Latest victim of Homepage Hijacking!! Nothing seems to work

one last thing,
one last thing, winlogin.exe does show up as a process on my task manager, i'll leave it up to you to determine if that's good or bad...i think it's always been there though at least that i remember. anyhow, thanks for all the help you've given me don, you're quite the conossieur (if i even spelled it right)
thanks,
chuck

Chuck do me a favor
Please Download
Silent Runners
Please create a folder for it please, Then double click on the program, It will save a notebook file in the same folder, Open that, copy, paste the log back to this thread please

And your welcome for the help to this point

here it is...
ask and ye shall receive....here's the log that silentrunners came up with:

"Silent Runners.vbs", revision 29, launched at: 15:15
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP SP2


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"HKSERV.EXE" = "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE MobileCam Pro" ["VM."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> CLSID InProcServer32 resolves to: ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> CLSID InProcServer32 resolves to: ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> CLSID InProcServer32 resolves to: ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> CLSID InProcServer32 resolves to: ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> CLSID InProcServer32 resolves to: "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Startup items in "C" & "All Users" startup folders:
---------------------------------------------------

C:\Documents and Settings\C\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"PowerPanel" -> shortcut to: "C:\Program Files\PowerPanel\Program\PcfMgr.exe /launch" ["Phoenix Technologies Ltd."]
"VAIO Action Setup (Server)" -> shortcut to: "C:\Program Files\Sony\VAIO Action Setup\VAServ.exe" ["Sony Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Looks fine, How is the computer running ?

seems to be running great. better than it ever has...its an older laptop (bought in 2000), sony vaio...hell, i just upgraded the ram to a whopping 384mb! now though that all that stuff is cleared up from my startup files and the internet runs as advertised i'm one happy camper. thanks a lot don for all the help you gave me. i really appreciate all of what you did. hopefully i won't be on this board all too often! *knock on wood*
thanks,
chuck

I m really glad to hear that Chuck!!
Your very welcome






I hope your referring to the computer forum, This is a great site plenty to see and do here,

Sometimes I even venture out into other forums within A2K,,

Best of luck to you Chuck