ddryer
asked on
Cannot change IE 6.0 Home Page
I cannot change my home page setting in IE 6.0 when booting up normally. When I boot up in safe mode I can change it. I have run spybot sd - no immediate threats. Here is the Hijack This file. Any hints?
Logfile of HijackThis v1.97.7
Scan saved at 11:00:05 AM, on 11/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\Program Files\lotus\notes\nslsvice
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\Mcshi
C:\Program Files\Network Associates\VirusScan\VsTsk
C:\PROGRA~1\NETWOR~1\COMMO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\wdfmgr
C:\Program Files\Webroot\Enterprise\C
C:\Program Files\Webroot\Enterprise\S
C:\WINDOWS\System32\wltrys
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\DSentr
C:\Program Files\Webroot\Enterprise\S
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\hijack_this\H
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentr
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
Logfile of HijackThis v1.97.7
Scan saved at 11:00:05 AM, on 11/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\Program Files\lotus\notes\nslsvice
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\Mcshi
C:\Program Files\Network Associates\VirusScan\VsTsk
C:\PROGRA~1\NETWOR~1\COMMO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\wdfmgr
C:\Program Files\Webroot\Enterprise\C
C:\Program Files\Webroot\Enterprise\S
C:\WINDOWS\System32\wltrys
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\DSentr
C:\Program Files\Webroot\Enterprise\S
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\hijack_this\H
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentr
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
ASKER
Logging in as an Admin account
No error when changing homepage and it is not greyed out.
Immunize is not turned on and I installed Spybot SD after problem was identified.
No error when changing homepage and it is not greyed out.
Immunize is not turned on and I installed Spybot SD after problem was identified.
that's the reason u can change the setting in safmeode,,,, ur user account must have some restrictions.... are u sure it has the proper permissions and no groop policay is applied via gpedit.msc if its XP Pro ??
Use CWShredder from http://computercops.biz/downloads-cat-14.html
ASKER
I ran SWShredder - didn't fix it.
Our Sys Admin just did an XP Pro activation on the machine - that wasn't it.
I am going to show him the group policy (gpedit.msc) post.
Our Sys Admin just did an XP Pro activation on the machine - that wasn't it.
I am going to show him the group policy (gpedit.msc) post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was it -- Our organization has an enterprise deployment of Spy Sweeper that was set default to silently restore changed IE home page. Case closed.
When u are booting in safemode, are u loggin with ur user accoutn or with Administrator account ??
and are u getting any error while changing the Home Page or is it greyed out ??
Are u sure the Immunize feature of Spybot and Search is not turned on and causing this restriction to change the Home Page settings ??