# webquestinc.com popup



## N E Key (Aug 5, 2004)

Using XP, whenever I launch IE, get a popup for a username and password to "webquestinc.com". Hit CANCEL, immediately reappears. Have also noticed same when searching for a file on local drive. Have scanned for spyware, virus, deleted all temp files. Cannot get rid of this, browser is almost unusable with all the popup logins. Any help would be greatly appreciated.


----------



## oldtoys (Jan 30, 2005)

I am having the same problem. What is the solution?


----------



## Cheeseball81 (Mar 3, 2004)

Only thing I can think of is post a Hijack This log

Maybe the problem can be determined from there

Hijack This: http://www.majorgeeks.com/download3155.html

Make sure it's downloaded to a permanent folder of your creation on the hard drive.

Launch it, hit Scan, then Save Log
Open the log you just saved
Copy and paste the log into this thread

Do not attempt to fix anything yet


----------



## oldtoys (Jan 30, 2005)

Do you want me to copy and post 81 lines here?


----------



## Cheeseball81 (Mar 3, 2004)

Posting this from your e-mail:

Logfile of HijackThis v1.99.0
Scan saved at 3:42:37 PM, on 1/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMA32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMB32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FCH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSBWSYS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSPEX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSM32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ISPNEWS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSGUIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSMA32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab


----------



## oldtoys (Jan 30, 2005)

Any ideas?


----------



## Cheeseball81 (Mar 3, 2004)

Sorry for the delay, I have asked an expert to have a look. 

I am not too familiar with that particular pop-up.


----------



## oldtoys (Jan 30, 2005)

Here is an image of the popup:
http://webpages.charter.net/houghtaling/webquestinc.jpg


----------



## MFDnNC (Sep 7, 2004)

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, *check each for their 
definition updates* and then run AdAware and Spybot, fixing anything 
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize

Do these and reboot and post a new log


----------



## oldtoys (Jan 30, 2005)

Ran all three. Popup still popping! I think it may not be adware or spyware. I think it might be a malfunctioning piece of software. Perhaps it should launch when I go to a particular web site. But instead it launches every time the web is accessed for anything.

Here is the new scan:
Logfile of HijackThis v1.99.0
Scan saved at 10:22:38 PM, on 1/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMA32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMB32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FCH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSBWSYS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSPEX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSM32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ISPNEWS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSGUIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\MY DOCUMENTS\DOWNLOADEDSOFTWARE\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSMA32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html


----------



## Cheeseball81 (Mar 3, 2004)

That's what has me wondering because nothing is really jumping out at me in the log.


----------



## Cheeseball81 (Mar 3, 2004)

Can you check in Control Panel - Add/Remove Programs

Do you see anything listed in there that you do not remember installing?
Maybe like Hotbar Toolbar, Gator, etc.


----------



## ~Candy~ (Jan 27, 2001)

O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ispnews.exe"

Just for fun, try turning that off via start, run, msconfig, startup tab.


----------



## oldtoys (Jan 30, 2005)

I don't see that one in my startup config. Here is a screenprint:
http://webpages.charter.net/houghtaling/startupconfig.jpg


----------



## Cheeseball81 (Mar 3, 2004)

Did you check in Add/Remove for those listings?


----------



## oldtoys (Jan 30, 2005)

Yes I did. I didn't see anything like Hotbar Toolbar, Gator, etc. The only thing I saw that I didn't recognize was "Network Play System (Patching)". I removed that but didn't accomplish anything positive.
What do you think about removing Microsoft Internet Explorer and reloading it fresh? I might have tried that, but I don't know how I would access the internet to reload Inernet Explorer if I unloaded Internet Explorer. Perhaps I could download Netscape and use it... I think I'll play with that while I wait to see if anyone else has any ideas.


----------



## oldtoys (Jan 30, 2005)

That just shows how little I know about computers... Internet Explorer cannot be unloaded. I did try a newer version and two earlier versions and I still had the same problem. I downloaded Netscape and I do not have the problem. So perhaps that is my solution. I'd rather use Internet Explorer. But Netscape works...


----------



## Cheeseball81 (Mar 3, 2004)

Have you tried repairing it?

See here: http://support.earthlink.net/mu/1/psc/img/walkthroughs/windows_9x_nt/browsers/ie_6.0/8458.psc.html


----------



## oldtoys (Jan 30, 2005)

What do you mean by repairing it? I reinstalled all the Microsoft Internet Explorer componants with the latest version. If that is what you mean, that didn't work either.


----------



## Rollin' Rog (Dec 9, 2000)

Try giving us a Startdreck log to look at. Have Internet Explorer, and if possible, that pop-up box open when you run it.

http://www.niksoft.at/_data/startdreck.zip

Instructions:

Run StartDreck.exe. Click the 'Config'. In addition to the default checks, include the following:

Under 'Registry' - All registry options
Under 'System/Drivers' - Running Processes and List Modules
Click 'OK'. Now, back on the main screen, click the 'Save' button > Give it a name and click 'Save' > locate it and launch it.

Upload the log as an attachment since it should be far too long for a copy/paste


----------



## oldtoys (Jan 30, 2005)

Here it is: 
Internet Explorer and the popup were open. Now the popup is hitting Netscape too. But it is totally random when it hits. With IE it is every time a new page is accessed.
http://webpages.charter.net/houghtaling/STARTDRECK.htm 
I don't know how to do an attachment to this reply. But I do know links. Hope someone can find something.


----------



## Rollin' Rog (Dec 9, 2000)

Well I don't see anything there to explain it. However I do have a question. I see you have Internet Connection sharing enabled and you are also on broadband. Why both?

I'd like to see another log as well. Download and unzip "silent runners"

SILENT RUNNER.VBS http://www.silentrunners.org/Silent Runners.zip

Run the "silent runners.vbs" file and give it permission to complete if you get a script warning. You can copy/paste the results here.

Also when you run HijackThis and select "misc tools" > open Hosts File. Is there anything under:

127.0.0.1 localhost

>> you might try adding *.webquestic.com to the "Restricted Zone" in Internet Options > Security


----------



## oldtoys (Jan 30, 2005)

Internet connection sharing is probably residual from before I had broadband.
Log from Silent Runner: http://webpages.charter.net/houghtaling/SilentRunner.htm
127.0.0.1 localhost is the last line in the window.
I added *.webquestinc.com to the restricted zone. Didn't change anything. Just for kicks I added 67.18.1.164 to the restricted zone. This didn't change anything either.
I observed something interesting today on my other computer. I work for a major company. Within a local e-mail at work was a link to a web page with additional information. I didn't have time to read it at work, so I forwarded the e-mail to my home. At home (on my other computer) I tried to connect to the page using the hotlink. A popup window appeared asking for a logon and password. A name within the window was webquestinc.com. I think this is a portal for outside users to access the company intranet. I tried my work username and password but it would not allow me to pass because I have not been setup with an account from work to access the intranet from outside. What I am saying is I think this a malfunctioning bit of legitimate software. That is why Spybot and virus checkers don't find anything. Is there any way to find out who 67.18.1.164 belongs to? Perhaps they might have a solution to this software error.


----------



## ~Candy~ (Jan 27, 2001)

It belongs to webquest.inc.........type it into your web browser.


----------



## Rollin' Rog (Dec 9, 2000)

It may well be work related.

I can't tell whether they are a confirmed "adware" company or not. However others have had the same pop-up/login issue -- unresolved:

http://groups-beta.google.com/groups?q="webquestinc.com"&hl=en&lr=&safe=off&sa=N&tab=wg

And for one reason another "spyad" has added them to their blocking list:

http://www.google.com/search?hl=en&lr=&safe=off&q="webquestinc.com"+spyad&btnG=Search

As for the Internet Connection sharing, you can probably just use HijackThis to "fix" this entry:

O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

I don't see anything in the Silent Runners log of concern either.


----------



## ~Candy~ (Jan 27, 2001)

[email protected]

Here is someone with an actual address there:

http://www.imareno.org/Newsletter0800.htm


----------



## ~Candy~ (Jan 27, 2001)

http://www.toddsouth.com/resume.shtml

Looks like this guy takes some credit for the help in developing it


----------



## Cheeseball81 (Mar 3, 2004)

AcaCandy said:


> http://www.toddsouth.com/resume.shtml
> 
> Looks like this guy takes some credit for the help in developing it


Can we blame him for this then??


----------



## ~Candy~ (Jan 27, 2001)

I think so......let's all email him


----------



## oldtoys (Jan 30, 2005)

I used HijackThis to "fix" :
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient


----------



## Rollin' Rog (Dec 9, 2000)

That should take care of that. Now if we could just figure out what's up with
"webquestinc.com" ?

Frankly I don't see any means by which it should be producing a login window at any time.

By the way, ISP news is "News Service" in your msconfig startups.


----------



## oldtoys (Jan 30, 2005)

I wrote e-mail notes to [email protected] and Todd South. I doubt if we'll hear anything, but we'll see.
I think it is getting close to time to reload the operating system. I'd love to dump Windows ME and go to XP, but a 4-year old $500 (when new) machine is hardly worth the expense. I'd be better to put that much money toward a new machine. So unless someone has a better solution, in a few days I'll reload the ME.
I appreciate all the help! THANKS MFDnSC, AcaCandy, Cheeseball81, & Rollin' Rog!


----------



## Mosaic1 (Aug 17, 2001)

Could you run hijackthis while you are online please? I would like to see some entries which don't show up otherwise.


----------



## oldtoys (Jan 30, 2005)

Mosaic1 said:


> Could you run hijackthis while you are online please? I would like to see some entries which don't show up otherwise.


I don't understand. I've got high speed cable connection. When my computer is on, I am connected.


----------



## Mosaic1 (Aug 17, 2001)

I was interested in seeing your NameServer.


----------



## Mosaic1 (Aug 17, 2001)

Let's try a search of the registry.
As for a search of the registry here's a very nice script to help you out.

Download it and run it. When it starts, you will be prompted to enter a search phrase. Do that and go have a cup of coffee. Enter this for the search: 67.81.1.164

When you get back, a message box will be there on the desktop.Say yes to open the results. Copy and paste the contents into a reply here. Once you close that file, it will be deleted, so please save it as results.txt. We may need it again.

Here's that link:
http://www.billsway.com/vbspage/
Find Registry Search Tool And download it.

Do the same but this time enter :
webquestinc for the search and save the file as results1.txt

Copy and paste the contents of results and results1.txt into a reply here.


----------



## oldtoys (Jan 30, 2005)

Here are the results of the registry search: 
For 67.18.1.164:
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range19]
":Range"="67.18.1.164"
For webquestinc:
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU]
"d"="C:\\My Documents\\webquestinc"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webquestinc.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor]
"LastFile3"="C:\\My Documents\\webquestinc.jpg"

The first and last look like the screen shot I did of the popup when I titled the image webquestinc.jpg.


----------



## Mosaic1 (Aug 17, 2001)

Yes. And the others are because you added the address to restricted sites and domains. 

One other thing to try would be to perform a Search of the hard drive for any files containing either webquest or 67.18.1.164

Go to Search and plug in this:
*.*

In the containing box enter Webquest

Let it search.

Get the results and then do another search for

*.*
67.18.1.164

See what if anything is found.


----------



## Mosaic1 (Aug 17, 2001)

Are you able to use your File Search? I have 98 and XP, not ME. The details of setting up WinME search settings are not familiar to me.


----------



## ~Candy~ (Jan 27, 2001)

ME searches pretty much the same as 98, Mo


----------



## oldtoys (Jan 30, 2005)

Here is the search for webquest:
http://webpages.charter.net/houghtaling/Search1.jpg
Here is the search for 67.18.1.164:
http://webpages.charter.net/houghtaling/Search2.jpg
A screen print is the only way I know to capture information from Windows Explorer. Is there a better way?


----------



## oldtoys (Jan 30, 2005)

Now I have something new. I have to cancel the popup about 10 or 20 times when I boot up. Before it was only when I had internet explorer open.


----------



## Rollin' Rog (Dec 9, 2000)

Find the HostCache.ini file seen in this post:

http://webpages.charter.net/houghtaling/Search2.jpg

Just doubleclick it and it should open in Notepad. Copy/paste that here.


----------



## oldtoys (Jan 30, 2005)

HostCache.ini file as seen in:
http://webpages.charter.net/houghtaling/Search2.jpg

[Cache contents]
cc.sp.f-secure.com 65.200.212.11 2 0
cc01.sp.f-secure.com 67.18.1.164 0 0

It was filed under: {C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data}


----------



## Mosaic1 (Aug 17, 2001)

Make a copy of that file and name it oldHostCache.ini

Then open the original HostCache.ini and remove this line:

cc01.sp.f-secure.com 67.18.1.164 0 0

Now the file will look like this:

[Cache contents]
cc.sp.f-secure.com 65.200.212.11 2 0

Close the file, saving changes if prompted.

Restart the computer. You might even want to shut down entirely and unplug the modem for a minute. Reconnect the modem and then restart.

See if there is any change.


----------



## oldtoys (Jan 30, 2005)

I fixed the file as instructed. Shut down the computer. Unplugged the modem. Reconnected the modem. Rebooted the computer. Popup still popping. Checked HostCache.ini and the full line was replaced in the file. Removed the part line again. Checked and the popup is still popping. Checked the file again and the end part of the line is not there. I guess it gets replaced on bootup.


----------



## Mosaic1 (Aug 17, 2001)

It could be that the line is there because that file just records where you have been and doesn't cause you to go anywhere. I wonder what happens if you disable BackWeb for one session. Do that not in Hijackthis. Use msconfig to uncheck it.

Then restart and see if ther eis a change.

Something else to look at is Internet Options>Connections

Press the LAN Settings Button. Have a look around and let us know what you find.


----------



## Rollin' Rog (Dec 9, 2000)

In your msconfig > startups, try unchecking the startup for Charter HighSpeed Security Suite. The one that is associated with "common startup group and "backweb".

* I see Mo' just told you the same


----------



## oldtoys (Jan 30, 2005)

I unchecked the one with backweb. Rebooted the computer. Popup still popping!
Is this the correct one to have unchecked?
http://webpages.charter.net/houghtaling/ConfigCheck.jpg
Checked the LAN settings. Here is what I have:
http://webpages.charter.net/houghtaling/LANSetting.jpg


----------



## ~Candy~ (Jan 27, 2001)

I'd try (for a test) unchecking everything that says Charter, then work your way backwards.


----------



## oldtoys (Jan 30, 2005)

I am one step ahead of you on that. I unchecked everything relating to Charter. Rebooted. Popup still popped. I put everything back and unchecked a few other (different) things and got the same result.
Here is something interesting. My daughter was playing on her computer (the one with the problems) so I decided to check this thread from my primary home computer (one without the problem). I began navigating this thread to see this last post and a webquestinc.com popup login screen popped. I presume it is because this web site did not recognize me on this different computer. I cancelled that popup and logged in through the web page login. I tried to reproduce that popup here, but could not. I guess it is because the web site now recognizes who I am.


----------



## oldtoys (Jan 30, 2005)

I'm on my good computer and I got one of these things when I tried to check out the spelling of a word at Dictionary.com:
http://webpages.charter.net/houghtaling/Dictionary.jpg
The full story is I typed in www.dictionary.com and got a can't go there screen. So I typed in Dictionary in my address bar to do a search. That's when I got the popup. I hit cancel. Then tried www.dictionary .com again and got the web site. I don't know what to make of it.


----------



## Mosaic1 (Aug 17, 2001)

Dictionary is one word. If you had typed

Search Dictionary it would not have happened, I believe. 

I would call Charter and ask if they can help.


----------



## oldtoys (Jan 30, 2005)

I talked to two different Charter technicians at two different times prior to contacting techguy. The best they could come up with was that it was adware. They sent me to Spybot.
Is there anything more specific I can ask? Is there anything that points indisputably to Charter software? If it is the Charter software, would I be just as well to unload the Security Suite and then reload it fresh? (Perhaps that is the question I should ask Charter.)


----------



## Rollin' Rog (Dec 9, 2000)

I originally posted this but deleted it when nothing apparently showed up in your file search:

OldToys, do you have an lmhosts file?

Check it in Notepad and see what's in it
It is typically in the location specified here:

%SystemRoot%\System32\drivers\etc

http://www.winguides.com/registry/display.php/880/

But if not check that registry entry to see if another location has ben set for either Hosts or lmhosts

--------

It's possible something other than the webquestinc entry itself may be in the LMhosts file which is causing redirects.


----------



## oldtoys (Jan 30, 2005)

I did not find lmhosts file in the location you suggested it might be. So I searched for any file with host in the name. This is what I found:
http://webpages.charter.net/houghtaling/hosts.jpg
I copied the content of HOSTS.SAM, hosts, LMHOSTS.SAM, and hostperm.1. Contents of all these files can be found here:
http://webpages.charter.net/houghtaling/hosts.htm
I couldn't figure out what you wanted me to do with:
http://www.winguides.com/registry/display.php/880/
I looked at the site but didn't do anything else.


----------



## oldtoys (Jan 30, 2005)

I got a reply from Todd South. He worked for Web Quest many years ago and as far as he knows, they have been out of business for quite a while. He had no contact that he could refer me to.
I thought it was quite nice of him to reply. With the tons of spam out there these days, unsolicited e-mails usually get dumped along with the garbage


----------



## Rollin' Rog (Dec 9, 2000)

My bad on the location. I forgot you were using WinME. The Winguides reference would not apply to that either.

We wouldn't be concerned with hosts.sam or lmhosts.sam -- those are sample files and not active.

c:\windows\hosts would be active, but I believe you told me that the last line in that was:

127.0.0.1 localhost is the last line in the window

If so, then there should be nothing there to worry about. There should be nothing more there than this:



> # Copyright (c) 1993-1999 Microsoft Corp.
> #
> # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
> #
> ...


hostperm.1, I believe is a Spywareblaster file that appears to provide an override for allowing pop-ups.


----------



## oldtoys (Jan 30, 2005)

It sounds like it is time to start reloading software. Should I just go for the gusto and start with the operating system and work my way down. Or would it be more fun to experiment with different things like the Charter software to see if that is where the problem is coming from?


----------



## Rollin' Rog (Dec 9, 2000)

I know you have found the same problem to occur with both Netscape and IE, but how about giving Mozilla Firefox a whirl to see if the issue really is entirely browser independent. Firefox as a small, 4mb install size -- you won't need the java download for test purposes.

http://www.mozilla.org/products/firefox/

If the problem still occurs, there is something else, perhaps the Charter software causing this, and yes, I'd start with that -- but be advised that if you try a full Clean Boot I'm just not sure whether you will have connectivity if you don't leave some of their services running.

Clean booting WinME:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q267288

By the way, do you have the possiblity of dialup access? If you do, I would try seeing if the problem repeats with a dialup connection not involving any of the Charter broadband files or services.


----------



## ~Candy~ (Jan 27, 2001)

oldtoys said:


> I got a reply from Todd South. He worked for Web Quest many years ago and as far as he knows, they have been out of business for quite a while. He had no contact that he could refer me to.
> I thought it was quite nice of him to reply. With the tons of spam out there these days, unsolicited e-mails usually get dumped along with the garbage


 :up: :up:


----------



## oldtoys (Jan 30, 2005)

I have downloaded Firefox. I did some surfing and so-far NO popups!!! Evidently I have some kind of error in my system that is incompatible with Internet Explorer and Netscape.

Here is a summary: 
With Internet Explorer, every time the network was accessed by opening a new web site or new page, the popup would pop. All progress was stopped till the window was cancelled enough times to load all the items in the view.
When I loaded and started using Netscape, the popup rarely hit, but still randomly popped and had to be cancelled several times till it quit. When I made Netscape my default browser, the popup began hitting Outlook Express. Every time I opened it I had to cancel the popup several times. (This did not happen when Internet Explorer was the default browser.) This was still an improvement over Internet Explorer because I could do some surfing without bopping the popup.
Now with Firefox, I have not seen the popup once. I made Firefox the default browser and the popup is not hitting Outlook Express.

I am extremely happy!!! I'm grinning from ear to ear? ;-) I guess we didn't fix the root problem. But who cares? This works PERFECTLY! At least for everything I've done so far. I'll use it for another day or two and report back.


----------



## Rollin' Rog (Dec 9, 2000)

Great, you're right, it didn't quite solve the "mystery", but it sounds like a happy workaround. Firefox is a safer browser anyway.

I'm wondering though, does Firefox show that it has blocked a popup when you do the usual things that have caused it?


----------



## lien (Feb 11, 2005)

Hi,
I've got the same issue since yesterday. Nothing really came up using an anti-virus nor with Spybot, except some registry changes - but I'm not familiar with that; suppose this is normal when you get automatic microsoft updates? What I found, however, is that by clicking 'cancel' in the pop-up, memory usage of IE decreases (in Task Mgr.), when pop-up re-appears memory usage of IE increases. Is this a hint for an expert?


----------



## oldtoys (Jan 30, 2005)

My version of the browser does not show the popups blocked. I see that it does block popups by default.

I see that someone else has logged in with the same issue. I am still willing to search for the cause of this problem. So if anyone has anything more to check, I will do what I can .


----------



## Rollin' Rog (Dec 9, 2000)

Hmmm, I have the "pre release" version on my desktop, I'm not sure what I have on the laptop or if there is a difference. I'll check

Lien, normally we ask to have folks start new topics for this, but at least for now, post a HijackThis Scanlog here

Create a new, permanent folder for HijackThis and save the file to that. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

Direct HijackThis download link: http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Exactly what changes preceeded this? We might just want to try a System Restore if available and it won't result in too much trouble.


----------



## Mosaic1 (Aug 17, 2001)

I had a look at the Sign in and it is not a popup. 
I beleive it is a Modal Dialog Box and as such a Popoup blocker should have no effect on it.


----------



## Mosaic1 (Aug 17, 2001)

I know you ran StartDreck to see what was loaded.

The other day I used StartDreck to look at running dlls and it missed one which was loaded under Explorer.exe. I would like to try another utility and see if it spots anything loaded under Internet Explorer if you would.

PV is a utility to find which dlls are loaded under an exe.

Download pv.zip here
http://www.downloads.subratam.org/pv.zip

Extract to its own folder. Be sure at least one Internet Explorer window is open when you run this.

Double click on runme.bat Do not touch anything else in the folder. The other files are not going to be used here.

Select #2 on the menu and press enter to get a log of what is loaded under Iexplore.exe (Internet Explorer)

The log will open. Copy and paste its contents into your next reply please. This is for either of you who have the problem.

This next bit it something I ask you to do to humor me. I want to start the IE App using a script method.

I am attaching a zip containing a script. Please extract and run the script. It is going to run IE and navigate to three locations in one window. Let me know if you have any webquestinc sign in dialogs while this runs. If you have script blocking, you'll get a warning about a malicious script. Please allow this. It isn't malicious.

If one of the sites hangs or you have a problem, use CTRL + ALT +DEL and end task on Wscript.


----------



## oldtoys (Jan 30, 2005)

Mosaic1,

I know this is not a popup in the web advertising sense of the word. I just call it that because of what it does.

I ran the PV utility and recorded the log here:
http://webpages.charter.net/houghtaling/IE1.htm
I had Internet Explorer up. But I had already canceled the popup a couple of times till it wasn't there. Just to see if there was anything different, I went to a new page, left the popup standing and ran a second log:
http://webpages.charter.net/houghtaling/IE2.htm
It looks like there is something different on the first line.
I canceled the popup a few more times till it wasn't there any more and ran a third log
http://webpages.charter.net/houghtaling/IE3.htm
I expected this to be like the first, but it looked different. So I included it here to see if it is any help.

I ran your script on Internet Explorer. I had to cancel the popup about 6 or 8 times to get to the end. This is about the same as if I were accessing the pages myself.


----------



## Mosaic1 (Aug 17, 2001)

Hi oldtoys,

Thanks. I wish there were some clues but unfortunately I don't see anything. I'm sure Rog will have a look and if he sees anything, he'll let you know.

Mo


----------



## Rollin' Rog (Dec 9, 2000)

Well I don't know if it means anything, but 

WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia

Is added in the second log, and the rest below are added in the 3rd (all from what was present in th 1st)


JSPROXY.DLL 716f0000 28672 C:\WINDOWS\SYSTEM\JSPROXY.DLL 6.00.2800.1106 JScript Proxy Auto-Configuration
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 430080 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0904 Microsoft DirectDraw
SWSUPPORT.DLL 75820000 90112 C:\WINDOWS\SYSTEM\MACROMED\COMMON\SWSUPPORT.DLL 8.0r196 Shockwave Remote Support
FLASH.OCX 10000000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft (r) VBScript
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia

>> the first might be explained if the "pop-up" was producing a sound. By the way, Mo' is right, this isn't an ordinary pop-up and I can't reproduce the "blocking" I got before. I don't know what I might have done to test it and get that.

>> some of the additional calls are to Macromedia shockwave. This would be understandable if the page you were loading were attempting to load a flash object. There is a way to block flash objects in IE, and possibly Netscape, but you would certainly know if you have attempted it.


----------



## lien (Feb 11, 2005)

You could be right about the dll:
I had a system file check run by Windows XP (to verify/correct dll and other key files). After this, I managed to surf normally so the problem seemed to be solved. Unfortunately, when I rebooted my PC the next day, the problem re-occurred.


----------



## Mosaic1 (Aug 17, 2001)

Hi lien,

Could you go to Start>Run and type
eventvwr.msc

Press enter.

When the Event Viewer opens, Click on System in the list. Look for any Windows File Protection messages and if you see any, double click on that message to get the details please.

May we see a startupList too?
In Hijackthis press the Config Button
Click Misc Tools
*Check both boxes under the Generate StartupList log* and then click the generate startuplist log button.

Paste the contents into your next reply here, please.


----------



## Nith (Feb 14, 2005)

Hello

Sorry for my English, I'm a french speaking man

I have the same problem, but this evening in the configuration panel,

Internet property, connection, i look at the parameter of my dsl connection

and i see that the "automatic detection of the connection parameter" was 

checked. I 've unchecked it and I have no more problems.(no more 

connection to 164.67.18.1 are present into my firewall).




but tomorrow is another day ...

ps My window XP is also in french


JM


----------



## oldtoys (Jan 30, 2005)

JM,

I just went into tools, internet options, connections, LAN settings, and unchecked "Automatically detect settings."

NO MORE POPUPS IN INTERNET EXPLORER!!!

Wow, is that it???!!!


----------



## Rollin' Rog (Dec 9, 2000)

Strange. One of the things I was going to suggest was doing just the opposite, if not set. I thought a configuration script might be in place there, especially when I saw that jsproxy.dll in the list. That is one of the things that can call it.

On that same page, did you see anything listed under the "use automatic configuration script" setting?

In any case since this seems to have worked for the both of you, it looks like a "solved" thread.

Thanks Nith!


----------



## oldtoys (Jan 30, 2005)

Yes, "Use automatic configuration script" is the next line down. This is not checked now, and was not checked before.

So, is having "Automatically detect settings" unchecked going to cause me other problems? I guess it is. I just looked. I can't see my shared files on my other computer in my home. I guess that is what it is supposed to do. But why does it do the popup? Curious!

JM/Nith, Yes!!! Thank you!!! It looks like we may be zeroing in on the problem.


----------



## Nith (Feb 14, 2005)

Oldtoys and Rollin'rog

An the day after it's still working, no more problems for me.

Do you install something new on your PC? at my side 

it seems that the problems appear after an "windows update".

but i'm not sure (kb886903 and another one) .

In all case thanks to both of you

JM


----------



## Rollin' Rog (Dec 9, 2000)

In most cases, unchecking it should have no effect -- but I think it really depends on your ISP and the settings it uses, and what program is trying to connect. For example, Windows update or a Media Player may need to know whether your ISP is using a proxy service to connect properly. I believe when "auto" is used, IE is defaulted to the DHCP usage to resolve addresses.

I'm a little fuzzy here on the details, but I think that is what is accomplished by this configuration.

What puzzles me is still why unchecking it has an effect unless there is some issue with the ISP itself. 

There is something associated with the way IE uses this to detect your actual connection to your ISP that is making a difference, but I don't know what.

Also Nith, you have a broadband connection too?


----------



## Nith (Feb 14, 2005)

yes, in Belgium the dsl line are "common" now, the country is small

what i have is an Adsl line 4.6 Mbps down and 512 Kbps up.

Now our old telecoms operator (Belgacom) is installing Vdsl

but that means optical fiber as near as the end customer, so

we have to wait a little

Nith


----------



## wombad (Feb 21, 2005)

All right, changing the LAN setting seems indeed to solve the problem.
I have rechecked the automatic detection and the popup does not appear again  
Very strange ...

I don't think it is ISP dependent, cause I'm with the second largest Belgian ISP (Telenet) and I had the same issue.

And Nith (VDSL) is using the same copperwire as Adsl there is a difference in frequency not in media. that's what I've been explained.
Although Belgacom needs to change the DSL aggregation equipment.

Let's see if the next couple of days if the problem surfaces again or not.


----------



## Nith (Feb 14, 2005)

Dear All


I've blocked, with my firewall the ip of Webquestinc, internet explorer is
running without problem, but i saw in the logs that MSN and "Call of duty"
are trying to reach this ip address.

I remember that I received from my ISP(skynet for my Belgian colleague) a 
proxy server.

I refill it into the internet settings and all is running well for all applications.

Nith


----------



## Christiane (Apr 30, 2005)

For weeks, I couldn't get rid of this pop-up and even the Versatel technical service had not been able to help me. 
Thank you very much   

Christiane



Nith said:


> Hello
> 
> Sorry for my English, I'm a french speaking man
> 
> ...


----------

