pointybum
asked on
IE6 keeps jumping to MSN.COM behaving like a spyware hijack.
Hello Techs,
I have a problem with internet explorer (IE6 with xp pro & sp2) where it keeps reverting to msn.com despite going into internet options and then use current, or blank for that matter. I’ve never had this problem before, especially straight after a fresh OS rebuild where browsing the net was strictly limited to trusted sights to obtain drivers, etc.
The symptom arose more or less immediately when I’d finished patching and then went about the paces of data migration, so no action other than rebuilding has forced this problem to appear. The OS installation had sp2 as part of the installation rather than as a separate addition.
To accompany the OS I immediately installed, after the patching, the free Zonealarm as firewall, Windows Defender beta and Lavasoft Adware Personal as anti-spyware, and then Avast anti-virus. I have tried the best breed spyware and anti-virus detection software - Spybot, CWshredder, Spydoctor, webspy, etc; all revealing nothing suspicious.
I have spent considerable time reading the existing postings, applied the advice given – ran sfc scannow, ran the ie.inf install, but still the browser points to msn.com. I have never seen anything like it.
I have also installed firefox as a secondary browser, with IE being the default browser, could this be the culprit?
Would downloading and re-installing sp2 solve the problem or make it worse, or do nothing?
Your contributions are (obviously) welcomed as it is rather urgent as I have spent nearly 2 days building this thing - its a raid 0 (stripe) setup , Dell 9150 intel on board raid controller, and am not in the slightest bit interested in starting again, but at the same time want this build to be as best as it will ever be....
I am quite experienced, been in the IT support industry for nearly 20 years and this is a real first for me to throw my hands up and ask for help.
I will publish hijack-this dump some point in the next 24 hours but would entertain contributions in the meantime.
Regards
Gordon.
I have a problem with internet explorer (IE6 with xp pro & sp2) where it keeps reverting to msn.com despite going into internet options and then use current, or blank for that matter. I’ve never had this problem before, especially straight after a fresh OS rebuild where browsing the net was strictly limited to trusted sights to obtain drivers, etc.
The symptom arose more or less immediately when I’d finished patching and then went about the paces of data migration, so no action other than rebuilding has forced this problem to appear. The OS installation had sp2 as part of the installation rather than as a separate addition.
To accompany the OS I immediately installed, after the patching, the free Zonealarm as firewall, Windows Defender beta and Lavasoft Adware Personal as anti-spyware, and then Avast anti-virus. I have tried the best breed spyware and anti-virus detection software - Spybot, CWshredder, Spydoctor, webspy, etc; all revealing nothing suspicious.
I have spent considerable time reading the existing postings, applied the advice given – ran sfc scannow, ran the ie.inf install, but still the browser points to msn.com. I have never seen anything like it.
I have also installed firefox as a secondary browser, with IE being the default browser, could this be the culprit?
Would downloading and re-installing sp2 solve the problem or make it worse, or do nothing?
Your contributions are (obviously) welcomed as it is rather urgent as I have spent nearly 2 days building this thing - its a raid 0 (stripe) setup , Dell 9150 intel on board raid controller, and am not in the slightest bit interested in starting again, but at the same time want this build to be as best as it will ever be....
I am quite experienced, been in the IT support industry for nearly 20 years and this is a real first for me to throw my hands up and ask for help.
I will publish hijack-this dump some point in the next 24 hours but would entertain contributions in the meantime.
Regards
Gordon.
Greetings, pointybum !
It could be an OEM issue where the computer reverts the the original home page. Run this script to disable the behavior
http://www.dougknox.com/security/scripts_desc/nosethomepage.htm
Best wishes!
It could be an OEM issue where the computer reverts the the original home page. Run this script to disable the behavior
http://www.dougknox.com/security/scripts_desc/nosethomepage.htm
Best wishes!
ASKER
Eternal student, I normally use windows defender for everyday protection and scanning and lavasoft personal edition for alternative scanning. I had extended my search for the 'bad apple' thats causing the problem by installing all the other best breed spyware/adware scanning software but to no avail.
War1, I ran the script and indeed it greyed out the url box where you would have you home page in the internet options box so now I cannot have a home page, so now a new problem and the existing persists where clicking the internet explorer still launches MSN.COM.
So, I am now one step backwards! Can the action you offered be reversed?
War1, I ran the script and indeed it greyed out the url box where you would have you home page in the internet options box so now I cannot have a home page, so now a new problem and the existing persists where clicking the internet explorer still launches MSN.COM.
So, I am now one step backwards! Can the action you offered be reversed?
>> Can the action you offered be reversed?
Yes, you can run the script again.
Windows Defender will reset your homepage to msn.com. Choose Advanced Tools–>Browser Hijack Restore, and highlight Start Page. Click “Change restore settings to a new URL,” type in your normal home page, then click OK. From now on, when Microsoft blocks a home page hijacking, it will let you keep your own home page, and won’t do a hijacking on its own.
After a major Windows Update, Microsoft will reset your homepage to msn.com
Yes, you can run the script again.
Windows Defender will reset your homepage to msn.com. Choose Advanced Tools–>Browser Hijack Restore, and highlight Start Page. Click “Change restore settings to a new URL,” type in your normal home page, then click OK. From now on, when Microsoft blocks a home page hijacking, it will let you keep your own home page, and won’t do a hijacking on its own.
After a major Windows Update, Microsoft will reset your homepage to msn.com
Have you tried these?
Click Start > Run > type in
regedit
press Enter and navigate to this subkey and change your start page:(example is yahoo.com mail)
HKEY_CURRENT_USER\Software
"Start Page"="http://mail.yahoo.com/"
If your homepage is lock you can unlock it with Kelly's Unlock homepage.reg:
http://www.kellys-korner-xp.com/regs_edits/HomePageUnlock.reg
Click Start > Run > type in
regedit
press Enter and navigate to this subkey and change your start page:(example is yahoo.com mail)
HKEY_CURRENT_USER\Software
"Start Page"="http://mail.yahoo.com/"
If your homepage is lock you can unlock it with Kelly's Unlock homepage.reg:
http://www.kellys-korner-xp.com/regs_edits/HomePageUnlock.reg
ASKER
Gee', this situation is becoming interesting but frustrating at the same time and a unique experience.
War1, I ran the script again and it reversed the action which is good but cannot figure out this bit -
"Choose Advanced Tools–>Browser Hijack Restore, and highlight Start Page. Click “Change restore settings to a new URL,” type in your normal home page, then click OK. From now on, when Microsoft blocks a home page hijacking, it will let you keep your own home page, and won’t do a hijacking on its own."
Which advanced tools do you mean?
Rpggamergirl, I actually ran that line the other day after reading some of the other tips before writing here and I got the big red 'X' Cannot edit Start Page: Error writing the value's new contents. I ran it again just to make sure and the same message appeared.
Here is a log of hijack this....
Logfile of HijackThis v1.99.1
Scan saved at 20:48:43, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\ZoneLa
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\Program Files\Alwil Software\Avast4\aswUpdSv.e
C:\Program Files\Alwil Software\Avast4\ashServ.ex
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Executive Software\Diskeeper\DkServi
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\system32\svchos
C:\Program Files\Alwil Software\Avast4\ashMaiSv.e
C:\Program Files\Alwil Software\Avast4\ashWebSv.e
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\j2re1.4.2_03\bi
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\PROGRA~1\ALWILS~1\Avast
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\SYSTEM32\CTXFIS
C:\Program Files\Globe Software\StatBar\StatBar.e
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\EPMon\epmon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\e
C:\Program Files\WallpaperToy\Wallpap
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\e
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gordon & Renny\Desktop\hijackthis\H
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.e
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [EPMon] C:\Program Files\EPMon\epmon.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpap
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\e
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhan
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-5
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJEC
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.e
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.ex
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.e
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.e
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkServi
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLa
Rgs
Gordon.
>> Which advanced tools do you mean?
It is the Advanced Tools in Windows Defender.
It is the Advanced Tools in Windows Defender.
You have the MSN Toolbar Search. If you did not install it, uninstall from Add/Remove Programs.
ASKER
Hello War,
Yes, I did install it - I use it for indexing my hard drive - do you think that piece of software has any relation to the problem I am currently experiencing?
I decided to go into the registry again, but in safe mode, and had successfully removed the the start page from hkey_current_user, software, microsoft, internet explorer, main, as advised in one of your previous postings elsewhere in the Browser section. This worked, it deleted so I rebooted and checked to see if explorer defaults to MSN.COM, and guess what, it still does!
So, went back into regedit and navigated but this time to hkey_local_machine, software, microsoft, internet explorer, main, and I see the start page line, defaulting to http://www.microsoft.com/isapi/redir.dll?prd={SUB_PR...
Any thoughts?
Rgs
G.
Yes, I did install it - I use it for indexing my hard drive - do you think that piece of software has any relation to the problem I am currently experiencing?
I decided to go into the registry again, but in safe mode, and had successfully removed the the start page from hkey_current_user, software, microsoft, internet explorer, main, as advised in one of your previous postings elsewhere in the Browser section. This worked, it deleted so I rebooted and checked to see if explorer defaults to MSN.COM, and guess what, it still does!
So, went back into regedit and navigated but this time to hkey_local_machine, software, microsoft, internet explorer, main, and I see the start page line, defaulting to http://www.microsoft.com/isapi/redir.dll?prd={SUB_PR...
Any thoughts?
Rgs
G.
ASKER
One more thing, I've temporarily removed windows defender just so as to eliminate any possibilities that it might be the cause.... I will leave it off, as will all spyware products, until as such I get a resolution.
ASKER
Also, I went to Yahoo's UK home page and selected make yahoo my home page to see what would happen (hoping the web script would be aggresive enough to over-ride the msn defaults) and all I got was a relentlessly spinning hour glass, but in task manager is still shows as running so something is obviously blocking the change request.....
Keep Avast active, it does nothing to your homepage. Defender will prevent you from changing it. Did you remove it from startup or uninstall it. Uninstall should be the correct answer for now.
http://www.hijackthis.de/logfiles/b59cb1a991f5b6f62b6b25871fb816ea.html is the analysis of the Hijack this log.
What is that epMon.exe? Looks like it should be uninstalled.
As War1 suggests, uninstall MSN Toolbar also.
StatBar is also questionable to me.
http://www.hijackthis.de/logfiles/b59cb1a991f5b6f62b6b25871fb816ea.html is the analysis of the Hijack this log.
What is that epMon.exe? Looks like it should be uninstalled.
As War1 suggests, uninstall MSN Toolbar also.
StatBar is also questionable to me.
ASKER
Ok, epmon is a cpu utilisation program I have been using for over a year with no issues - installed on over a 100 computers, as with Statbar which is a similar product which sits above the taskbar giving cpu utilisation readout, memory usage, and network traffic, etc.
I have uninstalled windows defender using add/remove, not just removed it from startup.
Like I said at the beginning of my posting the MSN.COM default happened before installing the above software so I feel they are unrelated but will remove out of curiosity and report back.
Would re-installing service pack2 wipe all existing settings and perhaps cure the problem, or would that just make things worse, or make no difference.
Rgs
G.
Thanks for the info.
Shouldn't need to reinstall SP2 at this point in time unless you have uninstalled it. Have you run a Win Update lately?
Have you tried uninstalling the MSN Toolbar? And rebooting?
Shouldn't need to reinstall SP2 at this point in time unless you have uninstalled it. Have you run a Win Update lately?
Have you tried uninstalling the MSN Toolbar? And rebooting?
ASKER
Hello Mtz1of4,
I havent as of yet uninstalled msn seach tool bar yet (presently at work and pc is at home) but will do shortly.
And yes, I had patched everything up prior to realising the msn default problem, and then yesterday there were 7 or 8 updates and I allowed those to download and install too.
Can I ask your thoughts on re-applying sp2 - what are the ramifications should i re-install sp2 - would it make any difference, and if I were to reinstall sp2 would i need to remove the current sp2 first....
Rgs
G.
I havent as of yet uninstalled msn seach tool bar yet (presently at work and pc is at home) but will do shortly.
And yes, I had patched everything up prior to realising the msn default problem, and then yesterday there were 7 or 8 updates and I allowed those to download and install too.
Can I ask your thoughts on re-applying sp2 - what are the ramifications should i re-install sp2 - would it make any difference, and if I were to reinstall sp2 would i need to remove the current sp2 first....
Rgs
G.
I don't believe you can uninstall SP2 if it was part of the original install. I have never found a reason to uninstall SP2 and have never actually done that so I can't say how it will affect your machine. I guess you could try to re-apply it or you could try running the system file checker.
http://support.microsoft.com/?kbid=310747
http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html
Although the more I look around on this, the more I'm thinking the msn search bar is the culprit.
Spysweeper will lock your home page, Spybot can lock your home page, Defender can lock your home page.
Looking through your Hikack This log again, why do I not see any R0 headings? http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
You may need to restart the machine and run another HijackThis and post your Log to this page and then select Save Analysis and then paste the link in your reply.
http://www.hijackthis.de/index.php
Also, do a search for your IERESET.INF and see what it says.
http://support.microsoft.com/?kbid=310747
http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html
Although the more I look around on this, the more I'm thinking the msn search bar is the culprit.
Spysweeper will lock your home page, Spybot can lock your home page, Defender can lock your home page.
Looking through your Hikack This log again, why do I not see any R0 headings? http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
You may need to restart the machine and run another HijackThis and post your Log to this page and then select Save Analysis and then paste the link in your reply.
http://www.hijackthis.de/index.php
Also, do a search for your IERESET.INF and see what it says.
ASKER
Hello Mtz,
I have removed msn search desktop, rebooted and it still does it.
I ran hijack, posted the results and everything is graded safe with the exception of epmon and statbar which I have explained before as being unrelated and harmless.
With reference to the RO headings and their absence I cannot offer a response to that as I am not technical enough. If they're missing then would that be the reason for my issues, and if so, is there a remedy?
I did the IREREST.INF search amd found two files - 1 is called layout, stored in c:\windows\inf\ and the other is called setup, stored in c:\windows\repair\
I also did sfc /scannow, rebooted and still no joy.
Arrrghh...!
I have removed msn search desktop, rebooted and it still does it.
I ran hijack, posted the results and everything is graded safe with the exception of epmon and statbar which I have explained before as being unrelated and harmless.
With reference to the RO headings and their absence I cannot offer a response to that as I am not technical enough. If they're missing then would that be the reason for my issues, and if so, is there a remedy?
I did the IREREST.INF search amd found two files - 1 is called layout, stored in c:\windows\inf\ and the other is called setup, stored in c:\windows\repair\
I also did sfc /scannow, rebooted and still no joy.
Arrrghh...!
MY IERESET.INF is located in the C:\WINDOWS\inf folder and contains this when I open it in Notepad.
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.5,"You need a new version of advpack.dll"
[RestoreHomePage]
AddReg=RestoreHomePage.reg
[RestoreBrowserSettings]
AddReg=RestoreBrowserSetti
DelReg=DeleteTemplates.reg
[RestoreHomePage.reg]
HKCU,"Software\Microsoft\I
[RestoreBrowserSettings.re
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKCU,"Software\Microsoft\I
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\W
[DeleteTemplates.reg]
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\I
[Strings]
START_PAGE_URL=http://www.emachines.com
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
SAFESITE_VALUE="ie.search.
; IMPORTANT NOTE:
; IE branding dll (iedkcs32.dll) uses the following entries to restore the default MS values.
; In the vanilla version of IE, the values must be the same as their corresponding non MS_* values.
; For example, START_PAGE_URL and MS_START_PAGE_URL must have the same URL in the IE version released by MS.
MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
Does yours reference MSN.com? How does yours compare to mine?
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.5,"You need a new version of advpack.dll"
[RestoreHomePage]
AddReg=RestoreHomePage.reg
[RestoreBrowserSettings]
AddReg=RestoreBrowserSetti
DelReg=DeleteTemplates.reg
[RestoreHomePage.reg]
HKCU,"Software\Microsoft\I
[RestoreBrowserSettings.re
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKCU,"Software\Microsoft\I
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\W
[DeleteTemplates.reg]
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
HKLM,"Software\Microsoft\I
[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\I
[Strings]
START_PAGE_URL=http://www.emachines.com
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
SAFESITE_VALUE="ie.search.
; IMPORTANT NOTE:
; IE branding dll (iedkcs32.dll) uses the following entries to restore the default MS values.
; In the vanilla version of IE, the values must be the same as their corresponding non MS_* values.
; For example, START_PAGE_URL and MS_START_PAGE_URL must have the same URL in the IE version released by MS.
MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
Does yours reference MSN.com? How does yours compare to mine?
ASKER
Hi Mtz,
There were other symptoms with explorer that concerned me too, that typing a new url into the explorer window and clicking to launch would sometimes take ages, like half a minute before jumping to experts exchange for example, and yet, if I clicked explorer to launch a new window, or go into firefox and fire up google, the pages launch instantly so something is definately not right and wasnt prepared to live with such an anomaly despite the great advice/fixes given.
So, with that said, I decided to flatten the pc and rebuild it and it wasnt a decision taken lightly as it does take some 8 hours to reformat the drives under raid 0 stripe configuration and then some more hours configuring to my requirements.
I am going to use my original xp pro sp2 than my back-up copy to ensure the installation is sound.
When back up and running, probably in the next 7/8 hours, I will report back with an update and award points for helping out.
Rgs
Gord.
There were other symptoms with explorer that concerned me too, that typing a new url into the explorer window and clicking to launch would sometimes take ages, like half a minute before jumping to experts exchange for example, and yet, if I clicked explorer to launch a new window, or go into firefox and fire up google, the pages launch instantly so something is definately not right and wasnt prepared to live with such an anomaly despite the great advice/fixes given.
So, with that said, I decided to flatten the pc and rebuild it and it wasnt a decision taken lightly as it does take some 8 hours to reformat the drives under raid 0 stripe configuration and then some more hours configuring to my requirements.
I am going to use my original xp pro sp2 than my back-up copy to ensure the installation is sound.
When back up and running, probably in the next 7/8 hours, I will report back with an update and award points for helping out.
Rgs
Gord.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Mtz and War,
Well, I have rebuilt my pc and everything is fabalousy perfect.
There must have been a dirty file somewhere in the MFT as I did harbour a suspicion to windows defender and/or msn search desktop hijacking explorer but couldnt totally agree with your thought processes as I've never experienced such an anomaly before, and that I do test new product releases aggresively for a few months on work computers before applying to my own homel computer.
So,its got to be a dirty file, akin to the infamous semi colon bug found on the stealth bomber so it no longer belly flops the tarmac just after take off... :)
Awards time - I would like to split between you to chaps as you've have both been helpful... How do I do it??
Well, I have rebuilt my pc and everything is fabalousy perfect.
There must have been a dirty file somewhere in the MFT as I did harbour a suspicion to windows defender and/or msn search desktop hijacking explorer but couldnt totally agree with your thought processes as I've never experienced such an anomaly before, and that I do test new product releases aggresively for a few months on work computers before applying to my own homel computer.
So,its got to be a dirty file, akin to the infamous semi colon bug found on the stealth bomber so it no longer belly flops the tarmac just after take off... :)
Awards time - I would like to split between you to chaps as you've have both been helpful... How do I do it??
ASKER
Ah, just figured it out...
Thanks Gordon,
Glad it's all working fine for you now.
Glad it's all working fine for you now.
Because many of them will actually lock IE from changing homepage.