=Log Off
    *F026=Y;my computer
    *L026=My Computer
    *F025=X;refresh(AC)
    *L025=www Refresh
    *F024=W;print(OF)
    *L024=Print
    *F023=V;notepad
    *L023=Notepad
    *F022=U;explorer
    *L022=Explorer
    *F021=T;mediaplayer
    *L021=Mediaplayer
    *F020=S;my documents
    *L020=My Documents
    *F019=R;calculator
    *L019=Calculator
    *F018=Q;help(manual)
    *L018=KeyMaestro Help
    *F017=P;help(OS)
    *L017=OS Help
    *F016=O;favorite(AC)
    *L016=www Favorite
    *F015=N;search(AC)
    *L015=www Search
    *F014=M;forward(AC)
    *L014=www Forward
    *F013=L;back(AC)
    *L013=www Back
    *F012=K;stop(AC)
    *L012=www Stop
    *F011=J;www(AC)
    *L011=www
    *F010=I;email(AL)
    *L010=Email
    *F009=H;eject
    *L009=Eject/Close
    *F008=G;previous track
    *L008=Previous Track
    *F007=F;next track
    *L007=Next Track
    *F006=E;stop
    *L006=Stop
    *F005=D;play
    *L005=Play/Pause
    *F004=C;volume down
    *L004=Volume Down
    *F003=B;volume up
    *L003=Volume Up
    *F002=A;mute
    *L002=Mute
    *F001=-;none
    *L001=None
    »RunOnce
    »Default User
    »Run
    *CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE
    *AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
    »RunOnce
    »Local Machine
    »Run
    *ehTray=C:\WINDOWS\ehome\ehtray.exe
    *SM1BG=C:\WINDOWS\SM1BG.EXE
    *Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
    *ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    *High Definition Audio Property Page Shortcut=HDAShCut.exe
    *Sunkist2k=C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    *AGRSMMSG=AGRSMMSG.exe
    *TGX2_VFD="C:\WINDOWS\system32\TGVFDMsgservice.exe"
    *RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    *RTHDCPL=RTHDCPL.EXE
    *BtcMaestro="C:\Program Files\KMaestro\KMaestro.exe"
    *WorksFUD=C:\Program Files\Microsoft Works\wkfud.exe
    *Microsoft Works Portfolio=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    *Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe
    *%FP%Friendly fts.exe="C:\Program Files\VoyagerTest\fts.exe"
    *AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    *DSLSTATEXE=C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    *DSLAGENTEXE=C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    *WService=WService.EXE
    *MyWebSearch Email Plugin=
    *Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    +OptionalComponents
    +MSFS
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »Autostart Folders
    »Current User
    *C:\Documents and Settings\Shirley\Start Menu\Programs\Startup\desktop.ini
    »Default User
    *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
    »Local Machine
    *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FreeventsSchedule.lnk
    *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
    »System/Drivers
    »Application specific
     
  14. classylassy

    classylassy Thread Starter

    Joined:
    May 28, 2003
    Messages:
    276
    Also tried the VBS file but it reported that issue could not be repaired ar the expected reg value was not found
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run Startdreck again and check the same options as you did before then find this entry:

    *MyWebSearch Email Plugin=

    Select that entry then click the "Delete" button to delete it.

    Rescan with Hijack This and post a new log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - system page opening
  1. conceptualclarit
    Replies:
    4
    Views:
    392
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436962

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice