This is my first post and I hope someone can help me.

I just recently started having problems with certain web sites kicking me off the page I'm looking at and sending me back to my desk top. I'd say I'm up to a dozen or so sites and it continues to grow at a slow rate. Last night it started happening to my home page. Could it be an internet setting or I'm hoping not a virus. I'm running XP and using AT&T as my internet service.

Please help.

It sounds like you need to clean up your system.

I would run the following utilities:

1. Download Microsofts antispyware utility (free at Run that.
2. I would also run Spybot 1.4 (free at
3. Run a full antivirus scan. If youy can get to it, go to and do a full online scan. If you can't get to that site and if you don't have antivirus software, you can get AVG antivirus for free from

Run all of these utilities and see if the issue clears up...if not, download Hijack This (also from and post the log for me to see.
Good luck,

Thanks for the help, but I had no luck as I'm still getting kicked out to desk top. Here are the results you requested:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:28 AM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\\Agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
c:\program files\\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\Temporary Directory 1 for\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\\mps\mcbrhlpr.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\\Agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{157A5EEC-8B2D-4D5A-A0A3-88A08824A751}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{157A5EEC-8B2D-4D5A-A0A3-88A08824A751}: NameServer =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McShield (McShield) - Unknown owner - c:\PROGRA~1\\vso\mcshield.exe
O23 - Service: VirusScan Online Realtime Engine (MCVSRte) - Corporation - c:\PROGRA~1\\vso\mcvsrte.exe
O23 - Service: Personal Firewall Service (MpfService) - Corporation - C:\PROGRA~1\\PERSON~1\MPFSERVICE.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Most of it looks fine...however, I did notice the following:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)

Could the web sites that are not loading Java based? Try reinstalling JAVA (1st uninstall it).

Also, I'm not sure about:
O17 - HKLMSystemCCSServicesTcpip..{157A5EEC-8B2D-4D5A-A0A3-88A08824A751}: NameServer =
O17 - HKLMSystemCS1ServicesTcpip..{157A5EEC-8B2D-4D5A-A0A3-88A08824A751}: NameServer =

I fix a lot of computers and this does not look familiar. After googling it I found this:

Unless you know Columbia Insurance Group or CenturyTel Internet Holdings, these can go too:
O17 - HKLMSystemCCSServicesTcpipParameters: Domain =
O17 - HKLMSystemCCSServicesTcpip..{B6E12D37-410C-43E9-9F77-5DC51470DCB9}: NameServer =
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain =
O17 - HKLMSystemCS2ServicesTcpipParameters: Domain =

These are similar entries on your HJT log.

I believe it was a Java problem.

Thanks for your help. All things seem to be normal again.