IE7 problems

When I open up IE7, I now get directed to MSN. When I try changing my homepage to yahoo, it goes back to MSN.
I tried using firefox and I didn't have any trouble changing my home page to what ever I wanted.
I ran all the stuff in Read & Run me with the following exceptions. I couldn't get counter spy to run in safe mode. I also couldn't run panda active scan. When I tried I got this message: "C:\windows\system32\cmd.exe"
"C:\windows\system32\autoexec.nt"
"The system file is not suitable for running ms-dos and micorsoft windows applicatons".

I will attach the requested logs.

Thanks in advance for your help.

 

Here are the rest of the logs you requested.

 

I did everything you told me to do.
I thought I had AVG fix what it found.
I couldn't run Shownew for some reason. Kept getting an error message saying "C:\windows\system32\cmd.exe"
C:\windows\system32\autoexec.nt. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose close to terminate the application.

Worse, I still have the same problem. I can't get away from MSN.

Do you have any ideas of what to try next?

Also, many thanks for your help.

 

Hi Wayne45!
This is the information from your original thread, which I'm posting here so I can remember what we've discussed so far.

 

Hi wayne!

The first and simplest solution for a problem which comes up suddenly is to go back to a restore point which directly precedes the problem. Since this problem didn't start too long ago, it may be possible for you to go back to a restore point from just before you started having these problems. The Browser Helper Object which TimW asked you to remove is from Adware called WinGames. It might be behind your problems and the easiest way to fix it would be to reset your registry back to a point from before it was installed. Please try this.

If you've never done this, please go to Start / All Programs / Accessories / System Tools / System Restore. When you click on System Restore, a wizard will open up. Choose to reset your restore point to an earlier time and click on next. This will give you a calendar where you can look for dates in bold print. Those in bold print have an active restore point and you should be able to click on one of those and continue through the rest of the wizard. You will not lose your data. You will lose any programs you've installed and you would have to reinstall them (except for whatever is causing the problem).

Please try this before we do anything further as it could save a lot of time and effort.

abri

 

I tried several different times to restore my computer. Everytime I tried, I got a message saying it couldn't restore my computer and to pick a different time.

 

Hi wayne!

It's possible this problem started with the loading of WinGames.

1) You're getting the same error message for both Panda and ShowNew, yet you're able to run the other scans. Please go to Start / Run and type in sfc /scannow and allow it to run. Then try running Shownew again. If this doesn't help, please try running ShowNew in safe mode with the internet disconnected and with both Symantec and Windows Defender disabled. If you have any questions, just ask.

And now, please do the following:

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

3) Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

4) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

5) Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

6) Please post the following logs:

- newfiles.txt (from ShowNew - please let me know if it doesn't work in safe mode either)
- runkeys.txt (from GetRunKeys)
- hijackthis.log (from running analyse.exe)

abri

 

I seem to be in good shape. I did as you explained however, I had the following problems:
-tried to run sfc/scannow..........said it couldn't find it
-tried to run shownew.........wouldn't run

Will attach hjt this log and runkeys.

Thanks a million.

 

Hi wayne!
See if you can install the MGTools file according to these instructions:

USING MG TOOLS

Look for the instructions for your operating system. Downloading them will install a program called MGTools.exe. When you run this program it will produce a log called MGTools.zip, which should contain the ShowNew scan. One other person who was unable to run ShowNew was success by running it this way. If that works, please post the zip file to us.

abri

 

I had success with running MGtools. I have attached the zip file.

 

Hi wayne45,
You mentioned before running the last set of tools that you seem to be in good shape. Does this mean you are able to reset your IE start page yet?
abri

 

It seems I was a bit premature on my annoucement of being in good shape. I'm still at my original problem.

 

Hi Wayne,
Please remove all the old versions of Java from add/remove programs:

You already have the current version, so you don't need to install anything.

Chaslang suggested that Symantec might be blocking your browswer from changing to another start page. This would make sense if the problem started right after you installed Symantec and if this occurred about a week ago. Since I have the same problem with IE and I don't have Symantec, I can't verify this being the source of the problem. I wonder if posting this problem in the Software Forum might give you a wider range of people to talk to and possibly find someone else who has seen this problem and knows how to resolve it. For a temporary solution, I recommend using Firefox or Opera.

abri

 

I removed the old java runtime's that you mentioned.
I want to thank you for all your time in trying to fix this problem.
I will try my luck with the software people .:confused

 

Thanks Wayne!
I would be grateful if you could post back to us if you find out what is causing this. From the information in your log it seems to have started about the same time something called WinGames was put into your computer. This was the item TimW had you fix in post #3. It's related to a piece of malware called FunWeb Products. Are you able to run any of the online scans like Kaspersky? Please try that and see if it finds anything. The scan for that is at this address and you have to use IE for it to function:
http://www.kaspersky.com/virusscanner It requires Active X so the Active X has to be enabled. I would be interested if you are able to run this since Panda didn't work.
abri

 

Tim,
I went back and redid the steps in R&R me first.
When I ran spybot it found something called microsoft.windowssecuritycenter.antivirus disabled.
I also reran AVG, it asked to delete what it found and I did.
I did do the HJT fixes in the prior post.
I have attached the new logs.

I'm trying my best to follow your instructions. I don't want to waste your time. Thanks for your help.

 

and the last two

 

Hi wayne!
Some of these instructions are from earlier posts. If you aren't sure how to do them, please refer to the READ & RUN ME FIRST which either has or will link you to the proper instructions for each thing.


1) Please go to add/remove programs and uninstall:

- J2SE Runtime Environment 5.0 Update 10
- J2SE Runtime Environment 5.0 Update 2



If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking fix, exit HJT.


Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

After you have completed ALL of the above in the correct order, please attach the following logs.

• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

Abri,
I removed the runtime enviroment 5.0 update 10 and runtime enviroment 5.0 update 2.
I removed windows messenger.
I ran hjt and checked the 3 items you specified. I told it to fix checked items.
I ran the ATF cleaner.

Lastly, I have attached the 3 logs you requested.

 

I ran the fixme registry fix as instructed.
Attached is the new HJT log.

 

I did what you instructed, unistalled the stuff I used to try and fix this problem. I also flushed the restore points.

However, I still have the orginal problem. When I try to change the homepage it has this as the setting:
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
How do I get rid of that or change it?

 

I did try changing it. Same thing again.
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome

 

Chaslang might be right about Norton's interfering with changing the homepage. Click the link below and see if it applies to your Norton product and settings.

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2006062612201506

Steve

 

In norton, under homepage protection, I unchecked "block all attempts to change my homepage".

That has fixed the problem.

Question: Does this leave me open to getting a virus that will redirect my homepage?

Thanks for all the help.

 

Not really however it's good to have an antispy program installed for such protection. I see you have AVG Anti-Spyware installed, if this was installed during the READ ME then it's only a trial and will expire 30 days after installed.

If you purchase AVG Anti-Spyware then that will work just fine.

For a list of free programs, please see the below thread.

How to Protect yourself from malware!

 

Thank you all for you help. I can't thank you enough!
I have been reading the "how to protect yourself from malware" .
I have learned quite a few things.
Again many thanks to all involved with helping me.

 

Your Welcome!

Surf Safely!:major