PDA

View Full Version : can't change home page stays on update.microsoft.com/windowsupdate



zmartha
2006-06-26, 20:43
I can't change my homepage back to Google.com which is where it was setting up til 2 weeks ago. It now always opens to update.microsoft.com/windowsupdate/v6, and I have run my McAfee , Adaware, Spybot, Defender and checked settings and cannot see a setting anywhere that is doing it. I need Google back please give me some advice. Some times "Use Current is faded out.

Jim B
2006-06-26, 22:01
Try this:

1. Go into Internet Explorer
2. Select tools then Internet options
3. Select the advanced tab
4. Under the browsing heading should be an option to automatically check for Internet Explorer updates.

Check to see if this is checked, if so there is your problem

md usa spybot fan
2006-06-26, 22:39
zmartha:

There is an option within Spybot that sets a flag which prevents your home page from being changed. To see if this flag is set, go into Spybot > Mode > Advanced Mode > Tools > IE Tweaks. There are three "Miscellaneous locks" on Spybot's IE tweaks page:
Lock Hosts file read-only as protection against hijackers
Lock IE start page setting against user changes (current user)
Lock IE control panel against opening from within IE (current user)
If the "Lock IE start page setting against user changes (current user)" is checked, uncheck it and see if you can change your home page.

zmartha
2006-06-27, 06:17
Dear MD USA & Jim B:
I tried what you suggested and there was no check mark in any of those areas in Spybot or IE. I still cannot get it to change. Also, I cannot manually scan with McAfee because the window where Scan Virus is only allows me to set the otions for the scan and where, but the button that says Scan or proceed is out of sight, and I have set my screen resolution and fonts to be smaller so I can see the whole window, but I still cannot manually scan. Would that have any connection to this whole problem?

Anyway, I need more suggestions please.

zmartha
2006-06-28, 18:37
I still need help with not being able to change my homepage to Google; it is stuck on update.microsoft.com/windowsupdate/v6, and I have run my McAfee , Adaware, Spybot, Defender and checked settings and cannot see a setting anywhere that is doing it.

I followed 2 sets of suggestions to no avail. spybot is not holding it that I can see, neither is IE, don't know how to tell if McAfee is doing it. But I don't think it is. PLEASE HELP! zmartha

tashi
2006-06-28, 23:47
Hello zmartha.

Could you give more details as to when the problem started please.

For instance are these your posts here:
6/22/2005
http://www.cdrinfo.com/forum/tm.asp?m=80060&mpage=16&key=

6/23/2005
http://www.cdrinfo.com/forum/tm.asp?m=112870&mpage=1&key=&#112870

zmartha
2006-06-29, 05:15
I will try to explain better.

Another person asked this same question, but got no solution that I can see at http://www.computing.net/security/wwwboard/forum/17667.html
My sister is the one who has the problem--I was visiting her this week and could tell that her PC was acting "funny." She can't change her homepage back to Google.com which is where it was set and opening to just fine til , she says, about 6 months ago. It now always opens to update.microsoft.com/windowsupdate/v6, and I have run her McAfee, Adaware, Spybot, Defender, and maybe Spyblaster and checked settings and cannot see a setting anywhere that is doing it.
Some times "Use Current" is faded out when I try to change the homepage in IE Options. I have tried to set Dogpile as home page and it still won't change, even tho Spybot shows it as the current home page and the microsoft update as former home page, it continues to open at the ms update page.
She does not have IE6 checked to automatically update, but she does have MS updates to automatically download and install. I have tried this suggestion:
"There is an option within Spybot that sets a flag which prevents your home page from being changed. To see if this flag is set, go into Spybot > Mode > Advanced Mode > Tools > IE Tweaks. There are three "Miscellaneous locks" on Spybot's IE tweaks page:

* Lock Hosts file read-only as protection against hijackers
* Lock IE start page setting against user changes (current user)
* Lock IE control panel against opening from within IE (current user)

If the "Lock IE start page setting against user changes (current user)" is checked, uncheck it and see if you can change your home page."

(My sister had none of these checked.)

If my sister and that guy above have this same problem, then there are others who are having it who weren't/aren't aware of the home page problem, so please help. Spybot's forum could not help us.

Oh, yes, my sister's server is MSN--she changed over to that and DSL in the last few months. I wonder if they make their own home page for their clients? If you need more info, please feel free to ask.
Thanks, zmartha
Yes, those were my posts from last year. I sent the DVD player back. Something was wrong with my PC--motherboard connection, I believe.

Zenobia
2006-06-30, 09:14
What firewall does your sister use?

zmartha
2006-07-01, 20:02
My sister has the McAfee Internet Suite--all updated witht he Firewall, which is enabled.

Zenobia
2006-07-01, 20:37
Okay,I heard some people with another firewall were sometimes having problems changing their homepage,so I thought I'd check which one she had.

zmartha
2006-07-03, 00:39
So, can no one help me on my sister's problem of not being able to change the home page away from update.miscrosoft . . .?

tashi
2006-07-03, 06:33
Hello.

We could see a log and take a look at the system.


Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report. :)

zmartha
2006-07-07, 18:14
Tashi, Here is my sister's spybot log as you requested:
Oops, this window flew up and says:
The text that you have entered is too long (186323 characters). Please shorten it to 20000 characters long.

I will try to send it as an attachment. No, I get amessage that the attachment is too big in text format,
So, now what do I do?
zmartha

tashi
2006-07-07, 18:41
Hi there.

Did you follow these instructions:

ensure all the options are selected near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report. which helps shorten the length of the logs.

If so, please use as many posts as it takes to copy/paste the log into the topic.

Cheers.

zmartha
2006-07-08, 00:00
I believe she followed all your instructions. I am back in the Ozarks and she is in Iowa, but I told her to follow your instructions, so here is the first part of the spybot log.

--- Search result list ---
Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Avenue A, Inc.: Tracking cookie (Internet Explorer: Sue) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-01 Includes\Cookies.sbi (*)
2006-07-01 Includes\Dialer.sbi (*)
2006-07-01 Includes\Hijackers.sbi (*)
2006-07-01 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-07-01 Includes\Malware.sbi (*)
2006-07-01 Includes\PUPS.sbi (*)
2006-07-01 Includes\Revision.sbi (*)
2006-07-01 Includes\Security.sbi (*)
2006-07-01 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-01 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)

--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: acc7b414ef1abea6aa654b74cc9a90cf
Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
file:
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490f273b0e3bcf05dc3c308abcc0b
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7e5fc860ecbd3fe4d0bf7e1814a37b56
Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: e91cde1b706189c03904a901a1ca1832
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a
Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
file: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84ce197c2869be8965644396841fdd19
Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe
Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: e8d2dcece015f4558aa3853514664f15
Located: HK_LM:Run, MCUpdateExe
command: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 212992
MD5: dec79e9887924b82837b9b7730ecaa1f
Located: HK_LM:Run, MediaFace Integration
command: C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
file: C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
size: 53248
MD5: c108e71530073dda128b9998be00acf9
Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 5046f135bb97a68bfe485ab039e605c0
Located: HK_LM:Run, mmtask
command: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: ddded6213d8e8cb91a9bf3107114b335
Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1005096
MD5: d76dcba1bce72093e00a4efa114a4e98
Located: HK_LM:Run, OASClnt
command: C:\Program Files\McAfee.com\VSO\oasclnt.exe
file: C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76e033f33912bfaca4a05be8d1f3a740
Located: HK_LM:Run, P17Helper
command: Rundll32 P17.dll,P17Helper
file:
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a
Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:
Located: HK_LM:Run, ReminderApp
command: C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
file: C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
size: 145104
MD5: 465499c49b9e1ff943998197464b01ac
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 52b80c30225de81d7ac989dfe7311877
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_LM:Run, VirusScan Online
command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: b154ac6dbd82f96476003e58e1625bd8
Located: HK_LM:Run, VSOCheckTask
command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
size: 151552
MD5: 3c943ceb913520f9981d82db93ba7a8a
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207bba7a51043ff2c5d64df4c3b6310
Located: HK_LM:Run, zSPGuard
command: c:\program files\pjw\spguard\spguard.exe /s
file:
Located: HK_LM:RunOnceEx,
command:
file:
Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16e91805cc071039372ae0037aaa9a2b
Located: Startup (common), HP Image Zone Fast Start.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 91c0436bd6cb73370895ef33c1c9cb47
Located: Startup (common), Kodak EasyShare software.lnk
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 176128
MD5: 1774f25ee888f4af98dd7aefc2bfbb89
Located: Startup (common), Kodak software updater.lnk
command: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

zmartha
2006-07-08, 00:02
Here is 2nd part of 3 parts of sister's spybot log:

file: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: db9012564169875f5b2aa7f5fc4905e4
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87
Located: Startup (user), Yankee Clipper III.lnk
command: C:\Program Files\YCIII\YankClip.exe
file: C:\Program Files\YCIII\YankClip.exe
size: 1368064
MD5: 046bcdf0793e96dc6d7a4c780ee73ce6
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 1/17/2005 11:22:04 PM
Date (last access): 7/5/2006 6:29:22 PM
Date (last write): 8/13/2004 2:05:00 AM
Filesize: 118842
Attributes: archive
MD5: 14EFF6496CF0E873F8F7CD930B135CF9
CRC32: AD5180E4
Version: 1.4.8.0
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: <http://www.microsoft.com/money/default.asp>
info source: TonyKlein
--- ActiveX list ---

--- Process list ---
PID: 0 ( 0) [System]
PID: 596 ( 4) \SystemRoot\System32\smss.exe
PID: 644 ( 596) \??\C:\WINDOWS\system32\csrss.exe
PID: 668 ( 596) \??\C:\WINDOWS\system32\winlogon.exe
PID: 712 ( 668) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 724 ( 668) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 912 ( 712) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 932 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1004 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1100 ( 712) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1164 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1308 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1440 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1568 ( 712) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1728 (1704) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1844 (1728) C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ED85B344E6EDC30C1BC57EC1A2A56BF3
PID: 1884 (1728) C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84CE197C2869BE8965644396841FDD19
PID: 1924 (1728) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7
PID: 1932 (1728) C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
size: 57344
MD5: E7D1D8179FE03E2BC569A92B56509414
PID: 1948 (1728) C:\WINDOWS\system32\Rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1972 (1728) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7E5FC860ECBD3FE4D0BF7E1814A37B56
PID: 1992 (1728) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490F273B0E3BCF05DC3C308ABCC0B
PID: 2008 (1728) C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: DDDED6213D8E8CB91A9BF3107114B335
PID: 2032 (1728) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: E8D2DCECE015F4558AA3853514664F15
PID: 160 (1728) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 232 (1728) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: B154AC6DBD82F96476003E58E1625BD8
PID: 252 (1728) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 5046F135BB97A68BFE485AB039E605C0
PID: 280 ( 232) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 483328
MD5: 3B1A1BAA8D7444DEFCE4093611212ED6
PID: 412 (1728) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: E91CDE1B706189C03904A901A1CA1832
PID: 432 ( 712) C:\WINDOWS\system32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 476 ( 712) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
size: 73852
MD5: 3277CF101AE78C38B00702D688E37D44
PID: 504 ( 712) c:\program files\mcafee.com\agent\mcdetect.exe
size: 126976
MD5: F73B0F3EBD90B1C87A3B93BE94E831C7
PID: 548 ( 712) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 221184
MD5: FAE84A2F9C11B7C532950BF0AE1EC26A
PID: 624 (1728) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 832 (1728) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1005096
MD5: D76DCBA1BCE72093E00A4EFA114A4E98
PID: 776 (1728) C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76E033F33912BFACA4A05BE8D1F3A740
PID: 956 (1728) C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
size: 145104
MD5: 465499C49B9E1FF943998197464B01AC
PID: 1080 (1728) C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207BBA7A51043FF2C5D64DF4C3B6310
PID: 1208 (1728) C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: CEA4715092CB7984420DBC9F51FB4C35
PID: 1292 ( 712) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
size: 122368
MD5: A214E217784D1002411DCA8E9793D4A4
PID: 1456 ( 712) C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
size: 548864
MD5: 316535E69181703D4CE4623DEA29FECB
PID: 1688 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1780 ( 712) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1344 ( 712) C:\WINDOWS\system32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 2168 (1728) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 2264 (1728) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16E91805CC071039372AE0037AAA9A2B
PID: 2344 (1728) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 176128
MD5: 1774F25EE888F4AF98DD7AEFC2BFBB89
PID: 2388 (1728) C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: DB9012564169875F5B2AA7F5FC4905E4
PID: 2476 (1728) C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
PID: 2516 (1728) C:\Program Files\YCIII\YankClip.exe
size: 1368064
MD5: 046BCDF0793E96DC6D7A4C780EE73CE6
PID: 2604 (2476) C:\Program Files\SpywareGuard\sgbhp.exe
size: 233472
MD5: A80D0704537C0EF97DB2BEF24B99AF1A
PID: 2720 (2284) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
size: 520192
MD5: B828B8620CAB7FC4D6865A30FB650049
PID: 3572 ( 712) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3580 ( 932) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
size: 524288
MD5: EFFC4B0F270FC1A6EDF49A274BF5CDF8
PID: 288 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3204 (1728) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/5/2006 6:42:01 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
<http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
<http://bfc.myway.com/search/de_srchlft.html>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
<http://www.google.com/>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
<http://www.dell4me.com/myway>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
<http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
<http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
<http://home.microsoft.com/search/search.asp>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoftcom/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home <http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
<http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
<http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
<http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
<http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm>

zmartha
2006-07-08, 00:15
part 3 of sister's spybot log of perhaps 6 parts

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
2 Player Chess (2 Player Chess)
uninstall cmd: C:\PROGRA~1\eGames\2PLAYE~1\UNWISE.EXE C:\PROGRA~1\eGames\2PLAYE~1\INSTALL.LOG
Acey Deucy Backgammon (Acey Deucy Backgammon)
uninstall cmd: C:\PROGRA~1\eGames\ACEYDE~1\UNWISE.EXE C:\PROGRA~1\eGames\ACEYDE~1\INSTALL.LOG
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
ATI Display Driver 8.051-040825a-017900C-Dell (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Boggle (Bogglev1)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
(Branding)
By Design (By Design V5.0)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\By Design\DeIsL2.isu"
Card and Board Games (Card and Board Games)
uninstall cmd: C:\PROGRA~1\eGames\CARDAN~1\UNWISE.EXE C:\PROGRA~1\eGames\CARDAN~1\INSTALL.LOG
Checkers (Checkers)
uninstall cmd: C:\PROGRA~1\eGames\Checkers\UNWISE.EXE C:\PROGRA~1\eGames\Checkers\INSTALL.LOG
Chinese Checkers Special Edition (Chinese Checkers Special Edition)
uninstall cmd: C:\PROGRA~1\eGames\CHINES~1\UNWISE.EXE C:\PROGRA~1\eGames\CHINES~1\INSTALL.LOG
Milton Bradley Classic Board Games (ClassicBoard)
uninstall cmd: C:\Program Files\Hasbro Interactive\Classic Games\MBUninst.exe
Colors of War (Colors of War)
uninstall cmd: C:\PROGRA~1\eGames\COLORS~1\UNWISE.EXE C:\PROGRA~1\eGames\COLORS~1\INSTALL.LOG
(Connection Manager)
Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninstal.exe
(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
(Creative MiniDisc Center)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
Cribbage (Cribbage)
uninstall cmd: C:\PROGRA~1\eGames\Cribbage\UNWISE.EXE C:\PROGRA~1\eGames\Cribbage\INSTALL.LOG
Crossword Mania (Crossword Mania)
uninstall cmd: C:\PROGRA~1\eGames\CROSSW~1\UNWISE.EXE C:\PROGRA~1\eGames\CROSSW~1\INSTALL.LOG
Dell Support 5.0.0 (766) (DellSupport)
uninstall cmd: rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
(DEVCTRL2)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
(Diagnostics3)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
(DirectAnimation)
(DirectDrawEx)
(dlatray.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Dominoes Deluxe (Dominoes Deluxe)
uninstall cmd: C:\PROGRA~1\eGames\DOMINO~1\UNWISE.EXE C:\PROGRA~1\eGames\DOMINO~1\INSTALL.LOG
Dweebs (Dweebs)
uninstall cmd: C:\PROGRA~1\eGames\Dweebs\UNWISE.EXE C:\PROGRA~1\eGames\Dweebs\INSTALL.LOG
(DXM_Runtime)
(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
eGames Fishing (eGames Fishing)
uninstall cmd: C:\PROGRA~1\eGames\EGAMES~1\UNWISE.EXE C:\PROGRA~1\eGames\EGAMES~1\INSTALL.LOG
(EQUALIZER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
Euchre (Euchre)
uninstall cmd: C:\PROGRA~1\eGames\Euchre\UNWISE.EXE C:\PROGRA~1\eGames\Euchre\INSTALL.LOG
Extreme Bugs Special Edition (Extreme Bugs Special Edition)
uninstall cmd: C:\PROGRA~1\eGames\EXTREM~1\UNWISE.EXE C:\PROGRA~1\eGames\EXTREM~1\INSTALL.LOG
Extreme Orchids Special Edition (Extreme Orchids Special Edition)
uninstall cmd: C:\PROGRA~1\eGames\EXTREM~2\UNWISE.EXE C:\PROGRA~1\eGames\EXTREM~2\INSTALL.LOG
(Fontcore)
Four Field Kono (Four Field Kono)
uninstall cmd: C:\PROGRA~1\eGames\FOURFI~1\UNWISE.EXE C:\PROGRA~1\eGames\FOURFI~1\INSTALL.LOG
Galaxy Man (Galaxy Man)
uninstall cmd: C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG
Geo Jump (Geo Jump)
uninstall cmd: C:\PROGRA~1\eGames\GEOJUM~1\UNWISE.EXE C:\PROGRA~1\eGames\GEOJUM~1\INSTALL.LOG
Gin Rummy (Gin Rummy)
uninstall cmd: C:\PROGRA~1\eGames\GINRUM~1\UNWISE.EXE C:\PROGRA~1\eGames\GINRUM~1\INSTALL.LOG
HP Image Zone 4.2 4.2 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Hoyle Casino 2004 1.00.0000 (InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF})
version: 16777216
version (major): 1
estimated size: 496372
install date: 20050125
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{224C47F4-CB95-406C-8AD6-81002FEED0CF}
publisher: Sierra
comments: Patches on the Sierra site are in the Support then Downloads section.
contact: Sierra Entertainment Technical Support
help link: http://support.vugames.com
help telephone: 1-310-649-8033
readme: readme.txt
Broadcom Advanced Control Suite 2 7.58.01 (InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C})
version: 121241601
version (major): 7
version (minor): 58
install date: 20050117
install location: C:\Program Files\Broadcom\BACS\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
publisher: Broadcom
comments: Broadcom Advanced Control Suite 2 (BACS)
contact: Dell Customer Support
help link: http://www.support.dell.com
help telephone: ..
readme: C:\Program Files\Broadcom\BACS\Readme.txt
MediaFACE 4.01 4.01 (InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D})
version: 67174400
version (major): 4
version (minor): 1
estimated size: 151589
install date: 20050303
install source: D:\Setup\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
publisher: Fellowes
comments:
contact: Media Labeling Technical Support
help link: http://www.fellowes.com
help telephone: 1-866-775-7860
readme: file://C:\Program Files\Fellowes\MediaFACE 4.0\License.txt
Hoyle Card Games 2004 1.00.0000 (InstallShield_{744F6CCF-9F56-40A0-A33D-2A45D53B6046})
version: 16777216
version (major): 1
estimated size: 529572
install date: 20050124
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{744F6CCF-9F56-40A0-A33D-2A45D53B6046}
publisher: Sierra
comments: Patches on the Sierra site are in the Support then Downloads section.
contact: Sierra Entertainment Technical Support
help link: http://support.vugames.com
help telephone: 1-310-649-8033
readme: readme.txt
MediaFACE 4.01 Image Library 4.01 (InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181})
version: 67174400
version (major): 4
version (minor): 1
estimated size: 71377
install date: 20050303
install source: D:\ImageLibraries\All\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{82AF77BC-423D-42DA-BE5B-FFCA04752181} /l1033
publisher: Fellowes
comments:
contact: Media Labeling Technical Support
help link: http://www.fellowes.com
help telephone: +1-866-775-7860
Hoyle Games Demo 1.00.0000 (InstallShield_{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59})
version: 16777216
version (major): 1
estimated size: 53728
install date: 20050124
install source: D:\HSD2\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}

zmartha
2006-07-08, 00:30
Tashi,
I have submitted spybot log 4 & 5, but they don't appear, and I still have a 6 & 7, but I don't want to post them if the other two posts aren't going to show up. :confused:

md usa spybot fan
2006-07-08, 00:47
zmartha:

It appears that you (or your sister) may not have unchecked the following items before producing the Spybot report, causing the listing to be extremely large:

[ ] Include uninstall list in report.
[ ] Include a list of services in report.

Wait and see if what you posted so far is sufficient for analysis.

md usa spybot fan
2006-07-08, 07:02
zmartha:

Possible cause of problem:

From Spybot Report:

Located: HK_LM:Run, zSPGuard
command: c:\program files\pjw\spguard\spguard.exe /s
From Bleeping Computer:
Spguard.exe Information
http://www.bleepingcomputer.com/startups/Spguard.exe-7084.html

"StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."

zmartha
2006-07-11, 02:33
I unchecked spquard from my startup. Still have the same problem. I also can't find spquard in my program files, nor have I uninstalled it.
Martha's sister, Sue

Zenobia
2006-07-11, 05:07
To find it,try looking for a pjw folder in Program Files:

c:\program files\pjw\spguard\spguard.exe

I didn't have any troubles changing my homepage after unchecking spguard from start-up,though.Thought I'd check for you,just to be certain.

Lamborghini
2006-07-11, 15:13
I tried absolutly everything I could think of. I tried all the suggestions such as reg editing and scanning but that didnt work. The closest thing I could get to resetting the homepage was to start in safe mode, change the homepage and then boot up in normal mode. However although the homepage is what I want it to be, it still will not reset properly.

zmartha
2006-07-11, 16:31
To find it,try looking for a pjw folder in Program Files:

c:\program files\pjw\spguard\spguard.exe

I didn't have any troubles changing my homepage after unchecking spguard from start-up,though.Thought I'd check for you,just to be certain.

Oh, I did that first off and even put a tick in the "show hidden files" just to make sure it wasn't hidden and it is not there. I did a search for pjw and for spguard and nothing. I looked in Add/Remove and nothing. AND I don't ever remember installing the program, much less uninstalling, so figure it must have come in on something else.

My sister tried uploading the newer shortened spybot report, and it looks like it never came thru to this forum, so then she copied and pasted it into a message just 12 hours ago, and it appears that it also did not get thru.

I would like you to look at the complete report because it may not be spguard. I know there are at least two other people out there who are having the same problem. Shall I try to copy and paste the spybot report/log again?
zmartha

md usa spybot fan
2006-07-11, 16:32
Lamborghini:

Do you run ZoneAlarm?

md usa spybot fan
2006-07-11, 19:15
Sue:

Using Registry Editor, navigate to the following Registry Key and look at the permissions:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Specific instructions:
Go into Start > Run… > type "regedit" (no quotes) > then click "OK".
Expand HKEY_CURRENT_USER by clicking the + (plus sign) in front of it.
Expand HKEY_CURRENT_USER\Software by clicking the + (plus sign) in front Software.
Expand HKEY_CURRENT_USER\Software\Microsoft by clicking the + (plus sign) in front Microsoft.
Expand HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer by clicking the + (plus sign) in front of Internet Explorer.
Right click on Main (actually HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main) and select "Permissions…".
Make sure that for the "Group or user name" that is trying to change the home page that "Deny" is not checked for "Full Control". If it is, uncheck it.

zmartha
2006-07-12, 18:45
--- Search result list ---
Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-07 Includes\Cookies.sbi (*)
2006-07-07 Includes\Dialer.sbi (*)
2006-07-07 Includes\Hijackers.sbi
2006-07-07 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-07-07 Includes\Malware.sbi (*)
2006-07-07 Includes\PUPS.sbi (*)
2006-07-07 Includes\Revision.sbi (*)
2006-07-07 Includes\Security.sbi (*)
2006-07-07 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-07 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)

--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: acc7b414ef1abea6aa654b74cc9a90cf

Located: HK_LM:Run, CTSysVolcommand: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
file:

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490f273b0e3bcf05dc3c308abcc0b

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7e5fc860ecbd3fe4d0bf7e1814a37b56

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: e91cde1b706189c03904a901a1ca1832

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a
Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
file: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84ce197c2869be8965644396841fdd19

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: e8d2dcece015f4558aa3853514664f15

Located: HK_LM:Run, MCUpdateExe
command: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 212992
MD5: dec79e9887924b82837b9b7730ecaa1f

Located: HK_LM:Run, MediaFace Integration
command: C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
file: C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
size: 53248
MD5: c108e71530073dda128b9998be00acf9

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 5046f135bb97a68bfe485ab039e605c0

Located: HK_LM:Run, mmtask
command: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: ddded6213d8e8cb91a9bf3107114b335

Located: HK_LM:Run, MPFExe command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1005096
MD5: d76dcba1bce72093e00a4efa114a4e98

Located: HK_LM:Run, OASClnt
command: C:\Program Files\McAfee.com\VSO\oasclnt.exe
file: C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76e033f33912bfaca4a05be8d1f3a740

Located: HK_LM:Run, P17Helper
command: Rundll32 P17.dll,P17Helper
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:

Located: HK_LM:Run, ReminderApp
command: C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
file: C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
size: 145104
MD5: 465499c49b9e1ff943998197464b01ac

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 52b80c30225de81d7ac989dfe7311877

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, VirusScan Online
command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: b154ac6dbd82f96476003e58e1625bd8

Located: HK_LM:Run, VSOCheckTask
command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
size: 151552
MD5: 3c943ceb913520f9981d82db93ba7a8a

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207bba7a51043ff2c5d64df4c3b6310

Located: HK_LM:Run, zSPGuard
command: c:\program files\pjw\spguard\spguard.exe /s
file:

Located: HK_LM:RunOnceEx,
command:
file:

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16e91805cc071039372ae0037aaa9a2b

Located: Startup (common), HP Image Zone Fast Start.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 91c0436bd6cb73370895ef33c1c9cb47

Located: Startup (common), Kodak EasyShare software.lnk
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 176128
MD5: 1774f25ee888f4af98dd7aefc2bfbb89

Located: Startup (common), Kodak software updater.lnk
command: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
file: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: db9012564169875f5b2aa7f5fc4905e4

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87

Located: Startup (user), Yankee Clipper III.lnk
command: C:\Program Files\YCIII\YankClip.exe
file: C:\Program Files\YCIII\YankClip.exe
size: 1368064
MD5: 046bcdf0793e96dc6d7a4c780ee73ce6

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 3:17:44 PM
Date (last access): 7/10/2006 10:30:32 AM
Date (last write): 11/3/2003 3:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuard Download Protection)
BHO name: SpywareGuard Download Protection
CLSID name: SpywareGuardDLBLOCK.CBrowserHelper
description: SpywareGuard download protection
classification: Legitimate
known filename: dlprotect.dll
info link: http://www.wilderssecurity.net/spywareguard.html
info source: TonyKlein
Path: C:\Program Files\SpywareGuard\
Long name: dlprotect.dll
Short name: DLPROT~1.DLL
Date (created): 8/2/2003 11:24:02 PM
Date (last access): 7/10/2006 10:30:32 AM
Date (last write): 8/2/2003 11:24:02 PM
Filesize: 192512
Attributes: readonly archive
MD5: 964621E8B2415FEAA99026ED4F29D198
CRC32: DC8CF59D
Version: 2.2.0.0

{4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
BHO name:
CLSID name:
description: MyWay Search Assistant for Dell computers
classification: Legitimate
known filename: %ProgramFiles%\MYWAY\SASRCHASDE1.BINDESRCAS.DLL
info link:
info source: TonyKlein
Path: C:\Program Files\MyWaySA\SrchAsDe\1.bin\
Long name: deSrcAs.dll
Short name:
Date (created): 1/17/2005 11:22:42 PM
Date (last access): 7/10/2006 10:30:32 AM
Date (last write): 9/27/2004 8:57:06 PM
Filesize: 90112
Attributes: archive
MD5: 1022E0D14EDCABC234FD055390C0FB01
CRC32: B056B331
Version: 1.0.1.7

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/12/2004 2:03:00 AM
Date (last access): 7/10/2006 10:30:32 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 1/17/2005 11:22:04 PM
Date (last access): 7/10/2006 10:30:32 AM
Date (last write): 8/13/2004 2:05:00 AM
Filesize: 118842
Attributes: archive
MD5: 14EFF6496CF0E873F8F7CD930B135CF9
CRC32: AD5180E4
Version: 1.4.8.0

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein

zmartha
2006-07-12, 18:47
--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 1/28/2005 3:38:00 PM
Date (last access): 7/10/2006 10:16:18 AM
Date (last write): 6/19/2006 4:19:42 PM
Filesize: 571184
Attributes: archive
MD5: 31BF58C9814F840EB10A2B7A410ABEA3
CRC32: DAFAE165
Version: 1.5.540.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 6:48:18 PM
Date (last access): 7/4/2006 6:21:44 PM
Date (last write): 11/19/2003 6:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 6:48:18 PM
Date (last access): 7/10/2006 10:44:14 AM
Date (last write): 11/19/2003 6:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 3/31/2006 11:45:12 AM
Date (last access): 7/7/2006 6:26:42 AM
Date (last write): 3/31/2006 11:45:12 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4790/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 6/21/2006 9:49:40 AM
Date (last access): 7/4/2006 6:34:18 PM
Date (last write): 6/21/2006 9:49:40 AM
Filesize: 116288
Attributes: archive
MD5: 51A2439A0E5563B2BF3B7D490D6871A6
CRC32: DE058815
Version: 2.1.0.4790



--- Process list ---
PID: 0 ( 0) [System]
PID: 596 ( 4) \SystemRoot\System32\smss.exe
PID: 644 ( 596) \??\C:\WINDOWS\system32\csrss.exe
PID: 668 ( 596) \??\C:\WINDOWS\system32\winlogon.exe
PID: 712 ( 668) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 724 ( 668) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 900 ( 712) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 916 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1036 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1132 ( 712) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1172 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1260 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1380 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1644 (1560) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1680 ( 712) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1796 (1644) C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ED85B344E6EDC30C1BC57EC1A2A56BF3
PID: 1804 (1644) C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84CE197C2869BE8965644396841FDD19
PID: 1820 (1644) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7
PID: 1828 (1644) C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
size: 57344
MD5: E7D1D8179FE03E2BC569A92B56509414
PID: 1864 (1644) C:\WINDOWS\system32\Rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1932 (1644) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7E5FC860ECBD3FE4D0BF7E1814A37B56
PID: 1992 (1644) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490F273B0E3BCF05DC3C308ABCC0B
PID: 2024 (1644) C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: DDDED6213D8E8CB91A9BF3107114B335
PID: 152 (1644) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: E8D2DCECE015F4558AA3853514664F15
PID: 204 (1644) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 248 (1644) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: B154AC6DBD82F96476003E58E1625BD8
PID: 260 ( 248) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 483328
MD5: 3B1A1BAA8D7444DEFCE4093611212ED6
PID: 292 (1644) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 5046F135BB97A68BFE485AB039E605C0
PID: 312 (1644) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: E91CDE1B706189C03904A901A1CA1832
PID: 428 (1644) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 444 (1644) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1005096
MD5: D76DCBA1BCE72093E00A4EFA114A4E98
PID: 452 (1644) C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76E033F33912BFACA4A05BE8D1F3A740
PID: 480 (1644) C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
size: 145104
MD5: 465499C49B9E1FF943998197464B01AC
PID: 628 ( 712) C:\WINDOWS\system32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 948 ( 712) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
size: 73852
MD5: 3277CF101AE78C38B00702D688E37D44
PID: 1084 ( 712) c:\program files\mcafee.com\agent\mcdetect.exe
size: 126976
MD5: F73B0F3EBD90B1C87A3B93BE94E831C7
PID: 1144 ( 712) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 221184
MD5: FAE84A2F9C11B7C532950BF0AE1EC26A
PID: 1284 ( 712) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
size: 122368
MD5: A214E217784D1002411DCA8E9793D4A4
PID: 520 (1644) C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207BBA7A51043FF2C5D64DF4C3B6310
PID: 1480 (1644) C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: CEA4715092CB7984420DBC9F51FB4C35
PID: 1580 (1644) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 1572 (1644) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16E91805CC071039372AE0037AAA9A2B
PID: 1628 ( 712) C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
size: 548864
MD5: 316535E69181703D4CE4623DEA29FECB
PID: 1896 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1512 ( 712) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2132 ( 712) C:\WINDOWS\system32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 2556 (1644) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 176128
MD5: 1774F25EE888F4AF98DD7AEFC2BFBB89
PID: 2584 (1644) C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
size: 16423
MD5: DB9012564169875F5B2AA7F5FC4905E4
PID: 2612 (1772) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
size: 520192
MD5: B828B8620CAB7FC4D6865A30FB650049
PID: 2660 (1644) C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
PID: 2732 (1644) C:\Program Files\YCIII\YankClip.exe
size: 1368064
MD5: 046BCDF0793E96DC6D7A4C780EE73CE6
PID: 2784 (2660) C:\Program Files\SpywareGuard\sgbhp.exe
size: 233472
MD5: A80D0704537C0EF97DB2BEF24B99AF1A
PID: 3700 ( 712) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3904 ( 916) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
size: 524288
MD5: EFFC4B0F270FC1A6EDF49A274BF5CDF8
PID: 1712 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2180 (1644) C:\Program Files\Outlook Express\MSIMN.EXE
size: 60416
MD5: 091C14F4C71328D4316248A2421190DE
PID: 3288 (1644) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/10/2006 10:44:13 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://bfc.myway.com/search/de_srchlft.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/search/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CBB870E-2D78-4863-8639-66C828AA3D5E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CBB870E-2D78-4863-8639-66C828AA3D5E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Almonteguy
2006-07-13, 17:03
I have 2 computers doing the same thing now, they are both up to the latest fix level. It seems the Registry key HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main/Start Page can not be changed even using regedit. I don't know why this is but I suspect it was caused by a Microsoft fix. You can boot in to Safe mode to change it as someone else said, but you still can't alter it in Normal mode. I've given up for now, I'll wait and see if another fix comes along soon.

md usa spybot fan
2006-07-13, 17:18
Almonteguy:

Are you running ZoneAlarm? If so, read:
Cannot change browser page--not hijacked
http://forums.spybot.info/showthread.php?t=5542
In particular the post by Rosenfeld (http://forums.spybot.info/member.php?u=56):
http://forums.spybot.info/showpost.php?p=31582&postcount=5
If you do not run ZoneAlarm,what other security/anti-malware software do you run?

Almonteguy
2006-07-13, 18:19
You were correct about that, I am running ZoneAlarm on both machines. Unfortunately the work-around requires a re-boot to avoid the ZoneAlarm service being loaded, so it's just as easy (or annoying) to do a Safe Mode boot to change it. Glad I don't want to do it too often. Thanks for your help.

md usa spybot fan
2006-07-13, 18:36
Almonteguy:

Voice your opinion (courteously, since I assume that you are using the free version since you can't get around it without rebooting):
Zone Labs User Forum
http://forums.zonelabs.com/zonelabs
In either (or both) of these forum:
Installation, Uninstall and Upgrade
http://forums.zonelabs.com/zonelabs/board?board.id=inst
FOR: All ZoneAlarm™ Firewalls
Find out about installation, uninstalling, and upgrade issues and solutions.
ZoneAlarm Configuration
http://forums.zonelabs.com/zonelabs/board?board.id=cfg
FOR: All ZoneAlarm™ Firewalls
Find out how to configure ZoneAlarm for your system, or type of connection.

zmartha
2006-07-13, 23:39
I sure hope someone can find why ms updates page insists on being the start page, even tho IE shows that Google is the home page. I didn't know you could have a start page different than the home page except thru malware.

As you can see, my sister and I submitted her spybot report, but I can't figure it out, so hope one of you can. :)zmartha

md usa spybot fan
2006-07-14, 15:52
Martha/Sue:

Please consider attempting to follow the instructions I outlined in the following post several days ago and letting me know the results:
http://forums.spybot.info/showpost.php?p=32706&postcount=26
Also, please go into Spybot > Mode > Advanced Mode > Tools > Resident. Page (scroll) to the bottom of the listing and highlight a portion of the log that covers the period of time since the problem changing the home page started until now. Then right click on the highlight a portion of the log and select Copy (which will copy the highlighted information to the clipboard). Paste the log entries (clipboard) to another post in this thread.

zmartha
2006-07-15, 00:05
Oh, my sister did do the below directions a couple of days ago, and said the deny of "Full Control" had no check in it, so she didn't have to change a thing there.


Sue:

Using Registry Editor, navigate to the following Registry Key and look at the permissions:
. . .
Right click on Main (actually HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main) and select "Permissions…".
Make sure that for the "Group or user name" that is trying to change the home page that "Deny" is not checked for "Full Control". If it is, uncheck it.[/list]

Zenobia
2006-07-15, 02:03
Oh, my sister did do the below directions a couple of days ago, and said the deny of "Full Control" had no check in it, so she didn't have to change a thing there.

One of you should respond back,and let md usa spybot fan know that,then.So,he knows what you've done,not done,etc,etc.

md usa spybot fan
2006-07-15, 06:34
Thank you.

Now if you would please provide the Resident log I requested, I think that we can get the problem resolved.

zmartha
2006-07-15, 17:48
I sent my sister your directions, so expect an answer or results back soon. Thank you so much for sticking with us.
zmartha

zmartha
2006-07-17, 02:18
MD USA: Here is my sister's resident log. You may require and earlier section of it too, so please let me know.

1/3/2006 6:40:34 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/3/2006 6:41:31 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/4/2006 6:48:13 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/5/2006 9:25:50 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/7/2006 1:08:46 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/7/2006 5:45:42 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/8/2006 6:05:44 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/8/2006 8:07:19 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/9/2006 1:06:37 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/9/2006 1:35:55 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/9/2006 1:49:07 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/9/2006 6:44:49 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/10/2006 7:35:53 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/12/2006 9:12:40 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/13/2006 6:21:38 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/13/2006 6:24:07 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/13/2006 10:27:51 PM Allowed value "MCUpdateExe" (new data: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/14/2006 11:15:54 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/14/2006 4:56:26 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/14/2006 5:56:45 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/14/2006 8:51:00 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/15/2006 1:52:33 PM Allowed value "MCUpdateExe" (new data: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/15/2006 1:55:56 PM Allowed value "MCUpdateExe" (new data: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/15/2006 3:20:49 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/15/2006 6:10:32 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
1/16/2006 1:52:29 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/17/2006 7:04:38 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/30/2006 6:53:43 PM Allowed value "CleanUp" (new data: "C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup") added in System Startup global entry!
1/30/2006 7:31:48 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/30/2006 8:06:00 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/31/2006 6:22:10 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/31/2006 8:14:52 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
1/31/2006 8:37:31 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/1/2006 6:24:59 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/2/2006 6:32:12 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/2/2006 6:47:11 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/4/2006 10:30:30 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/4/2006 10:38:25 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/5/2006 2:57:30 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/5/2006 6:02:02 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/6/2006 6:15:26 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/7/2006 3:06:45 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/10/2006 5:59:02 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/10/2006 8:00:39 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/10/2006 10:45:35 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/11/2006 3:07:52 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/11/2006 3:08:07 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 2:02:00 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 2:13:34 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 2:39:09 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 3:07:26 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 3:53:33 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 4:05:05 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 4:06:25 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 4:07:15 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/12/2006 4:28:24 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/14/2006 7:56:35 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/14/2006 9:38:38 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/15/2006 3:47:14 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/15/2006 4:44:28 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/15/2006 6:12:12 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/15/2006 6:42:22 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/15/2006 7:26:23 PM Allowed value "wextract_cleanup0" (new data: "D:\Installers\Windows\Microsoft PowerPoint 97 Viewer\PPView97.exe /D:C:\DOCUME~1\Sue\LOCALS~1\Temp\MSE000\") added in System Startup global entry!
2/15/2006 7:28:03 PM Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
2/16/2006 5:02:57 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/16/2006 7:36:04 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/16/2006 7:59:35 PM Allowed value "MCUpdateExe" (new data: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/17/2006 3:54:41 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/18/2006 7:59:33 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/18/2006 8:52:45 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/19/2006 3:12:59 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/19/2006 4:51:15 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/20/2006 1:31:15 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/21/2006 6:37:20 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/21/2006 8:09:07 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/22/2006 3:50:40 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/23/2006 9:22:40 AM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/23/2006 9:22:51 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/23/2006 2:58:53 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/23/2006 4:31:20 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
2/23/2006 6:36:58 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/24/2006 5:52:49 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/25/2006 3:59:11 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/26/2006 4:24:23 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/27/2006 5:54:40 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
2/28/2006 5:37:08 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/1/2006 6:48:00 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/2/2006 5:52:08 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/3/2006 4:07:04 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/3/2006 4:16:42 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/3/2006 7:03:00 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/4/2006 11:28:17 AM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/5/2006 2:23:12 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/6/2006 6:21:56 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/7/2006 6:34:08 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/8/2006 7:10:42 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/9/2006 7:09:11 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/13/2006 6:27:55 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/13/2006 6:28:05 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/14/2006 5:37:29 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/14/2006 6:39:28 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/14/2006 7:51:22 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/15/2006 6:10:18 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/16/2006 5:51:34 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/17/2006 3:46:28 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/17/2006 7:29:43 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/17/2006 7:37:57 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/17/2006 9:39:21 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/18/2006 4:31:33 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/19/2006 7:48:36 AM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/19/2006 5:07:22 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/19/2006 5:43:47 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/20/2006 4:01:18 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/21/2006 11:36:13 AM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/21/2006 1:00:52 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/21/2006 7:42:32 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/22/2006 5:36:02 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/22/2006 6:02:53 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/23/2006 4:42:16 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/24/2006 5:07:00 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/25/2006 4:23:23 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/26/2006 3:18:07 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/26/2006 3:28:49 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 3:31:35 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:01:53 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:21:21 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:31:07 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:42:23 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:46:42 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 4:57:21 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 5:13:25 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 5:17:55 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 5:27:30 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 6:06:14 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/26/2006 6:19:18 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
3/27/2006 6:13:36 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/28/2006 7:16:00 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/29/2006 5:17:23 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/30/2006 7:44:57 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
3/31/2006 4:05:44 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/1/2006 4:13:36 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/2/2006 1:06:03 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/2/2006 1:11:38 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
4/2/2006 4:02:53 PM Denied value "First Home Page" (new data: "") deleted in Browser page!
4/2/2006 5:43:13 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/3/2006 9:22:13 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/4/2006 6:14:47 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/5/2006 4:25:57 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/6/2006 8:45:35 AM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!
4/6/2006 10:02:43 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
4/6/2006 10:59:33 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
4/6/2006 11:02:55 AM Denied value "First Home Page" (new data: "") deleted in Browser page!
4/6/2006 10:06:36 PM Allowed value "MCUpdateExe" (new data: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe") changed in System Startup global entry!

md usa spybot fan
2006-07-17, 07:08
Martha/Sue:

The problem is not "I can't change my homepage back to Google.com …" as originally stated. That finally became apparent when you said "…even tho IE shows that Google is the home page."

I addition to your home page which is actually stored as "Start Page" in the system registry there is another entry named "First Home page" that will, if present, be the first page displayed when you open IE. "First Home page" references a URL that is normally displayed only once and then "First Home page" entry is deleted as soon as that URL has been displayed.

The "First Home page" entry is not being deleted after the URL has been displayed because you are repetitively denying that change to the registry with TeaTimer. This should have been apparent because of the messages issued by Teatimer.

Stop denying the change for the "First Home page" and the Microsoft URL will stop being displayed.

***********************

To fix the problem:
Exit all Internet Explorer sessions.
Exit TeaTimer:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
Start Internet Explorer.
Exit Internet Explorer.
Start Internet Explorer (it should start with Google as the home page).
Restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.
Go into TeaTimer's "White & Black List", look for and remove any entry relating to changes for "First Home page" from the "Blocked registry changes". To do this:

Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":

Allowed processes
Blocked processes
Allowed registry changes
Blocked registry changes

Note: If you don't see all four buttons, try expanding the window to the right.

If you find an entry relation to "First Home page", you can delete entries by clicking on the scripted black "X" to the right of the entry and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.

After removing the above entry, if you get a pop-up dialog for the removal of "First Home page" registry entry do an "Allow change" without the "Remember this decision" option.

launchdriverjon
2006-07-17, 22:34
I had a similar problem that prevented me from changing from MSN to my preferred homepage. After trying the internet connection change, which didn't work, I ran across a forum which suggested that the problem might be in Zone Alarm and the remove it from the computer. I did it and it worked. After established my preferred home page I reinstalled Zone Alarm and all is well. Hope this helps.

md usa spybot fan
2006-07-17, 23:33
launchdriverjon:

Thanks for the advice but considering the fact that Sue (zmartha (http://forums.spybot.info/member.php?u=8586)'s sister) is not running ZoneAlarm, I don't believe that it will help in this situation.

In fact if you backtrack a little in this thread you see that the possibility of a ZoneAlarm problem was already addressed in this thread for another user (Almonteguy (http://forums.spybot.info/member.php?u=9175)) in post post #30 (http://forums.spybot.info/showpost.php?p=33053&postcount=30).


Almonteguy:

Are you running ZoneAlarm? If so, read:
Cannot change browser page--not hijacked
http://forums.spybot.info/showthread.php?t=5542
In particular the post by Rosenfeld (http://forums.spybot.info/member.php?u=56):
http://forums.spybot.info/showpost.php?p=31582&postcount=5
If you do not run ZoneAlarm, what other security/anti-malware software do you run?
If you are interested in more information on the problem with changing your home page while running the recently released versions of ZoneAlarm, please read the above references in the quote above.

zmartha
2006-07-18, 02:38
My sister Sue says, "It Worked!!!" :bigthumb:
I say YES!!!!:heart:
You people were wonderful to not give up on us. I have learned some things thru this problem solving thread too.

We both thank you very very much. God bless.

zmartha

Doctor Z
2006-09-23, 17:19
Thanks to all for helping me solve this problem.

Doctor Z
2006-09-23, 17:22
Thanks to all for helping me solve this problem.

I run Spy Sweeper and Spybot concurrently. Not Spybot but Spy Sweeper was blocking me from changing my default home page. However, you may easily edit you default browser home page inside Spy Sweeper.

1. Start Spy Sweeper
2. Select Shields
3. Select Internet Explorer
4. Select Edit IE Hijack Shield Settings
5. Edit IE Home Page Shield to the default address you would like
6. Select OK
7. Close Spy Sweeper

No need to reboot, change is instant.

chrismint
2007-01-23, 02:15
Hi,

My browsers been stuck on the same home page for a while and I finally managed to change it by opening up internet options from the tools menu, and also opening internet options from the control panel at the same time. If you then change the home page on both of the windows, and apply, then close both windows, the change seems to stick.

God knows why though.....

Hope this helps,
Chris