• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
shauneq

about:blank comes back after reboot

12 posts in this topic

My browser was continuously hijacked to about:blank which displayed some search page with popups. Through spybot, adaware, and hijack this I have cleaned it up. However when I reboot and login to my XP system, the Resident SPYBOT detector pops up 6 times fixing browser changes which must have happened before Resident SPYBOT could stop it. Note, Resident SPYBOT is FIXING problems which snuck in during reboot. I allow each of the changes and all is fine. I want to remove the lurking offender.

 

I uploaded screen captures of the spybot popups to:

http://www.gis.net/~lrussell/spybotmsgs

 

Here is my hijack this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:06:01 PM, on 6/24/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\atievxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Tatara Systems\Service Manager\tscui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg2.EXE

C:\spyware\Hijack This\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1F023FFF-B052-489C-A6B4-3D8DECBFCAD6} - C:\Program Files\Tatara Systems\Service Manager\BlockHTTP.dll

O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TataraSM] "C:\Program Files\Tatara Systems\Service Manager\tscui.exe" /s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: WAB501 Configuration Utility.lnk = C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: AIM (HKLM)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Thank you PHPhantom, I knew I'd get your attention with that "Really Smart" remark ;) (I meant what I said about boot camp too!)

 

Here's the FINDnFIX log:

 

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is FAT32.

C: is not dirty.

 

Fri 06/25/2004

2:54pm up 0 days, 0:27

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»

Files listed in this section (in System32) are not always definitive!

Always Double Check and be sure the file pointed doesn't exist!

 

»»Locked or 'Suspect' file(s) found...

 

 

C:\WINDOWS\System32\D3DIOF.DLL +++ File read error

\\?\C:\WINDOWS\System32\D3DIOF.DLL +++ File read error

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»Special 'locked' files scan in 'System32'........

**File C:\FINDnFIX\LIST.TXT

D3DIOF.DLL Can't Open!

 

****Filtering files in System32... (-h -s -r...) ***

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\WINDOWS\SYSTEM32\

d3diof.dll Tue Jun 8 2004 4:34:58p ....R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

No matches found.

 

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\D3DIOF.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group BOWWOW\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

*** unknown file or directory "C:\junkxxx"

 

 

»»»»»»Backups created...»»»»»»

2:57pm up 0 days, 0:30

Fri 06/25/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 06-25-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 06-25-2004 winkey.reg

 

»»Performing 16bit string scan....

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æG¸ÿÿÿC

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Windows

AppInit

UDeviceNotSelectedTimeout

zGDIProcessHandleQuota"

Spooler2

=pswapdisk

TransmissionRetryTimeout

USERProcessHandleQuotaH

 

**File C:\FINDnFIX\WIN.TXT

Øÿÿÿvk > Ø fùAppInit_DLLsÖ?æG¸ÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ d 3 d i o f . d l l ° Ðÿÿÿvk X ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 Ø(ÍWðÿÿÿ9 0 ! Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk È °ºSpooler2ðÿÿÿy e s À ° ( x ¨ ð àÿÿÿvk € =pswapdiskÐÿÿÿvk h R¿TransmissionRetryTimeoutàÿÿÿ° ( x ¨ ð ` Ðÿÿÿvk €' 0 USERProcessHandleQuotaH p

Share this post


Link to post
Share on other sites

This will take couple or more steps to fix. Be sure to Follow the next set of steps carefully, in the exact order specified:

  1. Open the "FINDnFIX\Keys1" Subfolder!
  2. Locate the "MOVEit.bat" file, Right-Click on it and select => "edit". The file will open as empty text file.
  3. Copy and paste the entire highlighted line in the following quote box
    (all one line) into that blank 'MOVEit' file:
    move C:\WINDOWS\System32\D3DIOF.DLL c:\junkxxx\D3DIOF.DLL

  4. Save the file and close.
  5. Get ready to restart your computer.
  6. In the same folder, DoubleClick on the "FIX.bat" file.
  7. You will be prompted by popup Alert to restart in 15 seconds.
  8. Allow it to restart the computer!
  9. On restart, Navigate to: C:\FINDnFIX\ main folder:
  10. DoubleClick on the "RESTORE.bat" file.
  11. It'll run and produce new log. (log1.txt) post it here!

Share this post


Link to post
Share on other sites

Two comments:

1. Out of curiosity, before your post I looked in windows/system32 and D3DIOF.DLL was not there (even though I have "show hidden files").

 

2. For other reasons I had to boot my PC before your post.

 

When you posted I followed explicitly and restore.bat did find and move D3DIOF.DLL to junkxxx.

 

 

Here is the log1.txt:

 

 

Fri 06/25/2004

4:07pm up 0 days, 0:03

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is FAT32.

C: is not dirty.

 

*Locked files...

* result\\?\C:\junkxxx\D3DIOF.DLL

 

»»»Filtering files in System32.......( 'R;H;S') »»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

No matches found.

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\JUNKXXX\

d3diof.dll Tue Jun 8 2004 4:34:58p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\JUNKXXX\D3DIOF.DLL

 

 

Search text: ÝSTREAMINGDEVICESETUP2Þ ®CASE Insensitive Match

Searching ==>C:\JUNKXXX\D3DIOF.DLL

Run Time(sec) 0

**File C:\JUNKXXX\D3DIOF.DLL

0000DEBE: 67 44 65 76 69 63 65 00 . 00 53 74 72 65 61 6D 69 gDevice. .Streami

0000DED3: 63 65 53 65 74 75 70 00 . 32 00 00 00 00 00 E0 01 ceSetup. 2.....à.

 

move c:\windows\System32\D3DIOF.DLL c:\junkxxx\D3DIOF.DLL

 

 

-ra-- W32i - - - - 57,344 06-08-2004 d3diof.dll

A R C:\junkxxx\D3DIOF.DLL

File: <C:\junkxxx\D3DIOF.DLL>

 

CRC-32 : D5C9FB2E

 

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249

 

 

 

 

»»Permissions:

The Cacls command can be run only on disk drives that use the NTFS file system.Directory "C:\junkxxx\."

Permissions:

NA

 

Auditing:

NA

 

Owner: \Everyone

 

Primary Group: \Everyone

 

Directory "C:\junkxxx\.."

Permissions:

NA

 

Auditing:

NA

 

Owner: \Everyone

 

Primary Group: \Everyone

 

File "C:\junkxxx\D3DIOF.DLL"

Permissions:

NA

 

Auditing:

NA

 

Owner: \Everyone

 

Primary Group: \Everyone

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æG¸ÿÿÿC

 

---------- NEWWIN.TXT

TAppInit_DLLs

sQ¸

**File C:\FINDnFIX\NEWWIN.TXT

**File C:\FINDnFIX\NEWWIN.TXT

00001338: 01 00 00 00 01 00 0F 54 . 5F 44 4C 4C 73 0D 73 12 .......T _DLLs.s.

**File C:\FINDnFIX\NEWWIN.TXT

Ðÿÿÿvk à ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 Ø(ÍW ° Ðÿÿÿvk €' zGDIProcessHandleQuota"þðÿÿÿ9 0 ! àÿÿÿvk X °ºSpooler2ðÿÿÿy e s À àÿÿÿvk € =pswapdisk ° ø 8 h   Ðÿÿÿvk ( R¿TransmissionRetryTimeoutÐÿÿÿvk €' 0 USERProcessHandleQuotaH àÿÿÿ° ø 8 h   Ð Øÿÿÿvk € TAppInit_DLLs

Share this post


Link to post
Share on other sites

Open the FINDnFIX\Files2< Subfolder and run the => "ZIPZAP.bat" file. It will quickly clean the rest.

When done, Restart your computer and Delete and entire 'FINDnFIX' file+folder(s) From C:\.

Post a follow up HijackThis log when done!

Share this post


Link to post
Share on other sites

Hmmmm..., when I ran ZIPZIP, it did some quick stuff then SPYBOT popped up to stop some malware from changing my home page to about:blank. Then Outlook express launched and wants me to mail junkxxx.zip into a mail message and send it to crapware@myweb.com

 

I told SPYBOT to Deny the change and rebooted.

On reboot SPYBOT asking to change homepage from about:blank back to google.com which I allowed.

 

I will post my HiJack This log in the next reply

Share this post


Link to post
Share on other sites

HijackThis log after deleting FINDnFIX folder:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:36:14 PM, on 6/25/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\atievxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Tatara Systems\Service Manager\tscui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg2.EXE

C:\spyware\Hijack This\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1F023FFF-B052-489C-A6B4-3D8DECBFCAD6} - C:\Program Files\Tatara Systems\Service Manager\BlockHTTP.dll

O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TataraSM] "C:\Program Files\Tatara Systems\Service Manager\tscui.exe" /s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: WAB501 Configuration Utility.lnk = C:\Program Files\NETGEAR\WAB501 Configuration Utility\wlancfg.exe

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Don't worry about the email - I forgot to include the fact the you should email it but it is not important.

 

Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":

O2 - BHO: (no name) - {28B5AF04-85A4-41DB-B3B3-3832B524ADD8} - (no file)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

 

Other than that - It is pretty clean. BUT .... Please go to Microsoft Windows Update and download all critical updates for your system. This is imperative - Especially updates for your O/S and IE.

 

Then:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Share this post


Link to post
Share on other sites

Thank you much, I do think it is cleared up, but now I think I might be fighting myself. When I boot, Spybot pops up asking me about a browser change.

 

It says

 

Old data: about:balnk

New data: http://www.google.com

 

If I allow change, my browser starts at google.

If I deny change, my browser starts at about:blank - and it really is a blank page - not the horrid search page - so that's OK.

 

In Spybot, under Tools-->Browser Pages, I set alot of them to google. So am I just fighting a default setting? Should I just check Remember This Decision and be happy?

 

Here are the browser settings under SpyBot:

Spybot - Search && Destroy browser pages report, 6/25/2004 5:08:15 PM

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@

http://www.google.com/keyword/%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

http://www.google.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.google.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://www.google.com

Share this post


Link to post
Share on other sites

I get the exact same thing because mine is actually set for a blank page ... Just click on remember decision and it stays.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0