Hijacked homepage.

[moray1]

Recently my homepage (www.tiscali.co.uk/) appears to have been hijacked by Microsoft Internet Explorer 7 update page (http://www.microsoft.com/uk/windows/...s/default.mspx), even though tiscali is set in my internet options box. I have swept my pc with Spybot S&D, Ad-Aware 2007, SuperAntiSpyware, AVG, F-Secure, Windows Defender,Regfix and CCleaner but nothing untoward has come up. When I open my internet browser I get a Spybot S&D dialogue box saying =
Cateory: Browser page
Change: Value deleted
Entry: First Home Page
Old data: http://go.microsoft.com/fwlink/?LinkId=5484

No matter if I allow or deny the change I still get directed to MS site

I am using IE7 and XPpro

Please try to keep it simple as I'm not too experienced with pcs. Thank you

[md usa spybot fan]

moray1:

What version of Spybot - Search & Destroy are you running (Spybot > Help > About)?

I addition to your home page which is actually stored as "Start Page" in the system registry there is another entry named "First Home page" that will, if present, be the first page displayed when you open IE. "First Home page" references a URL that is normally displayed only once and then "First Home page" entry is deleted as soon as that URL has been displayed.

The "First Home page" entry is probably not being deleted after the URL has been displayed because you are denying that change to the registry with TeaTimer. Stop denying the change for the "First Home page" and the Microsoft URL will stop being displayed.

[moray1]

I am using version 1.5.2.20 of spybot.

It doesn't matter if I accept or deny the change it still takes me to IE7 updates.

Is there a way of manually deleting and/or cancelling the "First home page" entry?

[md usa spybot fan]

moray1:

Please post the portion of the Resident.log that shows the interaction with TeaTimer for registry changes from the first time you received a dialog message for the change:

• Cateory: Browser page
• Change: Value deleted
• Entry: First Home Page

There are several ways (4 listed below) to access the TeaTimer's Resident.log file:

1. Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
2. Go into Spybot > Mode > Advanced Mode > Tools > Resident.
3. Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
4. Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
   
   • Windows 95 or 98:
     C:\Windows\Application Data\Spybot - Search & Destroy\Logs
   • Windows ME:
     C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
   • Windows NT, 2000 or XP:
     C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
   • Windows Vista:
     C:\ProgramData\Spybot - Search & Destroy\Logs
   
   Double click on Resident.log file and it should open with Notepad.

To copy information from the log into a post in the forum:

1. Copy the information into the Clipboard:
   
   • Highlight the portion of the log that you want to copy.
   • Right click and select Copy.
2. Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.

[moray1]

I think this is what you want, but there is so much info on page I don't really know what I'm looking for. If it's not please be patient with me.


22/03/2008 11:39:51 Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
22/03/2008 11:39:54 Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"") changed in System Startup global entry!
22/03/2008 12:14:24 Allowed (based on user decision) value "Search Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54896") changed in Browser page!
22/03/2008 12:14:29 Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
22/03/2008 12:14:31 Allowed (based on user decision) value "Start Page" (new data: "") deleted in Browser page!
22/03/2008 12:14:35 Allowed (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
22/03/2008 12:14:37 Allowed (based on user decision) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Internet Explorer searches!
22/03/2008 12:45:48 Allowed (based on user decision) value "SearchAssistant" (new data: "") deleted in Browser page!
22/03/2008 12:45:55 Allowed (based on user decision) value "CustomizeSearch" (new data: "") deleted in Browser page!
22/03/2008 12:47:22 Allowed (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
22/03/2008 12:50:50 Allowed (based on user decision) value "Start Page" (new data: "http://www.tiscali.co.uk/") added in Browser page!
23/03/2008 11:40:28 Allowed (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
23/03/2008 14:37:56 Allowed (based on user decision) value "autoclk" (new data: "autoclk.exe") added in System Startup global entry!
23/03/2008 14:37:59 Allowed (based on user decision) value "adiras" (new data: "") deleted in System Startup global entry!
23/03/2008 14:38:00 Allowed (based on user decision) value "autoclk" (new data: "") deleted in System Startup global entry!
23/03/2008 21:19:21 Allowed (based on user decision) value "autoclk" (new data: "autoclk.exe") added in System Startup global entry!
23/03/2008 21:19:34 Allowed (based on user decision) value "adiras" (new data: "adiras.exe") added in System Startup global entry!
23/03/2008 21:19:44 Allowed (based on user decision) value "adiras" (new data: "") deleted in System Startup global entry!
23/03/2008 21:24:29 Allowed (based on user whitelist) value "adiras" (new data: "adiras.exe") added in System Startup global entry!
23/03/2008 21:24:49 Allowed (based on user decision) value "autoclk" (new data: "") deleted in System Startup global entry!
24/03/2008 16:26:42 Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
25/03/2008 15:32:57 Allowed (based on user decision) value "Start Page" (new data: "http://www.tiscali.co.uk/broadband") changed in Browser page!
25/03/2008 16:06:42 Allowed (based on user decision) value "TkBellExe" (new data: "") deleted in System Startup global entry!
25/03/2008 16:21:02 Allowed (based on user decision) value "{6932D140-ABC4-4073-A44C-D4A541665E35}" (new data: "") deleted in Global browser toolbar!
25/03/2008 16:21:07 Allowed (based on user decision) value "{6932D140-ABC4-4073-A44C-D4A541665E35}" (new data: "") deleted in ActiveX Distribution Unit!
25/03/2008 17:13:38 Allowed (based on user decision) value "{21569614-B795-46B1-85F4-E737A8DC09AD}" (new data: "") deleted in User-specific browser toolbar!
25/03/2008 17:13:40 Allowed (based on user decision) value "{EFA24E61-B078-11D0-89E4-00C04FC9E26E}" (new data: "") deleted in User-specific browser toolbar!
25/03/2008 17:13:41 Allowed (based on user decision) value "{EFA24E62-B078-11D0-89E4-00C04FC9E26E}" (new data: "") deleted in User-specific browser toolbar!
25/03/2008 17:13:45 Allowed (based on user decision) value "{EFA24E64-B078-11D0-89E4-00C04FC9E26E}" (new data: "") deleted in User-specific browser toolbar!
25/03/2008 17:13:46 Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
25/03/2008 17:13:47 Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
28/03/2008 16:51:09 Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
28/03/2008 16:51:11 Allowed (based on user decision) value "Start Page" (new data: "") deleted in Browser page!
28/03/2008 16:51:12 Allowed (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
28/03/2008 16:56:23 Allowed (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
28/03/2008 16:58:23 Allowed (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/03/2008 17:00:30 Allowed (based on user decision) value "Start Page" (new data: "http://www.tiscali.co.uk/") added in Browser page!
30/03/2008 11:48:03 Allowed (based on user decision) value "TkBellExe" (new data: ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot") added in System Startup global entry!
30/03/2008 16:51:56 Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Moray\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
30/03/2008 16:53:03 Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
30/03/2008 17:03:45 Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
30/03/2008 17:03:48 Allowed (based on user decision) value "Local Page" (new data: "") deleted in Browser page!
19/04/2008 14:05:49 Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "C:\Program Files\HP\HP Software Update\HPWUCli.exe") added in System Startup user entry!
19/04/2008 14:06:38 Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "") deleted in System Startup user entry!
19/04/2008 14:07:47 Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "C:\Program Files\HP\HP Software Update\HPWUCli.exe") added in System Startup user entry!
19/04/2008 14:12:37 Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "") deleted in System Startup user entry!
27/04/2008 22:16:14 Allowed (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
27/04/2008 22:16:36 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
27/04/2008 22:28:12 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:33:45 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:34:15 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:37:21 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 18:24:05 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 18:26:57 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!

[moray1]

Don't know what I did but issue seems to have sorted itself. Thanx for the help.

[md usa spybot fan]

moray1:

I'm sorry I didn't get back to you, I evidentially missed when you posted your log.

As I indicated the "First Home Page" is a use once home page and the registry entry is normally deleted after that home page is displayed. In your case, you allowed the "First Home Page" registry entry to be added, which was probable the correct action. However, when the entry was being deleted you repetitively denied the change so the that "First Home Page" was displayed each time you started IE.

Code:

27/04/2008 22:16:14 Allowed (based on user decision) value "First Home Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54843") added in Browser page!
27/04/2008 22:16:36 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
27/04/2008 22:28:12 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:33:45 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:34:15 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 16:37:21 Denied (based on user decision) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 18:24:05 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
28/04/2008 18:26:57 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!

[mitty]

Hi

I have the same problem you had. I was asked by TeaTimer if I wanted to allow the change and I denied it, now my home page is Internet Explore 7 update page. I am running XPpro IE6 Spybot S&D 1.6. I have not been asked to accept or deny after the first time

Resident Log
15/10/2008 09:25:02 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
15/10/2008 09:30:01 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
15/10/2008 22:28:02 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
16/10/2008 12:59:18 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
16/10/2008 13:17:19 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
16/10/2008 13:19:42 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
16/10/2008 22:37:01 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!
16/10/2008 22:37:48 Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!


I am not sure if it is correct to attach this to a previous post or start a new one as my problem is the same.

Please help

[drragostea]

As I indicated the "First Home Page" is a use once home page and the registry entry is normally deleted after that home page is displayed. In your case, you allowed the "First Home Page" registry entry to be added, which was probable the correct action. However, when the entry was being deleted you repetitively denied the change so the that "First Home Page" was displayed each time you started IE.

I'm not sure if you have upgraded yet (to Internet Explorer 7), but the Run Once page appears only once. It'll be used to enabled the user to customize settings to their own likings.

mitty, from your log it tells me that you've denied the change (I'm just assuming you didn't know what it is or what it wanted) and clicked "Remember my Decision", thus it says "blacklist".

What you'll have to do is undo this.
~
If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:

• Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
  
  • Allowed registry changes
  • Blocked registry changes
  • Allowed processes
  • Blocked processes
• You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Blocked registry changes".
• You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.

~

[mitty]

Thanks for the info, I've now got my home page back. I still can't understand if I denied the change in the first place why the page changed, I thought if I denied the change it would keep my original home page (Tiscali) and not change it to Microsoft IE7 page.


If anybody can explain it for me I would be grateful

I have not installed internet explorer 7 as on the examples I've seen it appears to slowdown the loading of pages.

Thanks again for your help.