XP SP2 Global browser toolbar?

From: Bryan Sullo (bsullo_at_CLOCKTOWERTECH.COM)
Date: 08/19/04

  • Next message: Mark Belles: "Questions regarding file associations affected by SP2" 
    Date:         Thu, 19 Aug 2004 10:56:51 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    I have been running Spybot Search & Destroy's TeaTimer software on my XP Pro (SP1) notebook. For those unfamiliar, TeaTimer alerts you when a program makes a registry change in the Run keys or a few other areas that are frequented by spyware.

    Since installing SP2, I have noticed a strange issue:
    Every time I start Windows, I receive a message from TeaTimer that says a registry entry has changed.

    Category: Global browser toolbar
    Change: Value deleted
    Entry: {8E718888-423F-11D2-876E00A0C9082467}
    Old data: hex:00

    Once I tell it go go ahead and allow this value to be deleted, I receive another message:

    Category: Browser page
    Change: Value changed
    Entry: Local Page
    Old data: C:\WINDOWS\System32\blank.htm
    New data: C:\WINDOWS\system32\blank.htm

    (Note the change in capitalization.)
    I have IE's start page set to "about:blank".

    I have searched the Web looking for any reference to "Global browser toolbar" and found nothing. I can only assume it is a new SP2 feature.

    What I don't understand is why the system DELETES this value every time it is started. (Note, TeaTimer is not deleting anything, it is just alerting me that it has been deleted.)

    Has anyone seen a similar issue? Is the Global browser toolbar a new SP2 feature? If it is being deleted every time the system starts, why does it keep coming back?

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Mark Belles: "Questions regarding file associations affected by SP2"