Serious Problem setting home page in IE6

babu17 · 2005/07/30

Hi,

This is my first post to this bulletin board. Hope I'll get a solution. I'm using a P4 machine with Windows XP Pro. I'm experiencing a serious problem in setting my home page in internet explorer. Everytime I open Tools->Internet Options and set the home page to my desired page, the page I desired shows up in the blank field only till the moment I left click apply and OK. After clicking OK if I go back and check my home page settings immediately, it automatically changes to this page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

I've tried my best to solve this issue but in vain. I opened the registry and navigated to

"My Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page "
where the value was http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
I modified that value to "about:blank ". Even in the registry I'm not able to change the value. It shows the value changed to "about:blank" only till I stay there in the key. If I move to another key and come back and check the above stated key, it still shows the value http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
The modification I made didn't make any effect.

Then I tried "Hijack This" but still the problem persists. Give below is the log of Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 4:37:27 PM, on 7/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\windows\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\cisvc.exe
D:\windows\system32\crypserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\windows\Explorer.exe
D:\PROGRA~1\PARENT~1\ParentalFilter.exe
D:\windows\SOUNDMAN.EXE
D:\WINDOWS\System32\hkcmd.exe
D:\windows\system32\pctspk.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\WinAlarm\WinAlarm.exe
D:\Program Files\HomeKeylogger\KeyLogger.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\windows\system32\ctfmon.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\windows\system32\wscntfy.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\windows\system32\cidaemon.exe
D:\Documents and Settings\Babu\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zdnetindia.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe D:\PROGRA~1\PARENT~1\ParentalFilter.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL - {EF99BD50-CDFB-11E2-892F-1090271D4F78} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinAlarm] D:\Program Files\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [HomeKeyLogger] D:\Program Files\HomeKeylogger\KeyLogger.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ctfmon.exe] D:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - D:\Program Files\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - FILE://J:\CONTENT\INCLUDE\XPPATCHINSTALLER.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - FILE://J:\CONTENT\INCLUDE\MSSECUCD.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{31E7CDD0-066F-4EEC-A135-C61BFA509A43}: NameServer = 218.248.255.145 61.1.96.69
O20 - Winlogon Notify: igfxcui - D:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\windows\SYSTEM32\crypserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

I guess the problem occured after installing the MSN toolbar. While installation, it prompted me whether I wish to set MSN as my home page and I clicked on yes and agreed to it. But only later did I find that I was not able to change my home page to any other site other than the link I've given above. I've now uninstalled the MSN toolbar but still the problem persists.

Please help me solve this issue.
Thanks in advance..
R.Babu

PeteC · 2005/07/30

Home page setting changes unexpectedly, or you cannot change your home page setting

Are you running updated antivirus software and have you scanned your PC for viruses recently?

It would be worth your while to run an online scan fron RAV - through Quicklinks in my signature.

I see nothing of concern in your HJT log.

Arie · 2005/07/30

D:\Program Files\HomeKeylogger\KeyLogger.exe

That would concern me, if you didn't put it there yourself

PeteC · 2005/07/30

Home Key Logger from here has to be installed manually, only logs to a file. Spyware in the sense that it 'spys' on users, but that info is sent nowhere. Coupled with D:\PROGRA~1\PARENT~1\ParentalFilter.exe it seems reasonable ??

PeteC · 2005/07/30

I have seen the edit to your original post - better to make another post rather than add to an existing one as most people who have already read the thread will only look at the new posts.

I suggest you run Systen File Checker ....

Start > Run > type in sfc /scannow - note the space before the / and have your XP CD handy. SFC will run and exit without any closing dialogue. To see which files, if any, were replaced look in Event Viewer.

BTW - did you install Home Key Logger?

babu17 · 2005/07/31

Yes, the Keylogger was installed by me. I ran the system file checker but yet my problem is not resolved. I scanned my system for viruses using AVG Anti-Virus after updating it's virus definitions. But no viruses were reported. What should I do know ? how do I fix this issue ?

PeteC · 2005/07/31

Have you been through the URL I posted in post #2? - viruses are not the only cause.

Have you scanned your computer for spyware, etc using Ad-Aware SE, Spybot and Microsoft AntiSpyware Beta? - all available through Quicklinks in my signature.

Run an online Trojan Scan - http://www.windowsecurity.com/trojanscan/

I found a couple more references ....

http://inetexplorer.mvps.org/answers/41.html

and although may not be exactly your problem it may be worth a try ....

http://www.tek-tips.com/viewthread.cfm?qid=1086778&page=1

Before making alterations to the Registry do a couple of things - back up the Registry - or at least the keys you are modifying - How to back up, edit, and restore the registry in Windows XP and Windows Server 2003

It looks like your home page may be locked - are you using Spybot which has an option (Advanced) to lock the Home Page, see screen shot.

It is possible that you do not have the 'right' to alter this setting - you may need to log on as Administrator to make this change. In Control Panel go to User Accounts and see if you are listed as a Computer Administrator.

Log in or Sign up

Serious Problem setting home page in IE6

babu17 Inactive Thread Starter

PeteC SuperGeek Staff

Arie Administrator Administrator Staff

PeteC SuperGeek Staff

PeteC SuperGeek Staff

babu17 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

Serious Problem setting home page in IE6

babu17 Inactive Thread Starter

PeteC SuperGeek Staff

Arie Administrator Administrator Staff

PeteC SuperGeek Staff

PeteC SuperGeek Staff

babu17 Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches