IE resets homepage everytime I restart my comp

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bunis3

Thread Starter
Joined
Aug 30, 2003
Messages
18
Everytime i restart, my homepage resets to some other site.... any idea whats causing this? heres the log

Logfile of HijackThis v1.97.2
Scan saved at 4:28:59 PM, on 10/13/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JONCHE~1\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Jon Chen\Application Data\winshow\winshow.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Documents and Settings\Jon Chen\Desktop\b\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSupdater.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jon Chen\Desktop\b\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jon Chen\Desktop\b\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37506.3603935185
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1A2C97-4C6B-4A57-881B-A759CADC763D}: NameServer = 168.95.192.1,168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{88BD3475-EB67-45CE-8576-51FB0CE10493}: NameServer = 168.95.192.1,168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A14DC5DF-4055-4B21-B8F2-C799DAE92D1C}: NameServer = 168.95.192.1,168.95.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll

thanks!
 
Joined
Feb 13, 1999
Messages
8,974
Have you tried Tweak UI to Repair IE?

If you don't have it you can download it from Micorsoft.
 

bunis3

Thread Starter
Joined
Aug 30, 2003
Messages
18
ok, just downloaded it
cant see how it could help though
what exactly should I do with it?
 
Joined
Oct 13, 2003
Messages
28
Is the home page changed to the same (some other site) site. This could be the work of some rogue script file if you are sent to the same web site no matter what you set as the home page.

If it is a different site each time -- You may need to re-install IE 6.

Frank
 

bunis3

Thread Starter
Joined
Aug 30, 2003
Messages
18
oh yeah, also
how do i get rid of winshow? cant seem to find the folder it is in to delete it
 
Joined
Aug 30, 2003
Messages
1,281
Run Hijack This again and have it FIX these entries:

O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Jon Chen\Application Data\winshow\winshow.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Documents and Settings\Jon Chen\Desktop\b\FlashGet\jccatch.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1A2C97-4C6B-4A57-881B-A759CADC763D}: NameServer = 168.95.192.1,168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{88BD3475-EB67-45CE-8576-51FB0CE10493}: NameServer = 168.95.192.1,168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A14DC5DF-4055-4B21-B8F2-C799DAE92D1C}: NameServer = 168.95.192.1,168.95.1.1

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll





Then Delete Temp files, Cookies and offline content.To do this,
Open Internet Explorer/Tools/Internet Options/delete cookies/delete files
select off-line content/clear history.


Download Adaware from here

Go here http://www.lavasoftusa.com/software/adaware/

Make sure you select "Check for updates now" and get the latest reference files.

Run Adaware and hit the Scan now button, make sure Activate indepth scan is selected and then
hit next. After the scan has completed delete everything it finds.

Restart your computer.

Then Download Spybot search & destroy from here. Read the instructions while you're there.

http://tomcoyote.org/SPYBOT/index1.html

Install the program (Close all browser windows) and run it.

Before scanning press "Online" and "Search for Updates"

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds in red.

Restart your computer.

Post another Hijack Log.
 
Joined
Oct 15, 2003
Messages
49
Restore back to before you have been getting this search page. Next time run spyblaster when you visit those kinds of pages and you wont have this happen again.

Most folks are amazed how corrupt thier systems become and bring them to the shop for servive.
 
Joined
Oct 9, 2001
Messages
9,396
Originally posted by PlatinumDrag:
Restore back to before you have been getting this search page. Next time run spyblaster when you visit those kinds of pages and you wont have this happen again.

Most folks are amazed how corrupt thier systems become and bring them to the shop for servive.
Definately not![Just my opinion]
You are better dealing with the problem because it may happen again and you will know what to do if or when it does.

Bunis3.....Add this to EvileYes list.
O4 - Global Startup: MSupdater.exe

Shabba!;)
 
Joined
Oct 15, 2003
Messages
49
That is the problem, spyware. That page was installed and changed automatically by visiting sites.

Normally you could just go in under IE tools and reset it, but if the spyware is still there so will the page the next time you open it. If you are unable to locate this then you have to restore before the site was visited, this removes the spyware.

P.S. your link for ad-aware is no longer worth it, the person who bought the program allows his spyware to be installed. Should you feel the need to keep this then fine, just have a secondary program.
 
Joined
Oct 9, 2001
Messages
9,396
Platinum....
We would rather teach posters how to find and remove crapware form their systems and how to prevent re-infections.....Sys restore is fine and an excellent idea but if you dont know how you got here then your gonna be a regular visitor to these forums.....no slight at all on you my friend.
..............Two programs...im not sure your aware of but will may you in the shop........."spywareguard" and "spywareblaster"
Kept updated will stop most spy/add/foistware from stealth installing.
http://www.javacoolsoftware.com/spywareblaster.html

;)
 
Joined
Oct 15, 2003
Messages
72
If this is only happening once you have restarted windows then its possible that on startup windows is importing a registry file which sets your default page to search.com. Search your machine for a suspicious file with a ".REG" extension and then search the registry for that filename.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top