Browser Opens upon Reboot

Posted on 2004-12-01
Last Modified: 2010-04-14
Win2K Pro, all updates.
I.E. 6.0, all updates.
Pentium II-450 (dont laugh)
Plenty of ram and disk space

Problem: Upon reboot, I.E. 6.0 browser opens up automatically.

Can this be fixed?


Question by:zchuss
    LVL 30

    Expert Comment

    by:Wayne Barron
    When it opens, What page is displayed?
    Is it a Blank Page? or a Possible Spyware Page?

    This is information that is needed in order to tell you were to start looking.

    LVL 1

    Expert Comment

    I was told that no question is a stupid question...however, do you make sure the Browser is closed when you shutdown?
    LVL 30

    Expert Comment

    by:Wayne Barron
    Good one Tez.
    But to my knowledge if you leave an Explorer window opened, it will "sometimes"
    open on reboot.
    But IE windows, I have never known of them reopening on reboot.?
    But then again, their is always a first. right?

    LVL 1

    Expert Comment

    I know IE that's opening but could you test this: Open Windows Explorer go to Tools - Folder options - View

    If "Remeber each folder's view settings" is checked can you un-check it close everything down and reboot...

    Author Comment

    Browser is closed when shuting down. check.
    Spyware -- have run spybot and lavasoft. check.
    Removed "remember folder view settings." check.

    Still does it.

    hmmm... aghh .... windows ... aghh...
    LVL 30

    Expert Comment

    by:Wayne Barron
    Did not answer one of my questions?

    What page is loaded in IE when it opens on reboot?

    Author Comment

    blank page.

    also, under tools>internet options>general>homepage, i have this set to: about:blank
    LVL 30

    Expert Comment

    by:Wayne Barron
    Go here and see if you "see" anything to do with "IE"

    Start | Run
    Type in     regedit

    Navigate to the following key


    Author Comment

    mobsync.exe?  is that koser?  its in there.

    nothing else in there looks unusual... i have a screen cap if you want to see. can we post attachements on this forum?

    i also ran virus scan, came up with nothing (pc-cillin house call).

    LVL 1

    Expert Comment

    theres a few places IE could start on a Windows 2000 Pro box... one is the registry.

    as Carrzkiss has said, in the registry it's

    look for iexplore.exe in there... if not, check your start menu... usually this is a BIG DUH, but some people neglect it... (maybe you clicked and dragged and didn't realize that you just put the Internet Explorer link in the Startup folder) so check the startup folder in the start menu... see if IE is in there... if not, the only other place i can think of is in one of the INI files. i cant remember if its system.ini, or win.ini, but theres a backward compatability for the Run command in there... so check those two files (should be in your C:\WINNT folder) for a RUN=iexplore.exe or simmilar.

    other than that... unless you replaced explorer.exe with iexplore.exe, i'd be stumped.
    LVL 30

    Expert Comment

    by:Wayne Barron
    mobsync.exe = Synchronization Manager
    Leave that alone.

    If you are not seeing anything unusual in there, then
    Try what: Mystik


    Author Comment

    looked in both win.ini and system.ini -- nothing in either one about iexplorer.exe.

    nothing in registry either under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    oh well, guess i'll have to live with it.

    LVL 30

    Expert Comment

    by:Wayne Barron
    Check another registry key


    This is your UserKey. So what ever you do or the computer sets strictly for you.
    Is done under the "HKEY_CURRENT_USER"

    Give it a check and see if their is anything located here
    That may be the IE launch issue.

    LVL 1

    Expert Comment

    good call carrzkiss...

    i think theres another key location it could start at, but i'm not exactly sure what it looks like...

    i think it's somewhere in the software/microsoft/windowsnt/ area... i'm not entirely sure of the details on that, i'd probably have to ask an NT user for the correct key... i'll bounce the question off of some friends of mine see what i can come up with.

    Author Comment

    Thanks guys.  I looked under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run  

    but still did not see anything related to iexplorer.exe

    thanks again.
    LVL 30

    Expert Comment

    by:Wayne Barron
    You are referring to this Key
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Under the    [ Load ] value.
    See if their is anything in this area.

    It is for "Explorer"
    I do not think that IE will be in this area.
    But then again, stranger things can happen.

    Have you tried to logon as anothe User?
    And to see if it accures their?

    If you are the Admin, then create a 2nd User and logon as it.
    And see if IE Launches under the 2nd User.

    Or if you are the 2nd User, logon as "Administrator - password "
    And see if it appears.


    Author Comment

    ok folks -- good morning.

    the problem does not occur when in the admin account.

    it only occurs in my user account, the account i use 95% of the time. i did not try to creating a new account yet.  it seems to me that the issue is related to something i downloaded in my user account.

    i took the initiative to run CWShredder (scan only) and the report came back as follows:

    CWShredder v2.0. scan only report
    Please understand that a CWShredder 'Scan only' report
    might not be sufficient to troubleshoot an infected system.

    System Information:
    Windows 2000 (5.00.2195 SP4)
    Windows dir: C:\WINNT
    Windows system dir: C:\WINNT\system32
    AppData folder: C:\Documents and Settings\dan\Application Data
    Username: Dan
    Found Java ByteVerifier patch (Q816093) installed! (Hotfix)

    Found Hosts file: C:\WINNT\system32\drivers\etc\hosts (734 bytes, A)
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINNT\system32\userinit.exe,
    Found Win.ini file: C:\WINNT\win.ini (402 bytes, A)
    Found System.ini file: C:\WINNT\system.ini (227 bytes, -)


     **** Run Keys ****

    RUN: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
    RUN: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    RUN: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    RUN: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    RUN: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    RUN: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    RUN: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    RUN: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    RUN: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    RUN: [Synchronization Manager] mobsync.exe /logon
    RUN: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
    RUN: [WebCamRT.exe]  

     **** Browser Helper Objects ****

    BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll

     **** IE Toolbars ****

    TOOLBAR: [@msdxmLC.dll,-1@1033,&Radio] C:\WINNT\System32\msdxm.ocx


    Then I ran HijackThis.exe  and the following report was generated:

    Logfile of HijackThis v1.98.2
    Scan saved at 8:43:27 AM, on 12/3/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\AlfaClock\AlfaClock.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Program Files\LIUtilities\WinTasks\wintasks.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\Program Files\WebWasher\wwasher.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Jetico\BestCrypt\BCResident.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\dan\My Documents\Temp\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


    Not sure if any of the above helps, but thought anything was worth trying at this point.

    Again, thanks for any insights.

    LVL 30

    Expert Comment

    by:Wayne Barron
    Everything looks to be fine in the log files.

    Since the Admin user account does not have this problem, Then it is strickly
    On your user account. Since their is no indications of a problem in the "Registry"
    That would explain this issue. Then their is only one other place to check.
    And I doubt that their is going to be anything there.

    Go To
    C\Documents and Settings\Your User Account\Local Settings\Temp
    Delete everything out of the above folder.
    If you are unable to Delete everything, then try and reboot and Delete
    But since the IE Window appears at boot. It may be difficult to delete everything.

    Try downloading the FREE program. Adaware located here.

    install and Run the program, Choose to "Update" the Difinitions.
    Then run the Program and click on the program [Start] Button
    On the next page choose [Perform Smart Scan]
    This will check both the Registry and the C:\ Drive.

    It will find such files as.
    Cookies, Hijack Attempts, and so forth.
    In the Results, look through everything, making sure that Adaware is not detecting
    Anything that is used by a program, that is legit. And then Right Click and choose
    [Select All] And then click on the [Delete] Button.

    Let us know the outcome.
    If you are unsure of the files that I listed in the Search.
    Then you can click on the [Log File] and paste it here.
    Depending on how much stuff it has found, the file may be right huge.

    Take Care

    Author Comment

    Carrzkiss et al .. thanks again.

    Unfortunately nothing doing. Deleted contents of C\Documents and Settings\Your User Account\Local Settings\Temp and both Adaware and Spybot both turn up empty.

    Amazing ...  and it is still isolated to just this one user account.  

    LVL 30

    Expert Comment

    by:Wayne Barron
    That is so very strang. I am stumped.

    Why would IE launch from Boot, unless something was forcing it to do so.

    OK... Lets pluck around in your brain for a minute or so.
    Do you remember what you did, on rather or not, you installed something
    when this started to happen?

    If all else feels. Since you are running Win2k. You can always go in.
    And Uninstall IE6, which will give you back IE5.5 or what ever you last had.
    Then test if the IE Window is still on Bootup.
    If not, then it could be something wrong with a .dll
    Not really sure if doing a Repair on IE will help, not ever sure if doing the Uninstall
    Will help, But these are just things that "I" would do if faced with this problem.

    If the Previous version of IE, does not have the IE Bootup.
    Then you will know that it was only effected on: IE6.
    Then you can then...  Defrag your Hard Drive.
    And then reinstall IE6 back on the machine.
    And see if the issue still exist after all this.

    And if it does, then I do not know what to tell you.
    Except to look back at anything that you might have done,
    Following up to the IE Bootup problem starting.
    LVL 1

    Accepted Solution

    the only thing that set off my radar on that report that you gave, zchuss, was Web Washer...

    what is this application? do you know? or does it just kinda exist?

    maybe try taking it out of the startup and see if you still have the problem... the key can easially be re-added later.
    LVL 30

    Assisted Solution

    by:Wayne Barron
    Web Washer is a program for cleaning up your "Internet History, Cookies, Temp Files"
    Not a harmful program as far as I know.
    That is the reason why I did not say anything about it myself.

    Take Care
    LVL 30

    Expert Comment

    by:Wayne Barron
    Hope that we helped?
    Could you let us know if the above Accepted & Assisted Answers was the problem?


    Author Comment

    Web Washer Classic, which is a very awesome and slick piece of freewear [ ], and which has served me faithfully for many years, somehow was causing the problem. Once I played with the user setting, everything went back to normal again.


    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now