ddryer
asked on
Cannot change IE 6.0 Home Page
I cannot change my home page setting in IE 6.0 when booting up normally. When I boot up in safe mode I can change it. I have run spybot sd - no immediate threats. Here is the Hijack This file. Any hints?
Logfile of HijackThis v1.97.7
Scan saved at 11:00:05 AM, on 11/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\Program Files\lotus\notes\nslsvice .exe
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
C:\Program Files\Network Associates\VirusScan\Mcshi eld.exe
C:\Program Files\Network Associates\VirusScan\VsTsk Mgr.exe
C:\PROGRA~1\NETWOR~1\COMMO N~1\naPrdM gr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc3 2.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\wdfmgr .exe
C:\Program Files\Webroot\Enterprise\C ommAgent\C ommAgent.e xe
C:\Program Files\Webroot\Enterprise\S py Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wltrys vc.exe
C:\WINDOWS\System32\bcmwlt ry.exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\DSentr y.exe
C:\Program Files\Webroot\Enterprise\S py Sweeper\SpySweeperTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\hijack_this\H ijackThis. exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentr y.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs ync.exe /logon
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\S py Sweeper\SpySweeperTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4 1EE9F4C36C E} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098122289563
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = vmasc.odu.edu
O17 - HKLM\Software\..\Telephony : DomainName = vmasc.odu.edu
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = vmasc.odu.edu
Logfile of HijackThis v1.97.7
Scan saved at 11:00:05 AM, on 11/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\Program Files\lotus\notes\nslsvice
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\Mcshi
C:\Program Files\Network Associates\VirusScan\VsTsk
C:\PROGRA~1\NETWOR~1\COMMO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\wdfmgr
C:\Program Files\Webroot\Enterprise\C
C:\Program Files\Webroot\Enterprise\S
C:\WINDOWS\System32\wltrys
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\DSentr
C:\Program Files\Webroot\Enterprise\S
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\hijack_this\H
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentr
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobs
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
ASKER
Logging in as an Admin account
No error when changing homepage and it is not greyed out.
Immunize is not turned on and I installed Spybot SD after problem was identified.
No error when changing homepage and it is not greyed out.
Immunize is not turned on and I installed Spybot SD after problem was identified.
that's the reason u can change the setting in safmeode,,,, ur user account must have some restrictions.... are u sure it has the proper permissions and no groop policay is applied via gpedit.msc if its XP Pro ??
Use CWShredder from http://computercops.biz/downloads-cat-14.html
ASKER
I ran SWShredder - didn't fix it.
Our Sys Admin just did an XP Pro activation on the machine - that wasn't it.
I am going to show him the group policy (gpedit.msc) post.
Our Sys Admin just did an XP Pro activation on the machine - that wasn't it.
I am going to show him the group policy (gpedit.msc) post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was it -- Our organization has an enterprise deployment of Spy Sweeper that was set default to silently restore changed IE home page. Case closed.
When u are booting in safemode, are u loggin with ur user accoutn or with Administrator account ??
and are u getting any error while changing the Home Page or is it greyed out ??
Are u sure the Immunize feature of Spybot and Search is not turned on and causing this restriction to change the Home Page settings ??