same symptoms

[Krag]

IE does not show up in Uninstall Software so I cannot
uninstall and reinstall.

I change the default home page but it changes to
searchsomething.ws everytime I restart IE.

There seems to be a new program causing these IE 6
problems... again I'm not suprised that M$ hasn't fixed it.

I had to use Mozilla Firebird to get on this forum... IE 6
kept crashing.

IE 6 worked fine until about 3 days ago... How can I
uninstall it?

 

[war17]

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
or
CWShredder
http://www.spychecker.com/program/cwshredder.html

3. Some porn websites redirects links to their websites using your HOSTS
file. Do a search for the HOSTS (without extension) file and remove the
entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just
download on your computer without your permission. From the Internet
Toolbar, go to Tools > Internet Options > Advanced. Make sure "Enable
Install On Demand (Internet Explorer)" and "Enable Install On Demand
(Other)" are unchecked.

 

[krag]

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

HERE'S THE LOG

Logfile of HijackThis v1.97.7
Scan saved at 8:59:10 PM, on 1/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\PROGRA~1\WEBTRE~1\WTAM_Service.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\tp4serv.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\EASYLA~1\TPHKMGR.exe
C:\program files\timbuktu pro\tb2init.exe
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP
InSight\IPMon32.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton
Ghost\GhostStartTrayApp.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InstallShield Software Corporation\802.11b
Wireless Lan Utility\RtlWake.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\MozillaFirebird\MozillaFirebird.exe
C:\Documents and Settings\Default\Local
Settings\Temp\hijackthis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe

O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} -
(no file)
O2 - BHO: (no name) -
{000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) -
{041E7354-2AF3-5DFB-1FCE-60369A806CB6} -
C:\WINNT\system32\rcvrnzev.dll
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{316148DF-BFE6-DAC8-397D-A18629EAA7DE} -
C:\WINNT\system32\uuadaygo.dll
O2 - BHO: (no name) -
{71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher -
{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)
O2 - BHO: (no name) -
{D8E25C53-9508-4f5c-9249-D98D438891D5} -
C:\WINNT\System32\ssurf022.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPHOTKEY]
C:\PROGRA~1\ThinkPad\EASYLA~1\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate]
C:\WINNT\System32\SSUpdate.exe
O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu
pro\tb2init.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu
pro\tb2logon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program
Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program
Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program
Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [] c:\WINNT\System32\
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [] c:\WINNT\System32\
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks]
C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program
Files\InstallShield Software Corporation\802.11b Wireless
Lan Utility\RtlWake.exe
O4 - Global Startup: SideACT!.lnk = C:\Program
Files\ACT\SideACT.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec
AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM
Access Support) -
https://www-3.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37977.7015277778
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec
RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Frank Saunders, MS-MVP IE/OE]

HERE'S THE LOG

Please post the log where the experts are:
http://www.spywareinfo.com/forums/

But you have way too much running at startup.

--
Frank Saunders, MS-MVP IE/OE
http://www.fjsmjs.com
Reply to Newsgroup. I won't answer email
Protect Your PC
http://www.microsoft.com/security/protect/