Jump to content


Photo

about:blank comes back after reboot


  • Please log in to reply
11 replies to this topic

#1 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 June 2004 - 01:46 PM

My browser was continuously hijacked to about:blank which displayed some search page with popups. Through spybot, adaware, and hijack this I have cleaned it up. However when I reboot and login to my XP system, the Resident SPYBOT detector pops up 6 times fixing browser changes which must have happened before Resident SPYBOT could stop it. Note, Resident SPYBOT is FIXING problems which snuck in during reboot. I allow each of the changes and all is fine. I want to remove the lurking offender.

I uploaded screen captures of the spybot popups to:
http://www.gis.net/~...sell/spybotmsgs

Here is my hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 2:06:01 PM, on 6/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Tatara Systems\Service Manager\tscui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg2.EXE
C:\spyware\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F023FFF-B052-489C-A6B4-3D8DECBFCAD6} - C:\Program Files\Tatara Systems\Service Manager\BlockHTTP.dll
O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TataraSM] "C:\Program Files\Tatara Systems\Service Manager\tscui.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WAB501 Configuration Utility.lnk = C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM (HKLM)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 09:46 AM

BUMP :wtf:
And here is my startuplist.txt from HiJack This
http://www.gis.net/~...startuplist.txt
I am really interested in combatting this spyware stuff and might join your boot camp IF someone would kindly help me with my problem!!!

#3 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 01:47 PM

Can you .... Please download "FINDnFIX.exe". Run the "!LOG!.bat" file and post the results into this message for further review.

#4 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 02:03 PM

Thank you PHPhantom, I knew I'd get your attention with that "Really Smart" remark ;) (I meant what I said about boot camp too!)

Here's the FINDnFIX log:


Microsoft Windows XP [Version 5.1.2600]
The type of the file system is FAT32.
C: is not dirty.

Fri 06/25/2004
2:54pm up 0 days, 0:27
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

╗╗Locked or 'Suspect' file(s) found...


C:\WINDOWS\System32\D3DIOF.DLL +++ File read error
\\?\C:\WINDOWS\System32\D3DIOF.DLL +++ File read error
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
╗╗╗Special 'locked' files scan in 'System32'........
**File C:\FINDnFIX\LIST.TXT
D3DIOF.DLL Can't Open!

****Filtering files in System32... (-h -s -r...) ***
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

C:\WINDOWS\SYSTEM32\
d3diof.dll Tue Jun 8 2004 4:34:58p ....R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

No matches found.

Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\D3DIOF.DLL
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM


╗╗Member of...: (Admin logon required!)
User is a member of group BOWWOW\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.

╗╗Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
*** unknown file or directory "C:\junkxxx"


╗╗╗╗╗╗Backups created...╗╗╗╗╗╗
2:57pm up 0 days, 0:30
Fri 06/25/2004

A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 8,192 06-25-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 06-25-2004 winkey.reg

╗╗Performing 16bit string scan....

---------- WIN.TXT
f¨AppInit_DLLsÍ?ŠGŞ   C
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Windows
AppInit
UDeviceNotSelectedTimeout
zGDIProcessHandleQuota"
Spooler2
=pswapdisk
TransmissionRetryTimeout
USERProcessHandleQuotaH

**File C:\FINDnFIX\WIN.TXT
        ě   vk > ě   f¨AppInit_DLLsÍ?ŠGŞ   C : \ W I N D O W S \ S y s t e m 3 2 \ d 3 d i o f . d l l  ░ đ   vk  X   └UDeviceNotSelectedTimeout­   1 5  ě(═W­   9 0  ! đ   vk  Ç'   zGDIProcessHandleQuota"■Ó   vk  ╚   ░║Spooler2­   y e s └  ░ ( x Ę ­ Ó   vk  Ç   =pswapdiskđ   vk  h   R┐TransmissionRetryTimeoutÓ   ░ ( x Ę ­  ` đ   vk  Ç'   0 USERProcessHandleQuotaH p


#5 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 02:53 PM

This will take couple or more steps to fix. Be sure to Follow the next set of steps carefully, in the exact order specified:
  • Open the "FINDnFIX\Keys1" Subfolder!
  • Locate the "MOVEit.bat" file, Right-Click on it and select => "edit". The file will open as empty text file.
  • Copy and paste the entire highlighted line in the following quote box
    (all one line) into that blank 'MOVEit' file:

    move C:\WINDOWS\System32\D3DIOF.DLL c:\junkxxx\D3DIOF.DLL

  • Save the file and close.
  • Get ready to restart your computer.
  • In the same folder, DoubleClick on the "FIX.bat" file.
  • You will be prompted by popup Alert to restart in 15 seconds.
  • Allow it to restart the computer!
  • On restart, Navigate to: C:\FINDnFIX\ main folder:
  • DoubleClick on the "RESTORE.bat" file.
  • It'll run and produce new log. (log1.txt) post it here!


#6 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 03:14 PM

Two comments:
1. Out of curiosity, before your post I looked in windows/system32 and D3DIOF.DLL was not there (even though I have "show hidden files").

2. For other reasons I had to boot my PC before your post.

When you posted I followed explicitly and restore.bat did find and move D3DIOF.DLL to junkxxx.


Here is the log1.txt:


Fri 06/25/2004
4:07pm up 0 days, 0:03

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is FAT32.
C: is not dirty.

*Locked files...
* result\\?\C:\junkxxx\D3DIOF.DLL

╗╗╗Filtering files in System32.......( 'R;H;S') ╗╗╗
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

No matches found.

No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

C:\JUNKXXX\
d3diof.dll Tue Jun 8 2004 4:34:58p A...R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\JUNKXXX\D3DIOF.DLL


Search text: ŢSTREAMINGDEVICESETUP2Ů «CASE Insensitive Match
Searching ==>C:\JUNKXXX\D3DIOF.DLL
Run Time(sec) 0
**File C:\JUNKXXX\D3DIOF.DLL
0000DEBE: 67 44 65 76 69 63 65 00 . 00 53 74 72 65 61 6D 69 gDevice. .Streami
0000DED3: 63 65 53 65 74 75 70 00 . 32 00 00 00 00 00 E0 01 ceSetup. 2.....Ó.

move c:\windows\System32\D3DIOF.DLL c:\junkxxx\D3DIOF.DLL


-ra-- W32i - - - - 57,344 06-08-2004 d3diof.dll
A R C:\junkxxx\D3DIOF.DLL
File: <C:\junkxxx\D3DIOF.DLL>

CRC-32 : D5C9FB2E

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249




╗╗Permissions:
The Cacls command can be run only on disk drives that use the NTFS file system.Directory "C:\junkxxx\."
Permissions:
NA

Auditing:
NA

Owner: \Everyone

Primary Group: \Everyone

Directory "C:\junkxxx\.."
Permissions:
NA

Auditing:
NA

Owner: \Everyone

Primary Group: \Everyone

File "C:\junkxxx\D3DIOF.DLL"
Permissions:
NA

Auditing:
NA

Owner: \Everyone

Primary Group: \Everyone


╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM



---------- WIN.TXT
f¨AppInit_DLLsÍ?ŠGŞ   C

---------- NEWWIN.TXT
TAppInit_DLLs
sQŞ
**File C:\FINDnFIX\NEWWIN.TXT
       
**File C:\FINDnFIX\NEWWIN.TXT
00001338: 01 00 00 00 01 00 0F 54 . 5F 44 4C 4C 73 0D 73 12 .......T _DLLs.s.
**File C:\FINDnFIX\NEWWIN.TXT
        đ   vk  Ó   └UDeviceNotSelectedTimeout­   1 5  ě(═W ░ đ   vk  Ç'   zGDIProcessHandleQuota"■­   9 0  ! Ó   vk  X   ░║Spooler2­   y e s └ Ó   vk  Ç   =pswapdisk ░ ° 8 h á đ   vk  (   R┐TransmissionRetryTimeoutđ   vk  Ç'   0 USERProcessHandleQuotaH Ó   ░ ° 8 h á đ  ě   vk  Ç   TAppInit_DLLs

#7 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 03:21 PM

Open the FINDnFIX\Files2< Subfolder and run the => "ZIPZAP.bat" file. It will quickly clean the rest.
When done, Restart your computer and Delete and entire 'FINDnFIX' file+folder(s) From C:\.
Post a follow up HijackThis log when done!

#8 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 03:37 PM

Hmmmm..., when I ran ZIPZIP, it did some quick stuff then SPYBOT popped up to stop some malware from changing my home page to about:blank. Then Outlook express launched and wants me to mail junkxxx.zip into a mail message and send it to crapware@myweb.com

I told SPYBOT to Deny the change and rebooted.
On reboot SPYBOT asking to change homepage from about:blank back to google.com which I allowed.

I will post my HiJack This log in the next reply

#9 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 03:38 PM

HijackThis log after deleting FINDnFIX folder:

Logfile of HijackThis v1.97.7
Scan saved at 4:36:14 PM, on 6/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Tatara Systems\Service Manager\tscui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg2.EXE
C:\spyware\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F023FFF-B052-489C-A6B4-3D8DECBFCAD6} - C:\Program Files\Tatara Systems\Service Manager\BlockHTTP.dll
O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TataraSM] "C:\Program Files\Tatara Systems\Service Manager\tscui.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WAB501 Configuration Utility.lnk = C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#10 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 03:45 PM

Don't worry about the email - I forgot to include the fact the you should email it but it is not important.

Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":
O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:

Other than that - It is pretty clean. BUT .... Please go to Microsoft Windows Update and download all critical updates for your system. This is imperative - Especially updates for your O/S and IE.

Then:
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#11 shauneq

shauneq

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 04:12 PM

Thank you much, I do think it is cleared up, but now I think I might be fighting myself. When I boot, Spybot pops up asking me about a browser change.

It says

Old data: about:balnk
New data: http://www.google.com

If I allow change, my browser starts at google.
If I deny change, my browser starts at about:blank - and it really is a blank page - not the horrid search page - so that's OK.

In Spybot, under Tools-->Browser Pages, I set alot of them to google. So am I just fighting a default setting? Should I just check Remember This Decision and be happy?

Here are the browser settings under SpyBot:
Spybot - Search && Destroy browser pages report, 6/25/2004 5:08:15 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.google.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.google.com

#12 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 25 June 2004 - 05:02 PM

I get the exact same thing because mine is actually set for a blank page ... Just click on remember decision and it stays.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button