No, I haven't noticed anything new on my task bar, and there are no obvious programs in the add/delete list that seem to correspond to this message. Thanks for your suggestions...got any more? I already installed Adaware and ran it...didn't do the trick.

This might be a long shot, but try clearing out your cache, cookies, and web site history.  All can be found in IE>Tools>Internet Options.  It could possibly be a website that was inadvertently accessed through an advertisement or link sometime in recent history that installed some cookies.

Do you have any odd search bar tools that recently appeared on your browser?  That could be a clue.  Try going into your "Add/Remove Programs" function in your Control Panel and see if you find anything out of the ordinary, specifically with the name of that website in the title or description.  Removing it should solve the problem.

I've eliminated all cookies and history, but I'm still getting this Network Password dialog box at boot-up. It looks like a Windows dialog box, but the first line specifies the "site" as travelbeyond.org. Any other suggestions?

First off is travelbeyond "your" site ?

http://www.dnsreport.com/tools/dnsreport.ch?domain=travelbeyond.org

Message Edited by jamez kann on 10-26-2004 12:02 AM

No, it's not my site and I've never been there.

Thank you so much for your suggestions. I had already run AdAware which, although it eliminated lots of spyware, didn't do in this offender. Is Hijack This likely to find something different? I haven't yet found anything that seems to relate to this when I did a MSCONFIG, but in reading about mlin's atartup CPL program, that looks kind of interesting.

One question I had is, since I'm running Windows ME, should I be disabling System restore before running a program like AdAware (and even Norton Anti-virus) and then re-enable it afterwards, or would that make no difference?

THanks again for your help.

Hi

Bpc  disabling the system restore and renabling it would be a good idea "if" you know how to recover a system crash without the use of a system restore. Pls post a log of you hijackthis im intereseted to see how this site got into your computer as the site looks like it hasent been active for a lot of time and it was registered long ago!!

OrgName: Office of the Future
OrgID: OFFICE
Address: 115 River Rd
City: Edgewater
StateProv: NJ
PostalCode: 02020
Country: US
Comment: 
RegDate: 1992-09-10
Updated: 1992-09-10

we need to full log the 04 are imp

" we need to full log the 04 are imp"
I don't understand what this means. Did part of your message get cut off?

Also, I have one other piece of information. Not only does this network password dialog box appear on bootup, but if I right click on my desktop, and select "refresh", the dialog box shows up again.

I did use spybot to delete some more spyware, but this problem persists. Is there reason to believe that my system would crash if I suspended "system restore" while using these spyware and antivirus programs for one more clean sweep? And if it did, how would I re-start the computer?

Thanks again for sticking in there with me,

Barry

Here is the startup list from Hijack this:

StartupList report, 10/27/2004, 10:42:09 AM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VERIZONDSL\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MotiveMonitor = C:\Program Files\Motive\motmon.exe
WinPoET = C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Drag'n'Drop_Autolaunch = "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
SchedulingAgent = mstask.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Mozilla Quick Launch = "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 25/10/2004, 8:49:0)

[Rename]
NUL=C:\WINDOWS\SYSTEM\HPFINSTA.EXE
NUL=C:\PROGRA~1\HPDESK~1\HPFINSTA.EXE
NUL=C:\PROGRA~1\HPDESK~1\LICENSE.BMP
NUL=C:\PROGRA~1\HPDESK~1\HPINFO.DAT
NUL=C:\PROGRA~1\HPDESK~1\EREG.HPI
NUL=C:\PROGRA~1\HPDESK~1\USB.HPI
NUL=C:\PROGRA~1\HPDESK~1\APPS.HPI
NUL=C:\PROGRA~1\HPDESK~1\UNSTALL.BMP
NUL=C:\PROGRA~1\HPDESK~1\STATUS.BMP
NUL=C:\PROGRA~1\HPDESK~1\RESTART.BMP
NUL=C:\PROGRA~1\HPDESK~1\INTRO.BMP
NUL=C:\WINDOWS\SYSTEM\DRIVER.HPI
NUL=C:\PROGRA~1\HPDESK~1\DRIVER.HPI
NUL=C:\PROGRA~1\HPDESK~1\INSTALL.HPI
NUL=C:\WINDOWS\SYSTEM\INC.HPI
NUL=C:\PROGRA~1\HPDESK~1\INC.HPI
NUL=C:\WINDOWS\SYSTEM\MASTER.HPI
NUL=C:\PROGRA~1\HPDESK~1\MASTER.HPI
NUL=C:\PROGRA~1\HPDESK~1\HPFIUI.EXE
NUL=C:\WINDOWS\SYSTEM\HPFINST.DLL
NUL=C:\PROGRA~1\HPDESK~1\HPFINST.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R836/V31Controls/x86/mil/en/actsetup.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37699.5230439815

[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\PROGRA~1\SHUTTE~1\SFUPLO~2.OCX
CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Groove Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GROOVEAX.DLL
CODEBASE = http://www.nick.com/common/groove/gx/GrooveAX27.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYMADATA.DLL
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 7,104 bytes
Report generated in 0.166 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Thanks again in advance and in retrospect for your help.

Problem solved. It ends up that somehow the travelbeyond site had found it's way into my active desktop. Once I rightclicked it, and went to customize, I could delete it from the active desktop content. At least for right now, it's disappeared. Any idea how it would've gotten there to begin with?

Thanks again.