Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log -- Please Analyze Log


  • Please log in to reply
3 replies to this topic

#1 knowlesr22

knowlesr22

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 17 June 2005 - 03:50 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:41:25 PM, on 6/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\TrayIt!\trayit!.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siMain.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CaptureEze Pro\czepro.exe
C:\Documents and Settings\Rich Knowles\Desktop\ZIP-out\11-HiJackThis\HijackThis-v1.99.1-2005jun10.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files\Sunbelt Software\iHateSpam\siClientUIHotmail.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Hacker Eliminator] C:\PROGRA~1\HACKER~1\HACKER~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: TrayIt!.lnk = C:\Program Files\TrayIt!\trayit!.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members7.clubphoto.com/_img/uploader/atl_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107916825432
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


==================================================
StartupList report, 6/17/2005, 3:41:50 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Rich Knowles\Desktop\ZIP-out\11-HiJackThis\HijackThis-v1.99.1-2005jun10.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\TrayIt!\trayit!.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siMain.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CaptureEze Pro\czepro.exe
C:\Documents and Settings\Rich Knowles\Desktop\ZIP-out\11-HiJackThis\HijackThis-v1.99.1-2005jun10.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Rich Knowles\Start Menu\Programs\Startup]
ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
TrayIt!.lnk = C:\Program Files\TrayIt!\trayit!.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DadApp = C:\Program Files\Dell\AccessDirect\dadapp.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
Apoint = C:\Program Files\Apoint\Apoint.exe
vptray = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
!1_pgaccount = "C:\Program Files\ProcessGuard\pgaccount.exe"
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
Hacker Eliminator = C:\PROGRA~1\HACKER~1\HACKER~1.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
AWMON = "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

--------------------------------------------------

Enumerating Download Program Files:

[ppctlcab]
CODEBASE = http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD38A.OSD

[{00000163-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/0/B...4B9/wma9dmo.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[UploaderCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\atl_uploader.dll
CODEBASE = http://members7.clubphoto.com/_img/uploader/atl_uploader.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx
CODEBASE = http://ppupdates.ca.com/downloads/scanner/axscanner.cab

[{3334504D-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe

[Malicious Software Removal Tool]
InProcServer32 = C:\WebCleaner.dll
CODEBASE = http://download.microsoft.com/download/b/d.../WebCleaner.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1107916825432

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll
CODEBASE = http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8492.5172453704

[{D27CDB6E-AE6D-0000-0000-000000000000}]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,935 bytes
Report generated in 0.180 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:12 AM

Posted 18 June 2005 - 02:09 PM

Hi knowlesr22. After reviewing your log I see no signs of viruses or malware at this time. the log is clean.

Can you give me some specifics regarding what exactly is being changed and what messages that you are receiving and then we will take it from there.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 knowlesr22

knowlesr22
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 20 June 2005 - 01:38 AM

Hi and Thank you for looking at my HJT log.

SpySubtract and Lavasoft Ad-Watch keep alerting me to the same registry modification; or at least modifications to the same registry keys.

BTW, Is there anyway to attach a MS-Word file to this forum as I have screen captured images to show as examples? I digress . . .

I am not sure but I think I might have two (2) pieces of software playing ping-ping with each other. (this is where the screen examples would help). The alerts keep happening over and over again regardless of what I select -- DENY or ALLOW.

SpySubtract says, "Warning! The following web browser settings have been changed:" There are two (2) settings listed.
(1) --- IE Search Assistant URL (System)
--and--
(2) --- IE Search Customization URL (System)
The change recorded for both is a change to blank; in other words, the "Value it was changed to" Column lists nothing.

Lavasoft Ad-Watch captures modification of the same two (2) registry keys -- SearchAssistant and CustomizeSearch. Ad-Watch provides a little better detail in its alert which says, "Registry modification detected".

Ad-Watch says that Registry Root: HKEY_LOCAL_MACHINE
of Registry Key: Search Assistant
(Old) Data: <blank -- no entry listed>
New Data: http://ie.search.msn.com/{SUB_RFC1766}srchasst/srchcust.htm

Ad-Watch says that Registry Root: HKEY_LOCAL_MACHINE
of Registry Key: CustomizeSearch
(Old) Data: <blank -- no entry listed>
New Data: http://ie.search.msn.com/{SUB_RFC1766}srchasst/srchcust.htm


What is the best registry value for these two (2) registry entries?

“CustomizeSearch” ---- HKLM\Software\Microsoft\Internet Explorer\Search
“SearchAssistant” ---- HKLM\Software\Microsoft\Internet Explorer\Search

Also, Microsoft AntiSpyware lists some odd IE defaults for several registry settings.
What are the best registry values for these registry entries as well?

WHAT SETTINGS – for Current User (HKCU)
“Start Page” ---- HKCU\Software\Microsoft\Internet Explorer\Main
“Search Page” ---- HKCU\Software\Microsoft\Internet Explorer\Main
“Local Page” ---- HKCU\Software\Microsoft\Internet Explorer\Main

WHAT SETTINGS – for All Users (HKLM)
“blank” ---- HKLM\Software\Microsoft\Internet Explorer\AboutURLs
“Start Page” ---- HKLM\Software\Microsoft\Internet Explorer\Main
“Search Page” ---- HKLM\Software\Microsoft\Internet Explorer\Main
“Local Page” ---- HKLM\Software\Microsoft\Internet Explorer\Main
“Default_Page_URL” ---- HKLM\Software\Microsoft\Internet Explorer\Main
“Default_Search_URL” ---- HKLM\Software\Microsoft\Internet Explorer\Main

Thanks again.

--Rich K.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:12 AM

Posted 20 June 2005 - 10:01 AM

Hi knowlesr22. IE is trying to set its default settings. those are the messages that you are seeing. Let them through and then you won't see them anymore. As to the other defaults, they should be whatever you want the set to be. Eveyone's default pages are different, it just depends on what you want your startup pages to be. Whatever page you want to see first when you open up your brower will be set as your startup page. Local pages are usually blank. That's what you see when you search for or type in a page that cannot be found. Some people create a custom local page and set that but I just leave mine as nothing.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users