IE8 refuses to change bad homepage on startup and unable to restore system

ksnow · Oct 2, 2011

Today when I logged onto IE8 I received an error message associated with a web site that I have never set as a home page: "https://www.schwab.com/trading/CMSPageNotFound) & the error is "An error occured while displaying this page. Please press the Reload button or the Back button in your browser. Error number: 10004 (2)"

I deleted IE8 and reinstalled it without success in eliminating this problem. I tried multiple home page resets without success. I tried system restore and while it said it was restoring, when it finished it said it was unable to restore any of the 3 different restore points that I tried. I can get to the web sites from "my favorites" links or if I type them in.

I ran a 4hour Microsoft malware removal tool which did not reveal any problem.

I have tried to follow the Malware removal procedure and am attaching the files I have generated.

My system is XPHome. I have tried to follow what others have found successful but have not been able to resolve this problem.

I will add another thread to contain other logs from programs I have tried

ksnow · Oct 2, 2011

Continued...

I also converted msconfig to "normal setup" and ran MBR, and Root Repeal.

Thank you very much for any help you can give me.

Katrina

Kestrel13! · Oct 3, 2011

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

Kestrel13! · Oct 4, 2011

Knowledge Networks Technology Tracking Application <--- Uninstall this garbage.

In exchange for having your Internet browsing and purchasing activity monitored, KN Connection members can earn additional survey points on an ongoing basis. You will receive 40,000 survey points credited to your Knowledge Networks account after your first month of participation, which includes installing the KN Connection research software and accessing the Internet at least once in the next 30 days. As this is an ongoing study you will also receive 15,000 points quarterly for your continued participation in this study. Remember, to qualify for these benefits, the KN Connection software must remain installed on your computer and you must access the Internet at least once every 30 days.
Click to expand...

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O18 - Protocol: bw+0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2658D697-2F0F-43B7-943A-2A3F39CDCAF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

After clicking Fix exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

ksnow · Oct 4, 2011

Thank you very much. My sister and I share the computer I am working to fix. She is adamant that she has used Knowledge Panel for 3-4 years without a problem and does not want to delete it.

We ran MGTools/analyze.exe and fixed the items that you listed. I have attached the new log file.

The two problems, the unable to change homepage and unable to restore to an old restore point, still exist after rebooting.

I very appreciate your assistance and advice.

Katrina

Kestrel13! · Oct 4, 2011

Here we are, this will do the trick I hope.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.schwab.com/public/schwab/home/welcomep.html

After clicking Fix exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

ksnow · Oct 4, 2011

Thanks again for your help. I screwed up and in my excitement of solving the problem, I forgot to disable Norton, Superantispy and Malwarebytes!! I am soo sorry.

I am attaching the MGLogs.zip file. Let me know if I need to run it again "clean" of antivirus, antispy etc.

After rebooting, The same IE8 error comes up and I am not able to change the home page and I am still unable to restore it to a prior date.

Thanks you again and I will be away from my computer for about 3 hours and will check in when I get home.

Katrina

Kestrel13! · Oct 4, 2011

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Vista and Windows 7 users Right-click OTL and choose Run as Administrator)

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

ksnow · Oct 5, 2011

Hi,

We ran the scan and the logs are attached. (We shut all windows and antispy/antimalware applications)
.
Thanks again for your help.

Katrina

Kestrel13! · Oct 5, 2011

We need to run an OTL Fix

Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.

Copy and Paste the following code into the Image textbox. Do not include the word Code

Code:
Code:
:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.schwab.com/public/schwab/home/welcomep.html

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
Then click the Run Fix button at the top.

Click Image.

OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!

ksnow · Oct 5, 2011

Hi,
I had problems doing the OTL task. I was unable to sign on as administrator without a password so I tried signing on as a current user. This hung on "retting host file, don't interrupt" so I restarted and ran it as current user, unchecking the "protect my computer" box. It ran and rebooted. On reboot, an OTL window came up asking whether to run or cancel and I cancelled (?). I am not able to find a notebook file from this run either on the desktop or in notepad.

I ran MGlogs\Getlogs.bat and have attached the zip file.

There is no change in my status regarding home page or restore items.

Thank you very much,

Katrina

Kestrel13! · Oct 5, 2011

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=”http://www.majorgeeks.com/”
Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Has that made any difference? Hmm..

ksnow · Oct 5, 2011

Thanks again,

I did fixME.reg and received a "success" message.

I then rebooted and received the same error message pointing to the same Schwab site noted in my first post.

Still a problem, sorry,

Trina

TimW · Oct 5, 2011

Please try this:

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"=http://
Click to expand...

ksnow · Oct 5, 2011

Thanks for helping us.

I did fixME.reg with the new, larger file and received a "success" message.

I then rebooted and received the same error message pointing to the same Schwab site noted in my first post.

Still a problem, sorry,

Katrina

TimW · Oct 5, 2011

Is Norton protecting your homepage?

ksnow · Oct 5, 2011

I am not sure I understand the question. We do have Norton 360 installed.

We did not disable it prior to the last 2 tasks.

Thanks,

Katrina

TimW · Oct 5, 2011

Try disabling it and then redo the fixes.

ksnow · Oct 5, 2011

Hi,

Disabled Norton antivirus and firewall and exited SuperAntispyware and Malwarebyes antimalware.

Ran each regedit separately. Success with both.

No change in status after either one.

IE8 still comes up with the same error and web site and when we reset it to a different site (which we can access by typing it in), it goes back to the error page when IE8 restarted.

Thanks for your patience,

Katrina

Kestrel13! · Oct 5, 2011

Whilst I have a think about this can you please tell us what happens when using safe mode with networking? How does the browser behave now? Home page normal or not?

Kestrel13! · Oct 5, 2011

Now, try this next bit in normal mode again.

Go to this link Reset Internet Explorer 8 settings scroll partway down to where it says To reset Internet Explorer settings automatically click on the > to open up the option of using the Microsoft FixIt Tool. Let us know if this helped or not?

Kestrel13! · Oct 5, 2011

And if you are still having no luck, let's try this:

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

DDS::
uStart Page = https://www.schwab.com/public/schwab/home/welcomep.html
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Any luck?

ksnow · Oct 5, 2011

Thanks for both posts. (Actually I see now there is a third one!)

WOW this is tough!

First when I went into safemode with networking there was no error when I loaded IE8. It went to Dellnet.com and I was able to change the home page to google.com where I left it when I exited.

Then in normal mode I went to IE8 and got the same error/webpage and I went ahead to the http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings and ran the reset settings automatically and ran the Microsoft Fixit tool then closed IE8 and reopened it with same error/webpage and the same happened after rebooting.

I see that you have another idea and I am very thankful to you for your persistance in trying to solve this problem.

Unfortunately, I am unable to do this fix until tomorrow, but first thing in the morning I will do it and post the log back to you.

Thanks again and have a good evening.

Katrina

Kestrel13! · Oct 5, 2011

Hi Katrina. I hope that last fix with Combofix is successful for us too. See you tomorrow.

Kestrel13! · Oct 5, 2011

What types of add-on's do you use if any for Internet Explorer? (Let me know when you can)

ksnow · Oct 6, 2011

Hi,

How will we know when Combofix is done? It has been about 30 minutes. The program did update before running. There is no c:\combofix.txt yet.

Also, we have no add-ons to IE8. When we started having this problem on Saturday, one of the first things we did was download a new IE8 file because we noticed that the version listed under about IE showed that it was IE8 but the version # started with a 7. So we removed the old IE8 and installed the new one. This did not resolve the problem.

Thanks,
Katrina

ksnow · Oct 6, 2011

Hi again,

Still no notice that Combifix is done and no file on c:\ drive.

Help?

Thanks, Marilyn

TimW · Oct 6, 2011

Go ahead and shut it down. You may need to do a restart to stop it.

ksnow · Oct 6, 2011

Thanks again,

We did have to poweroff to get the computer cleared up. A Microsoft IE8 cummulative security update downloaded but this did not change our problem.

What now?

Thanks,

Katrina

ksnow · Oct 6, 2011

There is no combofix.txt file on the C drive

TimW · Oct 6, 2011

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
"HomePage"=dword:00000000

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"HomePage"=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"HomePage"=dword:00000001

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"**del.HomePage"=" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

You may have to restart to see if it works.

ksnow · Oct 6, 2011

We disabled Norton, SuperAntispy and Malwarebytes.

Created fixMe.reg file and double clicked with success message.

Reboot: Same error message and still unable to restore to an earlier date (tried 9/28 and 9/23).

Thanks again for your patience.

Katrina

Kestrel13! · Oct 6, 2011

Now, I have been having a think. (Running out of options now though! Although I am asking a colleague about this too) What I think may be a good idea, and I hope you agree to this, is upgrading to IE9. Then let's see if the same problem still exists. Want to try?

ksnow · Oct 6, 2011

My information says that "to install Internet Explorer 9, you need to upgrade to a more recent version of windows." This sounds like I would need to upgrade to Windows 7 which would likely be a problem for my aging machine.

Can you advise me regarding this?

Are there any other options that we might use within Internet Explorer?

Thank you again for you help,

Katrina

PS I assume the problem with restore stems from the IE8 problem, because they seem to have occurred together, but what do you think?

Kestrel13! · Oct 6, 2011

Yes, XP is not supported, I forgot you were on XP. Sigh. I have asked a colleague about this, in the mean time hang in there, or feel free to post in the software forum about this too.

ksnow · Oct 6, 2011

Hi again,

We just looked at our add/remove programs option and found a copy of Netscape which we were not aware of. When we tried to remove it we got an error message "Spywatch Installer has encountered a problem and needs to close." and then the Netscape appears to have been removed.

Is this something significant?

Thanks again,

Katrina

Kestrel13! · Oct 6, 2011

"Spywatch Installer has encountered a problem and needs to close." and then the Netscape appears to have been removed.

Is this something significant?
Click to expand...

Spywatch Installer is nothing malicious. It's related to Netscape. It's in built adware/spyware protection.

ksnow · Oct 6, 2011

When I look online, it suggests that some spyware use Spywatch Installer to disguise itself. Now that we have removed Netscape, I still find it in my system (on search) in multiple places. Is this a problem? How can I get rid of it?

Thanks again,

Katrina

Kestrel13! · Oct 6, 2011

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind
Spywatch Installer
:folderfind
Spywatch Installer
:regfind
Spywatch Installer
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

thisisu · Oct 6, 2011

After you do what Kestrel13! has asked. Can you answer what this software is in Add/Remove programs? StreetSmart Edge
Is this something you or your sister use? I think it may be the cause of your problems. See below:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5646676A-5A97-4B66-BE71-1B1770AD982B}]
"ModifyPath"="\"C:\\Program Files\\InstallShield Installation Information\\{5646676A-5A97-4B66-BE71-1B1770AD982B}\\setup.exe\" -runfromtemp -l0x0409 "
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"UninstallString"="\"C:\\Program Files\\InstallShield Installation Information\\{5646676A-5A97-4B66-BE71-1B1770AD982B}\\setup.exe\" -runfromtemp -l0x0409 -removeonly"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{5646676A-5A97-4B66-BE71-1B1770AD982B}\\setup.ilg"
"InstallLocation"="C:\\Program Files\\Schwab\\StreetSmart Edge"
"ProductGuid"="{5646676A-5A97-4B66-BE71-1B1770AD982B}"
"InstallSource"="C:\\Documents and Settings\\Marcia\\Local Settings\\Temporary Internet Files\\Content.IE5\\DPCLY01U\\streetsmartedge[1].exe"
"DisplayName"="StreetSmart Edge"
"Publisher"="Schwab"
"URLInfoAbout"="http://www.Schwab.com"
"RegOwner"="Marcia"
"DisplayIcon"="C:\\Program Files\\Schwab\\StreetSmart Edge\\sse.ico"
"InstallDate"="20110405"
"Language"=dword:00000409
"DisplayVersion"="1.4.6.0"
"Version"=dword:01040006
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000004
"LogMode"=dword:00000001
Click to expand...

I bet if you were to uninstall it (if you don't use it / want it), your problems with IE may go away. Let us know.

ksnow · Oct 6, 2011

Hi again,

More probems: We are unable to download the SystemLook program from either site. The security bar comes up and when we click on download, nothing further happens and we are left with a blank page which says done and nothing is on the desktop and search of the computer does not find the file. We have tried it on both the affected computer and a second computer without success. We went to another post where the program was recommended and the same thing happened.

We have deleted StreetSmart Edge, an investing platform for Schwab. This did not change anything.

Thank you very much,

Katrina

ksnow · Oct 6, 2011

What do you think about the fact that this problem with IE8 does not happen in safe mode?

ksnow · Oct 6, 2011

Is there a way to get the system restore to work?

ksnow · Oct 7, 2011

Hi again,

We are going to sign off for tonight. We have downloaded to our desktop both IE7 and IE8 for Winows XP. Tomorrow we are going to try deleting the installed IE8 and then check to see if the restore function works without that program. Then we are going to try installing IE7 and check for the error and restore problems.

This will be a version of your suggestion that we try IE9.

THEN.... We are going to send you a message with the results!!

Wish us luck ... Bye until tomorrow,

and Thanks very very much for you efforts on our behalf.

Katrina

ksnow · Oct 7, 2011

One more thing...

I struggled to get you a copy of the search results for SpyWatch. It was too large, but I figured out a way to get it to jpg. I hope it opens for you.

Katrina

ksnow · Oct 7, 2011

Good morning you wonderfully patient geeks!

Here's the update:

We uninstalled IE8
After uninstall, System restore still will not restore even a recent restore point (10/4).

Rebooted

Disabled "anitware" programs

Installed IE7

Home page comes with same error.

Reset home page unsuccessful. Goes to the same page as in my original post.

I understand that you are concerned about a software problem, but I am not sure what software?

Thanks for your help,

A disappointed Katrina

TimW · Oct 7, 2011

Since you don't have this issue in safe mode, go to start / run and type:
msconfig
Once the panel opens, go to services, check the box to hide all MS services and then disable the rest. Then click on the startup tab and disable all of that. Reboot and tell me if you can now change the homepage.

ksnow · Oct 7, 2011

Hi -- IT WORKED!!

When we booted in told us that it is in diagnostic mode..... We checked box "Do not show sytem config utility" and clicked OK.

This process turned off SAS and Malwarebytes but not Norton.

What next?

Thanks,

Katrina

TimW · Oct 7, 2011

Let me be clear, you can now change your homepage? If that is the case, go back into msconfig, startup, and re-enable two items at a time. You need to reboot after each change. This is a process of elimination to find out which program is causing the issue.

ksnow · Oct 7, 2011

Great! We are doing the elimination. More later.

Katrina

IE8 refuses to change bad homepage on startup and unable to restore system

ksnow Private E-2

Attached Files:

ksnow Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

ksnow Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

thisisu Malware Consultant

ksnow Private E-2

ksnow Private E-2

ksnow Private E-2

ksnow Private E-2

ksnow Private E-2

Attached Files:

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ksnow Private E-2

Useful Searches