[Resolved] Reoccurring home page

[legacyone]

I have a web page that keeps reoccuring and I have reset and gotten rid of the cookies and even have went into the registry. I have followed the post "Internet Home Page" and "Certain website won't stop making itself the home page." Does anyone have any other ideas?

Thank you

 

[DoyceJ]

What is the page?

 

[DoyceJ]

Have a look here. This addresses the problem.

http://forums.techguy.org/showthread.php?threadid=60065

 

[TonyKlein]

There's some good information in that link.

The very first thing to do is check your startups for undesirables that could be responsible:

Now go to Start/run, and type Msconfig. On the Startup tab, look to see if you can find one or more of the following entries:
SWPortal, SWCaller, Sp.dll, winn32.html, runme.hta, reg.hta, adshow.exe , OPQfile, and/or MSKernel32 (Win32.hta).
If you should find one or more of these, uncheck them.
Also anything that has 'regedit.exe/s' in its path.

Now click OK, close Msconfig, and reboot.

If your undesired site is 'GoHip', you need to download and run GoHip Remove.exe

Good luck,

 

[DoyceJ]

Tony

Its mypcworld.com, got it in a pm.

 

[TonyKlein]

I think he ought to post his Startup.log here.
I'm sure that would help:

http://home.earthlink.net/~rmbox/Reticulated/Toys.html

It generates a text file on your desktop that will list all the applications that start in the many places when you start Windows.
We don't need to see StubPath.txt, just StartupLog.txt.

Greetz,

 

[legacyone]

The web page is www.mycpworld.com. I am sorry, I miss typed in pm.

Legacyone

 

[TonyKlein]

OK.

But please download and run Startup.log.

I'm sure that will tell us a little more about this.

And have you already checked your msconfig, for suspect items?

 

[DoyceJ]

Server keeps timing out on me for that site.

Have you tried any of the fixes yet?

 

[legacyone]

I have Windows 95 plus. I tried to run Msconfig but it can not find the file. I have downloaded startup log and here is the data:


---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 01-05-2002 7:32:23.24p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.54) - Release Date 12/12/2001

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"SystemAgent"="C:\\WINDOWS\\SYSTEM\\SAGE.EXE"
"QuickFinder Scheduler"="C:\\COREL\\OFFICE7\\SHARED\\QFINDER7\\QFSCHED.EXE"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"LexStart"="Lexstart.exe"
"LexmarkPrinTray"="PrinTray.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"LoadQM"="loadqm.exe"
"NAV DefAlert"="C:\\PROGRA~1\\NORTON~1\\DEFALERT.EXE"
"Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NAVAPW32.EXE /LOADQUIET"
"Norton eMail Protect"="C:\\Program Files\\Norton AntiVirus\\POPROXY.EXE"


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\\Program Files\\Messenger\\msmsgs.exe /background"
"OPQFile"="C:\\WINDOWS\\regedit.exe /s C:\\WINDOWS\\SYSTEM\\rad24136.tmp"
"5-11-1-13"="c:\\windows\\5-11-1-13.exe -m"


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"

*(RegPath not found..)*

==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="mstask.exe"
"ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=dcshkey.exe

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file



SET TEMP=C:\WINDOWS\TEMP
@ECHO OFF
PROMPT $p$g
PATH C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WPC
SET GMKW5=C:\GMKW
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;%PATH%C:














==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\RealDownload.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Norton Program Scheduler.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Internet Answering Machine.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\\Program Files\\Messenger\\msmsgs.exe /background"
"OPQFile"="C:\\WINDOWS\\regedit.exe /s C:\\WINDOWS\\SYSTEM\\rad24136.tmp"
"5-11-1-13"="c:\\windows\\5-11-1-13.exe -m"


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-

*(RegPath not found..)*

-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"RealStubPath"="\"C:\\Program Files\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"=""
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"OldStubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
"OldRealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="\"C:\\Program Files\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\Program Files\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:IE50 /user /uninstall"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

LH /L:1,56928 C:\WINDOW2\mouse.COM /Y
LH /L:1,36224 C:\WINDOWS\COMMAND\MSCDEX /V /D:CD003 /M:10



-=========================-
ICQ Inet Registry StartUp
-=========================-

Shows applications that start when connected to Inet


[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps]
"Launch Browser"="No"
"TempFile"="C:\\WINDOWS\\TEMP\\\\s3vvvsbt..html"


-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-


==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
TEMP=C:\WINDOWS\TEMP
GMKW5=C:\GMKW
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WPCC:
windir=C:\WINDOWS


==========================================================================
__________________________________________________________________________

- End -

 

[TonyKlein]

Found it:

Go to Start/Run, type Regedit.

Drill down to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
entVersion\Run, locate
"OPQFile"="C:\WINDOWS\regedit.exe /s C:\WINDOWS\SYSTEM\rad24136.tmp" in the right pane, and hit 'delete'.

Close Regedit and reboot.

Now go to C:\WINDOWS\SYSTEM, and delete rad24136.tmp

That puts an end to your problem..

Incidentally, Win95 doesn't have Msconfig, which explains why you couldn't find it.

Good luck,

 

[TonyKlein]

Whoops,

The same thing is to be found in
[HKEY_USERS\. Default\Software\Microsoft\Windows\CurrentVersion\Run]

Go there as well and delete it.

 

[TonyKlein]

And for something completely different, while we're at it:

Go to your Start/Programs/startup, and delete MS FindFast.

It is a notorious resource hog.

Here's a useful article: Removing FindFast

Good luck,

 

[legacyone]

I did what was told of me in post 1498 and my home page came up properly, but I now do not have a search page through the search page icon. It also tries to redierct me to web page 205.134.182.167. when I am on other web pages. I can live with this, but if you have anymore ideas I would greatly appreciate it. And thank all of you who helped me get rid of the problem.

Legacyone

 

[TonyKlein]

Try this:

Close Internet Explorer and Outlook Express.
Go to Control Panel/Internet Options, and clear your temporary Internet files.
Now click on Settings/show files, and delete your cookies.

Finally. go to the 'Programs' tab, and click 'reset Web Settings'.

Good luck,