-----Original Message-----
Bob,
No suspicious items found. (But there may be a browser extension/malware
causing this). Anyways, trt setting a registry audit for this key:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
Setting a registry audit:
http://groups.google.com/groups?hl=en&lr=&ie=UTF- 8&selm=eOLMZy9YEHA.1692%40TK2MSFTNGP10.phx.gbl
FYI, ITBarLayout stores the toolbar layout values in REG_BINARY. Clear all
events, then open your browser and customize the toolbars. Then close
Internet Explorer. Reboot and view the Event Log. Post the contents here.
You could also try disabling 3rd party browser extensions in the Advanced
Tab of Internet Explorer Options. This rules out any browser extension
causing this.
--
Ramesh, Microsoft MVP
Window XP Shell/User
http://www.mvps.org/sramesh2k
Win XP Pro, all updates applied.
Here's the autoruns log:
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon
Application Microsoft Corporation
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft
Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ 000StTHK c:\windows\system32
\000stthk.exe
+ 00THotkey THotkey (Not verified) TOSHIBA Corp.
c:\windows\system32\00thotkey.exe
+ Advanced Tools Check Norton AntiVirus Advanced Tools
Integrity Checker Symantec Corporation
c:\program files\norton
antivirus\advtools\advchk.exe
+ ccApp Common Client User Session Symantec
Corporation c:\program files\common files\symantec
shared\ccapp.exe
+ EXSHOW95.EXE Kensington MouseWorks Win32 Support
(Not verified) Kensington Technology Group
c:\windows\system32\exshow95.exe
+ NvCplDaemon NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
+ nwiz NVIDIA nView Wizard, Version 45.91 (Not
verified) NVIDIA Corporation c:\windows\system32
\nwiz.exe
+ Pinger Toshiba Pinger (Not verified) Toshiba
Corporation c:\toshiba\ivp\ism\pinger.exe
+ RemoteControl PowerDVD RC Service (Not verified)
Cyberlink Corp. c:\program
files\cyberlink\powerdvd\pdvdserv.exe
+ SSC_UserPrompt Norton Security Center Helper
Symantec Corporation c:\program files\common
files\symantec shared\security center\usrprmpt.exe
+ SxgTkBar Taskbar application (Not verified)
YAMAHA COROPRATION c:\windows\system32\sxgtkbar.exe
+ TFNF5 TFnF5 (Not verified) Toshiba Corp.
c:\windows\system32\tfnf5.exe
+ TMEEJME.EXE TMEEJME (Not verified) TOSHIBA
c:\program files\toshiba\tme3\tmeejme.exe
+ TMERzCtl.EXE TMERzCtl (Not verified) TOSHIBA
c:\program files\toshiba\tme3\tmerzctl.exe
+ TMESBS.EXE tmesbs32 (Not verified) TOSHIBA
Corporation c:\program files\toshiba\tme3\tmesbs32.exe
+ TMESRV.EXE TOSHIBA MobileExtension Service (Not
verified) TOSHIBA c:\program files\toshiba\tme3
\tmesrv31.exe
+ TosHKCW.exe Wireless Hotkey (Not verified) TOSHIBA
CORPORATION c:\program files\toshiba\wireless
hotkey\toshkcw.exe
+ Tpwrtray TOSHIBA Power Saver (Not verified)
TOSHIBA Corporation c:\windows\system32\tpwrtray.exe
+ TweakMASTER TweakMASTER main module (Not verified)
Hagel Technologies c:\program
files\tweakmaster\twmaster.exe
+ USB SECURITY DEVICE CoInstaller PROLIFIC USB
SECURITY DEVICE AP (Not verified) Prolific
Technology Inc. c:\windows\system32\jupitco.exe
+ Zone Labs Client Zone Labs Client Zone
Labs, Inc c:\program files\zone
labs\zonealarm\zlclient.exe
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup
+ D-Link AirPlus Xtreme G Configuration Utility.lnk
WLAN Adapter Utility (Not verified) D-Link
c:\program files\d-link airplus xtreme
g\airplus.exe
+ D-Link REG Utility.lnk Reg MFC Application
c:\program files\d-link airplus xtreme g\reg.exe
+ PopupDummy! 3.16.EXE.lnk PopupDummy!
http://www.popupdummy.com c:\program
files\popupdummy!\popupdummy! 3.16.exe
C:\Documents and Settings\Kemp\Start Menu\Programs\Startup
+ KaVoom!.lnk (Not verified) KaVoom Software
c:\program files\kavoom!\kavoomc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ NVIEW NVIDIA nView Desktop and Window Manager 45.91
(Not verified) NVIDIA Corporation
c:\windows\system32\nview.dll
Task Scheduler
+ Symantec NetDetect.job Symantec NetDetect
Symantec Corporation c:\program
files\symantec\liveupdate\ndetect.exe
-----Original Message-----
Bob,
Please mention the Operating System you're using. In addition, get Autoruns
from Sysinternals.com and post the log here.
--
Ramesh, Microsoft MVP
Window XP Shell/User
http://www.mvps.org/sramesh2k
Thanks. Unfortunately, the following are true:
No fash.exe exists on the PC.
Latest version of Adaware reports no problem.
PC is not HP or Compaq (It's a Toshiba)
Applied IEToolbar.reg after closing all browsers.
Toolbar still goes back to the arrangement it chooses,
even though I unlocked, rearranged, locked & then quit
the browser.
HP/Compaq
unit)
.
.