Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 jmdoane42

jmdoane42

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 October 2010 - 06:17 PM

I accidently clicked on an ad (disguised as nothing more than a couple of arrows...) and got numerous virus infections as well as what is apparantly rootkit activity. Any Google results I click on take a long time to load up, and when they do it is just some random page. This happens in both Firefox and IE. So far I've run SuperAntispyware which removed several trojans. I've also run Combofix three times. I see I wasn't supposed to do that but that was before I found this forum, sorry! I will post the combofix log after the gmer and dds logs. I should also note that I saw several instances of "mshta.exe" running which as I understand is a method of installing more viruses on the system, so I created a 0 byte read-only dummy file called "mshta.exe" to prevent it from being used, so I'm guessing that's why Combofix didn't like it (it deleted it). One other thing, I saw a driver file being loaded called "ekekalegetekola.dll" which I didn't recognize and it sounded like randomly generated garbage, so I quarantined it. I get an error message at bootup saying windows can't find that file and also "dinepnv2.dll" which I have never heard of before.

I greatly appreciate any help but I have to go to work shortly so I won't be able to check back here until Saturday morning. I hope people are still around for the weekends! tongue.gif



DDS (Ver_10-10-10.03) - NTFSx86
Run by HP_Owner at 14:54:23.60 on Fri 10/15/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.504 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Mwaqiresoxiwuv] rundll32.exe "c:\windows\dinepnv2.dll",Startup
uRun: [Octoshape Streaming Services] "c:\program files\octoshape streaming services\hp_owner\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AutoTBar] c:\program files\hp\digital imaging\bin\AUTOTBAR.EXE
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UniUploader] c:\program files\uniuploader\UniUploader.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Idoziyuhaxovabuy] rundll32.exe "c:\windows\ekekalegetekola.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197221683645
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\xl77vwge.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 67656]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 Vax347s;Vax347s;c:\windows\system32\drivers\vax347s.sys --> c:\windows\system32\drivers\Vax347s.sys [?]
S2 EZWINIT;EZWINIT;c:\windows\system32\drivers\ezwinit.sys [2005-7-13 14494]
S2 EZWINIT2;EZWINIT2;c:\windows\system32\drivers\ezwinit2.sys [2005-8-15 14720]
S2 EZWRITE2;EZWRITE2;c:\windows\system32\drivers\ezwrite2.sys [2005-8-15 16680]
S2 EZWRITER;EZWRITER;c:\windows\system32\drivers\ezwriter.sys [2005-7-13 16680]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-5-10 23456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest ultimate edition\kerneld.wnt --> c:\program files\lavalys\everest ultimate edition\kerneld.wnt [?]

=============== Created Last 30 ================

2010-10-15 19:37:25 0 ----a-r- c:\windows\system32\mshta.exe
2010-10-15 18:56:49 -------- d-----w- C:\ComboFix
2010-10-15 18:12:06 98816 ----a-w- c:\windows\sed.exe
2010-10-15 18:12:06 77312 ----a-w- c:\windows\MBR.exe
2010-10-15 18:12:06 256512 ----a-w- c:\windows\PEV.exe
2010-10-15 18:12:06 161792 ----a-w- c:\windows\SWREG.exe
2010-10-15 12:04:39 -------- d-----w- c:\windows\ERUNT
2010-10-15 11:59:51 -------- d-----w- C:\SDFix
2010-10-15 11:05:23 -------- d-----w- c:\documents and settings\hp_owner\backup
2010-10-15 09:58:55 0 ----a-w- c:\windows\Rjuzeziw.bin
2010-10-14 23:00:55 205 ----a-w- c:\docume~1\hp_owner\applic~1\jsfhjjsd.bat
2010-10-14 23:00:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-10-14 23:00:28 0 ----a-w- c:\windows\system32\drivers\aszvkk.sys
2010-10-14 23:00:17 55296 ----a-w- C:\memory.tmp
2010-10-14 10:37:44 25088 ----a-w- c:\windows\system32\shfolder.dll
2010-09-27 03:53:33 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-27 03:53:33 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-27 03:52:34 -------- d-----w- c:\program files\iPod
2010-09-27 03:52:25 -------- d-----w- c:\program files\iTunes
2010-09-27 03:52:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-27 03:49:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-27 03:49:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-27 03:49:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-27 03:46:26 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-27 03:46:26 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-27 03:45:46 -------- d-----w- c:\program files\Bonjour
2010-09-24 11:10:03 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-24 11:10:03 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-24 11:10:02 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-24 11:10:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-19 23:23:58 -------- d-----w- c:\program files\PeerBlock
2010-09-19 06:09:27 -------- d-----w- c:\docume~1\hp_owner\locals~1\applic~1\The Lord of the Rings Online
2010-09-19 01:09:54 -------- d-----w- c:\program files\Pando Networks

==================== Find3M ====================

2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 23:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 23:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 23:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 14:54:42.79 ===============











GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-15 17:50:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\fxldqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? Vax347s.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6642000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00AD85CB
.text C:\Program Files\internet explorer\iexplore.exe[1340] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001575DE
.text C:\Program Files\internet explorer\iexplore.exe[1340] ws2_32.dll!send 71AB428A 5 Bytes JMP 00155F60
.text C:\Program Files\internet explorer\iexplore.exe[1340] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00156138
.text C:\Program Files\internet explorer\iexplore.exe[1340] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00155FD3
.text C:\Program Files\internet explorer\iexplore.exe[1340] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 0015609E
.text C:\Program Files\internet explorer\iexplore.exe[1340] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 00156367

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x70 0x08 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x95 0x9E 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0x5A 0x7B 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x70 0x08 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x95 0x9E 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0x5A 0x7B 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x70 0x08 0x30 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x95 0x9E 0xAD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0x5A 0x7B 0xCC ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName Ati2evxx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Lock AtiLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Logoff AtiLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Logon AtiLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Disconnect AtiDisConnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Reconnect AtiReConnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Safe 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Shutdown AtiShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@StartScreenSaver AtiStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@StartShell AtiStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Startup AtiStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@StopScreenSaver AtiStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@Unlock AtiUnLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

---- EOF - GMER 1.0.15 ----








ComboFix 10-10-14.04 - HP_Owner 10/15/2010 13:57:32.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.607 [GMT -5:00]
Running from: C:\downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mshta.exe

C:\WINDOWS\system32\winlogon.exe . . . is infected!!

Infected copy of C:\WINDOWS\explorer.exe was found and disinfected
Restored copy from - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 13:29:35 . 2010-10-15 13:29:38 -------- d-----w- C:\Documents and Settings\Administrator.BEEBO
2010-10-15 12:04:39 . 2010-10-15 12:04:56 -------- d-----w- C:\WINDOWS\ERUNT
2010-10-15 11:59:51 . 2010-10-15 12:42:04 -------- d-----w- C:\SDFix
2010-10-15 11:05:23 . 2010-10-15 11:05:43 -------- d-----w- C:\Documents and Settings\HP_Owner\backup
2010-10-15 10:29:45 . 2010-10-15 10:29:45 -------- d-----w- C:\Documents and Settings\Guest\Local Settings\Application Data\LightScribe
2010-10-15 09:58:55 . 2010-10-15 09:58:55 0 ----a-w- C:\WINDOWS\Rjuzeziw.bin
2010-10-14 23:00:55 . 2010-10-14 23:00:55 205 ----a-w- C:\Documents and Settings\HP_Owner\Application Data\jsfhjjsd.bat
2010-10-14 23:00:51 . 2010-10-15 00:12:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Update
2010-10-14 23:00:28 . 2010-10-14 23:01:39 0 ----a-w- C:\WINDOWS\system32\drivers\aszvkk.sys
2010-10-14 23:00:17 . 2010-10-14 23:00:17 55296 ----a-w- C:\memory.tmp
2010-10-14 10:37:44 . 2004-08-04 04:00:00 25088 ----a-w- C:\WINDOWS\system32\shfolder.dll
2010-09-27 03:53:33 . 2009-05-18 18:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-09-27 03:53:33 . 2008-04-17 17:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll
2010-09-27 03:52:34 . 2010-09-27 03:52:34 -------- d-----w- C:\Program Files\iPod
2010-09-27 03:52:25 . 2010-09-27 03:53:29 -------- d-----w- C:\Program Files\iTunes
2010-09-27 03:52:25 . 2010-09-27 03:53:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-27 03:49:19 . 2010-09-27 03:49:19 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-09-27 03:49:19 . 2010-09-27 03:49:18 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-09-27 03:49:19 . 2010-09-27 03:49:18 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-09-27 03:46:53 . 2010-09-27 03:46:54 -------- d-----w- C:\Program Files\Apple Software Update
2010-09-27 03:46:26 . 2010-04-20 01:47:44 3062048 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2010-09-27 03:46:26 . 2010-04-20 01:47:42 41984 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2010-09-27 03:45:46 . 2010-09-27 03:45:49 -------- d-----w- C:\Program Files\Bonjour
2010-09-24 11:10:03 . 2010-02-04 15:01:14 74072 ----a-w- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-09-24 11:10:03 . 2010-02-04 15:01:14 528216 ----a-w- C:\WINDOWS\system32\XAudio2_6.dll
2010-09-24 11:10:02 . 2010-02-04 15:01:14 238936 ----a-w- C:\WINDOWS\system32\xactengine3_6.dll
2010-09-24 11:10:01 . 2010-02-04 15:01:14 22360 ----a-w- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-09-19 23:23:58 . 2010-10-15 18:55:56 -------- d-----w- C:\Program Files\PeerBlock
2010-09-19 06:09:27 . 2010-09-19 06:09:27 -------- d-----w- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\The Lord of the Rings Online
2010-09-19 01:09:54 . 2010-10-15 10:39:38 -------- d-----w- C:\Program Files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 04:00:00 . B9C7CEF5B9303E38D53C32503BEAA51C . 502272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\winlogon.exe

[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 11:26:03 . 4F5B2DD41273073A79FD30BAEDE1A06D . 1033216 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\explorer.exe
[7] 2007-06-13 11:26:03 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 04:00:00 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"Mwaqiresoxiwuv"="C:\WINDOWS\dinepnv2.dll" [BU]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\HP_Owner\OctoshapeClient.exe" [BU]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [BU]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 16:43:18 248040]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [BU]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [BU]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [BU]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 12:00:48 33648]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 17:08:30 935288]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 20:28:22 577536]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47:52 57344]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 04:32:54 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-09-28 00:19:46 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-09-28 00:19:46 13918208]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [BU]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 16:18:50 49152]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [BU]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 04:00:00 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 04:00:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00:00 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 04:00:00 208952]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 13:43:46 233472]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 11:53:26 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 16:01:56 88209]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 11:42:30 659456]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54:32 253952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 16:17:42 421888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 09:04:38 52736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-24 07:10:52 421160]
"UniUploader"="C:\Program Files\UniUploader\UniUploader.exe" [BU]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 09:08:38 35696]
"Idoziyuhaxovabuy"="C:\WINDOWS\ekekalegetekola.dll" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Tortun\\gui.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=

R0 Vax347s;Vax347s;C:\WINDOWS\system32\drivers\Vax347s.sys [11/11/2005 10:34:24 PM 5248]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30:10 PM 67656]
S2 EZWINIT;EZWINIT;C:\WINDOWS\system32\drivers\ezwinit.sys [7/13/2005 12:12:58 PM 14494]
S2 EZWINIT2;EZWINIT2;C:\WINDOWS\system32\drivers\ezwinit2.sys [8/15/2005 9:19:10 PM 14720]
S2 EZWRITE2;EZWRITE2;C:\WINDOWS\system32\drivers\ezwrite2.sys [8/15/2005 9:19:10 PM 16680]
S2 EZWRITER;EZWRITER;C:\WINDOWS\system32\drivers\ezwriter.sys [7/13/2005 12:12:58 PM 16680]
S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [5/10/2010 4:34:31 AM 23456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [3/11/2006 10:02:44 PM 642560]
S4 Vax347b;Vax347b;C:\WINDOWS\system32\drivers\Vax347b.sys [11/11/2005 10:34:24 PM 159616]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
FF - ProfilePath - C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\xl77vwge.default\
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Attached Files



BC AdBot (Login to Remove)

 


#2 jmdoane42

jmdoane42
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 20 October 2010 - 04:58 AM

Please close this topic, I am currently recieving help over at the PCpitstop forums. Thanks!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 20 October 2010 - 04:11 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users