Browser Opens upon Reboot

Win2K Pro, all updates.
I.E. 6.0, all updates.
Pentium II-450 (dont laugh)
Plenty of ram and disk space

Problem: Upon reboot, I.E. 6.0 browser opens up automatically.

Can this be fixed?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne BarronAuthor, Web DeveloperCommented:
When it opens, What page is displayed?
Is it a Blank Page? or a Possible Spyware Page?

This is information that is needed in order to tell you were to start looking.

I was told that no question is a stupid question...however, do you make sure the Browser is closed when you shutdown?
Wayne BarronAuthor, Web DeveloperCommented:
Good one Tez.
But to my knowledge if you leave an Explorer window opened, it will "sometimes"
open on reboot.
But IE windows, I have never known of them reopening on reboot.?
But then again, their is always a first. right?

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I know IE that's opening but could you test this: Open Windows Explorer go to Tools - Folder options - View

If "Remeber each folder's view settings" is checked can you un-check it close everything down and reboot...
zchussAuthor Commented:
Browser is closed when shuting down. check.
Spyware -- have run spybot and lavasoft. check.
Removed "remember folder view settings." check.

Still does it.

hmmm... aghh .... windows ... aghh...
Wayne BarronAuthor, Web DeveloperCommented:
Did not answer one of my questions?

What page is loaded in IE when it opens on reboot?
zchussAuthor Commented:
blank page.

also, under tools>internet options>general>homepage, i have this set to: about:blank
Wayne BarronAuthor, Web DeveloperCommented:
Go here and see if you "see" anything to do with "IE"

Start | Run
Type in     regedit

Navigate to the following key

zchussAuthor Commented:
mobsync.exe?  is that koser?  its in there.

nothing else in there looks unusual... i have a screen cap if you want to see. can we post attachements on this forum?

i also ran virus scan, came up with nothing (pc-cillin house call).

theres a few places IE could start on a Windows 2000 Pro box... one is the registry.

as Carrzkiss has said, in the registry it's

look for iexplore.exe in there... if not, check your start menu... usually this is a BIG DUH, but some people neglect it... (maybe you clicked and dragged and didn't realize that you just put the Internet Explorer link in the Startup folder) so check the startup folder in the start menu... see if IE is in there... if not, the only other place i can think of is in one of the INI files. i cant remember if its system.ini, or win.ini, but theres a backward compatability for the Run command in there... so check those two files (should be in your C:\WINNT folder) for a RUN=iexplore.exe or simmilar.

other than that... unless you replaced explorer.exe with iexplore.exe, i'd be stumped.
Wayne BarronAuthor, Web DeveloperCommented:
mobsync.exe = Synchronization Manager
Leave that alone.

If you are not seeing anything unusual in there, then
Try what: Mystik

zchussAuthor Commented:
looked in both win.ini and system.ini -- nothing in either one about iexplorer.exe.

nothing in registry either under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

oh well, guess i'll have to live with it.

Wayne BarronAuthor, Web DeveloperCommented:
Check another registry key


This is your UserKey. So what ever you do or the computer sets strictly for you.
Is done under the "HKEY_CURRENT_USER"

Give it a check and see if their is anything located here
That may be the IE launch issue.

good call carrzkiss...

i think theres another key location it could start at, but i'm not exactly sure what it looks like...

i think it's somewhere in the software/microsoft/windowsnt/ area... i'm not entirely sure of the details on that, i'd probably have to ask an NT user for the correct key... i'll bounce the question off of some friends of mine see what i can come up with.
zchussAuthor Commented:
Thanks guys.  I looked under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run  

but still did not see anything related to iexplorer.exe

thanks again.
Wayne BarronAuthor, Web DeveloperCommented:
You are referring to this Key
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
Under the    [ Load ] value.
See if their is anything in this area.

It is for "Explorer"
I do not think that IE will be in this area.
But then again, stranger things can happen.

Have you tried to logon as anothe User?
And to see if it accures their?

If you are the Admin, then create a 2nd User and logon as it.
And see if IE Launches under the 2nd User.

Or if you are the 2nd User, logon as "Administrator - password "
And see if it appears.

zchussAuthor Commented:
ok folks -- good morning.

the problem does not occur when in the admin account.

it only occurs in my user account, the account i use 95% of the time. i did not try to creating a new account yet.  it seems to me that the issue is related to something i downloaded in my user account.

i took the initiative to run CWShredder (scan only) and the report came back as follows:

CWShredder v2.0. scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.

System Information:
Windows 2000 (5.00.2195 SP4)
Windows dir: C:\WINNT
Windows system dir: C:\WINNT\system32
AppData folder: C:\Documents and Settings\dan\Application Data
Username: Dan
Found Java ByteVerifier patch (Q816093) installed! (Hotfix)

Found Hosts file: C:\WINNT\system32\drivers\etc\hosts (734 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINNT\system32\userinit.exe,
Found Win.ini file: C:\WINNT\win.ini (402 bytes, A)
Found System.ini file: C:\WINNT\system.ini (227 bytes, -)


 **** Run Keys ****

RUN: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
RUN: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
RUN: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
RUN: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
RUN: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
RUN: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
RUN: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
RUN: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
RUN: [WebCamRT.exe]  

 **** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 **** IE Toolbars ****

TOOLBAR: [@msdxmLC.dll,-1@1033,&Radio] C:\WINNT\System32\msdxm.ocx


Then I ran HijackThis.exe  and the following report was generated:

Logfile of HijackThis v1.98.2
Scan saved at 8:43:27 AM, on 12/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\WebWasher\wwasher.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Jetico\BestCrypt\BCResident.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dan\My Documents\Temp\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


Not sure if any of the above helps, but thought anything was worth trying at this point.

Again, thanks for any insights.

Wayne BarronAuthor, Web DeveloperCommented:
Everything looks to be fine in the log files.

Since the Admin user account does not have this problem, Then it is strickly
On your user account. Since their is no indications of a problem in the "Registry"
That would explain this issue. Then their is only one other place to check.
And I doubt that their is going to be anything there.

Go To
C\Documents and Settings\Your User Account\Local Settings\Temp
Delete everything out of the above folder.
If you are unable to Delete everything, then try and reboot and Delete
But since the IE Window appears at boot. It may be difficult to delete everything.

Try downloading the FREE program. Adaware located here.

install and Run the program, Choose to "Update" the Difinitions.
Then run the Program and click on the program [Start] Button
On the next page choose [Perform Smart Scan]
This will check both the Registry and the C:\ Drive.

It will find such files as.
Cookies, Hijack Attempts, and so forth.
In the Results, look through everything, making sure that Adaware is not detecting
Anything that is used by a program, that is legit. And then Right Click and choose
[Select All] And then click on the [Delete] Button.

Let us know the outcome.
If you are unsure of the files that I listed in the Search.
Then you can click on the [Log File] and paste it here.
Depending on how much stuff it has found, the file may be right huge.

Take Care
zchussAuthor Commented:
Carrzkiss et al .. thanks again.

Unfortunately nothing doing. Deleted contents of C\Documents and Settings\Your User Account\Local Settings\Temp and both Adaware and Spybot both turn up empty.

Amazing ...  and it is still isolated to just this one user account.  

Wayne BarronAuthor, Web DeveloperCommented:
That is so very strang. I am stumped.

Why would IE launch from Boot, unless something was forcing it to do so.

OK... Lets pluck around in your brain for a minute or so.
Do you remember what you did, on rather or not, you installed something
when this started to happen?

If all else feels. Since you are running Win2k. You can always go in.
And Uninstall IE6, which will give you back IE5.5 or what ever you last had.
Then test if the IE Window is still on Bootup.
If not, then it could be something wrong with a .dll
Not really sure if doing a Repair on IE will help, not ever sure if doing the Uninstall
Will help, But these are just things that "I" would do if faced with this problem.

If the Previous version of IE, does not have the IE Bootup.
Then you will know that it was only effected on: IE6.
Then you can then...  Defrag your Hard Drive.
And then reinstall IE6 back on the machine.
And see if the issue still exist after all this.

And if it does, then I do not know what to tell you.
Except to look back at anything that you might have done,
Following up to the IE Bootup problem starting.
the only thing that set off my radar on that report that you gave, zchuss, was Web Washer...

what is this application? do you know? or does it just kinda exist?

maybe try taking it out of the startup and see if you still have the problem... the key can easially be re-added later.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wayne BarronAuthor, Web DeveloperCommented:
Web Washer is a program for cleaning up your "Internet History, Cookies, Temp Files"
Not a harmful program as far as I know.
That is the reason why I did not say anything about it myself.

Take Care
Wayne BarronAuthor, Web DeveloperCommented:
Hope that we helped?
Could you let us know if the above Accepted & Assisted Answers was the problem?

zchussAuthor Commented:
Web Washer Classic, which is a very awesome and slick piece of freewear [ ], and which has served me faithfully for many years, somehow was causing the problem. Once I played with the user setting, everything went back to normal again.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.