Yahoo browser redirecting

View previous topic View next topic Go down

Yahoo browser redirecting

Post by ltlfroggie on Wed Jul 14, 2010 7:24 pm

When I try to search for something via Yahoo.com, it pulls up the results page but any link i click on, I get redirected to various links. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:30 PM, on 7/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Cingular Communication Manager] "C:\Program Files\Cingular\Communication Manager\CingularCCM.exe" -a
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648)" -"http://www.miniclip.com/games/on-the-run/en/"
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Start Pervasive PSQL Workgroup Engine.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GJGrewe.local
O17 - HKLM\Software\..\Telephony: DomainName = GJGrewe.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF}: NameServer = 24.217.0.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GJGrewe.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14585 bytes

Any help would be appreciated!

Thanks.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Jul 14, 2010 7:25 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Jul 15, 2010 3:55 pm

ComboFix 10-07-14.04 - rreiche 07/15/2010 9:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1648 [GMT -5:00]
Running from: c:\documents and settings\rreiche\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG5.tmp
c:\windows\system32\muzapp.exe
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:41 . 2010-06-25 17:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:41 . 2010-06-25 17:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\Microsoft
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar
2010-06-25 17:16 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-25 17:15 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 17:08 . 2010-06-25 17:08 -------- d-----w- c:\documents and settings\rreiche\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 14:48 . 2010-06-25 14:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-06-25 14:48 . 2010-06-25 14:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-06-24 18:47 . 2010-06-24 18:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-06-24 16:45 . 2010-06-25 17:04 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\cnwjgggur
2010-06-18 14:18 . 2009-05-10 20:00 126976 ----a-w- c:\windows\system32\dlxsozil.dll
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
2010-06-15 19:49 . 2010-06-15 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 18:36 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-25 17:42 . 2007-09-10 15:09 -------- d-----w- c:\program files\Symantec
2010-06-25 17:42 . 2010-06-25 17:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:42 . 2010-06-25 17:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 17:16 . 2007-09-10 14:52 -------- d-----w- c:\program files\Common Files\Java
2010-06-25 17:15 . 2007-09-10 14:52 -------- d-----w- c:\program files\Java
2010-06-25 17:14 . 2007-09-10 15:08 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-16 19:32 . 2008-05-17 01:22 1956808 ----a-w- c:\documents and settings\rreiche\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.
.
------- File Associations -------
.
.scr=AutoCADLTscriptFile
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
AddRemove-Super Collapse 3 - c:\documents and settings\rreiche\Desktop\SuperCollapse3\Uninstall.exe
AddRemove-{7A73CECC-DC5E-4BA1-8FA3-B8187ED47D59}_is1 - g:\ophcrack\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-15 10:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\capicom.dll

- - - - - - - > 'lsass.exe'(1220)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(5568)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\program files\OLYMPUS\DeviceDetector\DM1Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
.
**************************************************************************
.
Completion time: 2010-07-15 10:25:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 15:25

Pre-Run: 87,592,038,400 bytes free
Post-Run: 87,823,986,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B8918BCEF506D94C8A5212C33FBA1399

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Jul 15, 2010 3:57 pm

Also - I noticed something interesting. When I'm plugged in via a cable to a secure network, it does not redirect me. It is only when I''m connected via Wi-fi. Can't wrap my head around that one.

Thanks.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Thu Jul 15, 2010 7:14 pm

It is done by what's called a "network-aware" worm. Network aware worms are highly designed worms known to spread rapidly over certain types of networks.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =
    Trusted Zone: gjgrewe.commail

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



NEXT


Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply along with the ComboFix report.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Fri Jul 16, 2010 2:15 pm

I'm dragging the txt file over and it pulls up the smaller "ComboFix" box where the bar fills up...but then it just closes and nothing else happens.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Sat Jul 17, 2010 6:17 pm

Try this:

Go to Start > Run and enter this in:

ComboFix "%userprofile%\desktop\CFScript.txt"


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Jul 19, 2010 3:27 pm

That worked - thanks.

ComboFix 10-07-14.04 - rreiche 07/19/2010 9:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1760 [GMT -5:00]
Running from: c:\documents and settings\rreiche\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rreiche\desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:41 . 2010-06-25 17:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:41 . 2010-06-25 17:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\Microsoft
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar
2010-06-25 17:16 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-25 17:15 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 17:08 . 2010-06-25 17:08 -------- d-----w- c:\documents and settings\rreiche\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 14:48 . 2010-06-25 14:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-06-25 14:48 . 2010-06-25 14:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-06-24 18:47 . 2010-06-24 18:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-06-24 16:45 . 2010-06-25 17:04 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\cnwjgggur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 15:40 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-25 17:42 . 2007-09-10 15:09 -------- d-----w- c:\program files\Symantec
2010-06-25 17:42 . 2010-06-25 17:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:42 . 2010-06-25 17:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 17:16 . 2007-09-10 14:52 -------- d-----w- c:\program files\Common Files\Java
2010-06-25 17:15 . 2007-09-10 14:52 -------- d-----w- c:\program files\Java
2010-06-25 17:14 . 2007-09-10 15:08 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
2010-06-15 19:49 . 2010-06-15 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-19 10:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\capicom.dll

- - - - - - - > 'lsass.exe'(1224)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(4832)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\program files\OLYMPUS\DeviceDetector\DM1Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
.
**************************************************************************
.
Completion time: 2010-07-19 10:11:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-19 15:11
ComboFix2.txt 2010-07-15 15:25

Pre-Run: 87,711,682,560 bytes free
Post-Run: 87,731,724,288 bytes free

- - End Of File - - D59C9D2957D5CDA04127DD7ECC48B0E3

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Jul 19, 2010 4:01 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4326

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

7/19/2010 10:36:02 AM
mbam-log-2010-07-19 (10-36-02).txt

Scan type: Quick scan
Objects scanned: 146521
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Tue Jul 20, 2010 2:35 am

Are you still having redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Tue Jul 20, 2010 3:42 pm

It is still doing it - I know this is late to ask, but when doing all of the above, did it matter if I was connected to the network (which seems to work fine) or via wi-fi (which still isn't)?

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Tue Jul 20, 2010 6:57 pm

Not too much of a big deal.

Download [You must be registered and logged in to see this link.] to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Wed Jul 21, 2010 5:16 pm

That link is not working.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Jul 21, 2010 6:40 pm

GeeksToGo is down, my bad.

Try this link: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Jul 22, 2010 2:47 pm

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice:



Done! Press ENTER to exit...

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Thu Jul 22, 2010 7:08 pm

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.


Then, post a new MBRCheck log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Fri Jul 23, 2010 6:03 pm

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...


ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Fri Jul 23, 2010 6:37 pm

Excellent. Still getting redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Aug 02, 2010 2:51 pm

Surprisingly it is still redirecting when not connected through the network cable.

Sorry for the late response - I was out of town all last week.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Mon Aug 02, 2010 9:29 pm

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 05, 2010 4:41 pm

MySystem-Search


MSS v1.6


Basic System Information

Username: rreiche - Date: 08/05/2010 - Time: 11:38:15

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 15 Model 104 Stepping 1, AuthenticAMD
Total processors: 2
Computer Name: RREICHE03
Logon Server: \\STOREFRONT


CD Emulation Drivers running?

Roxio found!


Peer-to-Peer applications?



File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes


Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 256 K
smss.exe 1088 Console 0 388 K
csrss.exe 1152 Console 0 4,516 K
winlogon.exe 1176 Console 0 2,340 K
services.exe 1220 Console 0 4,384 K
lsass.exe 1232 Console 0 7,428 K
HpFkCrypt.exe 1396 Console 0 1,524 K
svchost.exe 1464 Console 0 10,028 K
svchost.exe 1508 Console 0 5,444 K
svchost.exe 1556 Console 0 4,792 K
svchost.exe 1600 Console 0 32,552 K
btwdins.exe 1628 Console 0 3,200 K
svchost.exe 1664 Console 0 3,356 K
Smc.exe 1824 Console 0 7,436 K
svchost.exe 1884 Console 0 3,452 K
svchost.exe 1900 Console 0 8,708 K
ccSvcHst.exe 244 Console 0 2,900 K
spoolsv.exe 492 Console 0 9,256 K
scardsvr.exe 560 Console 0 2,620 K
DM1Service.exe 672 Console 0 1,904 K
FreeAgentService.exe 804 Console 0 4,856 K
IFXSPMGT.exe 884 Console 0 9,416 K
IFXTCS.exe 1012 Console 0 6,952 K
iviRegMgr.exe 1068 Console 0 2,268 K
jqs.exe 1112 Console 0 1,400 K
LSSrvc.exe 1136 Console 0 2,480 K
pdfsvc.exe 1248 Console 0 2,620 K
IfxPsdSv.exe 1732 Console 0 2,556 K
svchost.exe 1756 Console 0 2,880 K
nvdkit.exe 1784 Console 0 7,164 K
SeaPort.exe 2080 Console 0 8,624 K
Rtvscan.exe 2128 Console 0 4,780 K
wdfmgr.exe 2160 Console 0 1,856 K
WLIDSVC.EXE 2228 Console 0 12,276 K
WLTRYSVC.EXE 2316 Console 0 1,680 K
BCMWLTRY.EXE 2340 Console 0 7,260 K
searchindexer.exe 2348 Console 0 22,848 K
hpqWmiEx.exe 2404 Console 0 3,992 K
SWIHPWMI.exe 2484 Console 0 3,356 K
wmiprvse.exe 2616 Console 0 5,316 K
WLIDSVCM.EXE 2808 Console 0 1,968 K
alg.exe 2972 Console 0 3,640 K
asghost.exe 1776 Console 0 16,156 K
explorer.exe 1996 Console 0 25,712 K
SmcGui.exe 2028 Console 0 6,112 K
accelerometerST.exe 3268 Console 0 2,352 K
pthosttr.exe 3320 Console 0 18,348 K
SynTPEnh.exe 3660 Console 0 5,436 K
WLTRAY.EXE 3676 Console 0 8,392 K
pdfsty.exe 3692 Console 0 3,684 K
HPWAMain.exe 3656 Console 0 4,448 K
DrgToDsc.exe 828 Console 0 6,052 K
PSDrt.exe 3784 Console 0 13,268 K
jusched.exe 3824 Console 0 2,608 K
QLBCTRL.exe 668 Console 0 8,868 K
qttask.exe 792 Console 0 2,564 K
GrooveMonitor.exe 2144 Console 0 4,804 K
hpztsb03.exe 3072 Console 0 3,108 K
hpcmpmgr.exe 3440 Console 0 7,212 K
hphmon05.exe 2592 Console 0 3,720 K
SMSTray.exe 3720 Console 0 5,688 K
hpwuSchd2.exe 1648 Console 0 2,404 K
smax4pnp.exe 1896 Console 0 4,400 K
mswinext.exe 756 Console 0 106,276 K
HpqToaster.exe 2136 Console 0 4,328 K
ccApp.exe 256 Console 0 848 K
svchost.exe 1100 Console 0 3,424 K
stxmenumgr.exe 4164 Console 0 3,876 K
wcescomm.exe 4744 Console 0 5,304 K
ctfmon.exe 4896 Console 0 6,864 K
SansaDispatch.exe 4984 Console 0 2,704 K
rapimgr.exe 5000 Console 0 6,912 K
BTTray.exe 5544 Console 0 6,820 K
DevDtct2.exe 5632 Console 0 6,108 K
BTSTAC~1.EXE 6036 Console 0 10,616 K
w3dbsmgr.exe 3408 Console 0 12,024 K
WindowsSearch.exe 3796 Console 0 13,364 K
iexplore.exe 5264 Console 0 50,064 K
SCServer.exe 5808 Console 0 7,172 K
CarbonitePreinstaller.exe 1740 Console 0 3,592 K
wuauclt.exe 664 Console 0 6,728 K
searchprotocolhost.exe 4948 Console 0 6,480 K
searchfilterhost.exe 4224 Console 0 3,548 K
mss.exe 5672 Console 0 2,716 K
cmd.exe 1676 Console 0 1,736 K
tasklist.exe 4120 Console 0 4,512 K
wmiprvse.exe 3012 Console 0 5,588 K


Hidden objects

PATH: C:\windows

$hf_mig$
$MSI31Uninstall_KB893803v2$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallbasecsp$
$NtUninstallKB873339$
$NtUninstallKB883667$
$NtUninstallKB885464$
$NtUninstallKB885835$
$NtUninstallKB885836$
$NtUninstallKB885855$
$NtUninstallKB886185$
$NtUninstallKB887472$
$NtUninstallKB888239$
$NtUninstallKB888302$
$NtUninstallKB888402$
$NtUninstallKB889673$
$NtUninstallKB890046$
$NtUninstallKB890859$
$NtUninstallKB891781$
$NtUninstallKB892559$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB896256$
$NtUninstallKB896344$
$NtUninstallKB896358$
$NtUninstallKB896423$
$NtUninstallKB896428$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB899591$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB901214$
$NtUninstallKB902400$
$NtUninstallKB904706$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB908519$
$NtUninstallKB908521$
$NtUninstallKB908531$
$NtUninstallKB909095$
$NtUninstallKB909394$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911927$
$NtUninstallKB912436$
$NtUninstallKB913580$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB915326$
$NtUninstallKB915800$
$NtUninstallKB915865$
$NtUninstallKB916595$
$NtUninstallKB916846$
$NtUninstallKB917344$
$NtUninstallKB917953$
$NtUninstallKB918005$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB919007$
$NtUninstallKB920213$
$NtUninstallKB920342$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB921503$
$NtUninstallKB922582$
$NtUninstallKB922819$
$NtUninstallKB923191$
$NtUninstallKB923414$
$NtUninstallKB923980$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925720$
$NtUninstallKB925876$
$NtUninstallKB925902$
$NtUninstallKB926239$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933360$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB937143$
$NtUninstallKB937894$
$NtUninstallKB938127$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942763$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950762_0$
$NtUninstallKB951376_0$
$NtUninstallKB951698_0$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
CSC
ftpcache
ie7
inf
Installer
ShellNew
WindowsShell.Manifest
winnt.bmp
winnt256.bmp


PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
logonui.exe.manifest
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
vssver2.scc
WindowsLogon.manifest
wuaucpl.cpl.manifest


PATH: C:\windows\system32\drivers

103C_HP_NTBK_HP Compaq 6515b (RM188UT#ABA)_YN_0U_QCNU7302GK8_EU_46_I30C2_SHP_VKBC Version 71.27_B68YTT Ver. F.05_T070426_WXP2_L409_M2432_J120_7AMD_8Turion 64 X2 Technology TL-60_91.99_#070910_N_(RM188UT#ABA).MRK


PATH: C:\

IO.SYS
MSDOS.SYS
pagefile.sys
RECYCLER
System Volume Information


User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x23590006
ProfileLoadTimeHigh REG_DWORD 0x1cb34a9
RefCount REG_DWORD 0x5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x223ae5d6
ProfileLoadTimeHigh REG_DWORD 0x1cb34a9
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-1659004503-682003330-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 0105000000000005150000002FD5EC6D5766E262828BA628F4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x3a13b0c
ProfileLoadTimeHigh REG_DWORD 0x1cb1479
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-301054588-4197235993-2086927575-1155
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\rreiche
Sid REG_BINARY 0105000000000005150000007CBAF11119BD2CFAD7FC637C83040000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x4782cb24
ProfileLoadTimeHigh REG_DWORD 0x1cb34a9
Guid REG_SZ {3c03dc4d-19a3-455b-bed9-56f526f48fba}
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0x7


Current Scheduled Tasks

PATH: C:\Windows\Tasks

HP Usg Daily.job
wavepadShakeIcon.job
desktop.ini
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 6C6B-EA06

Directory of C:\Windows\System32\Drivers

09/10/2007 09:13 AM 1,632 103C_HP_NTBK_HP Compaq 6515b (RM188UT#ABA)_YN_0U_QCNU7302GK8_EU_46_I30C2_SHP_VKBC Version 71.27_B68YTT Ver. F.05_T070426_WXP2_L409_M2432_J120_7AMD_8Turion 64 X2 Technology TL-60_91.99_#070910_N_(RM188UT#ABA).MRK
1 File(s) 1,632 bytes
0 Dir(s) 86,972,272,640 bytes free
Volume in drive C has no label.
Volume Serial Number is 6C6B-EA06




ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 05, 2010 4:45 pm

Directory of C:\Windows\System32\Drivers

01/29/2001 03:32 PM 39,071 DSSUSB1.SYS
01/30/2001 06:34 PM 25,381 DSSUSBF.sys
01/31/2001 04:54 PM 33,363 DSSUSB.SYS
08/17/2001 08:46 AM 6,400 enum1394.sys
08/17/2001 08:59 AM 3,072 audstub.sys
01/21/2002 01:39 PM 39,635 DSXUSB.sys
11/29/2002 04:54 PM 27,326 DM_1USB.sys
05/05/2004 03:25 AM 23,296 U2S2KXP.sys
07/17/2004 12:35 PM 67,866 netwlan5.img
07/17/2004 12:36 PM 64,352 ativmc20.cod
07/17/2004 11:55 PM 129,045 cxthsfs2.cty
08/03/2004 10:59 PM 57,472 redbook.sys
08/03/2004 11:01 PM 196,864 rdpdr.sys
08/03/2004 11:01 PM 25,856 usbprint.sys
08/03/2004 11:04 PM 12,672 mutohpen.sys
08/03/2004 11:04 PM 13,568 wacompen.sys
08/03/2004 11:07 PM 52,864 DMusic.sys
08/03/2004 11:07 PM 42,752 alim1541.sys
08/03/2004 11:07 PM 42,368 agp440.sys
08/03/2004 11:07 PM 42,240 viaagp.sys
08/03/2004 11:07 PM 43,008 amdagp.sys
08/03/2004 11:07 PM 44,928 agpcpq.sys
08/03/2004 11:07 PM 41,088 sisagp.sys
08/03/2004 11:07 PM 44,672 uagp35.sys
08/03/2004 11:07 PM 46,464 gagp30kx.sys
08/03/2004 11:07 PM 6,400 splitter.sys
08/03/2004 11:08 PM 15,104 hidir.sys
08/03/2004 11:08 PM 40,832 irbus.sys
08/03/2004 11:10 PM 78,464 usbvideo.sys
08/03/2004 11:29 PM 57,856 atinbtxx.sys
08/03/2004 11:29 PM 701,440 ati2mtag.sys
08/03/2004 11:29 PM 327,040 ati2mtaa.sys
08/03/2004 11:29 PM 14,336 atinpdxx.sys
08/03/2004 11:29 PM 12,047 ati1pdxx.sys
08/03/2004 11:29 PM 52,224 atinraxx.sys
08/03/2004 11:29 PM 11,615 ati1mdxx.sys
08/03/2004 11:29 PM 13,824 atinmdxx.sys
08/03/2004 11:29 PM 56,623 ati1btxx.sys
08/03/2004 11:29 PM 63,663 ati1rvxx.sys
08/03/2004 11:29 PM 30,671 ati1raxx.sys
08/03/2004 11:29 PM 34,735 ati1xsxx.sys
08/03/2004 11:29 PM 29,455 ati1xbxx.sys
08/03/2004 11:29 PM 36,463 ati1tuxx.sys
08/03/2004 11:29 PM 104,960 atinrvxx.sys
08/03/2004 11:29 PM 28,672 atinsnxx.sys
08/03/2004 11:29 PM 13,824 atinttxx.sys
08/03/2004 11:29 PM 73,216 atintuxx.sys
08/03/2004 11:29 PM 31,744 atinxbxx.sys
08/03/2004 11:29 PM 63,488 atinxsxx.sys
08/03/2004 11:29 PM 21,343 ati1ttxx.sys
08/03/2004 11:29 PM 26,367 ati1snxx.sys
08/03/2004 11:29 PM 452,736 mtxparhm.sys
08/03/2004 11:29 PM 11,295 wadv08nt.sys
08/03/2004 11:29 PM 11,807 wadv07nt.sys
08/03/2004 11:29 PM 11,871 wadv09nt.sys
08/03/2004 11:29 PM 11,935 wadv11nt.sys
08/03/2004 11:29 PM 25,471 watv10nt.sys
08/03/2004 11:29 PM 22,271 watv06nt.sys
08/03/2004 11:29 PM 166,912 s3gnbm.sys
08/03/2004 11:29 PM 1,897,408 nv4_mini.sys
08/03/2004 11:41 PM 1,309,184 mtlstrm.sys
08/03/2004 11:41 PM 180,360 ntmtlfax.sys
08/03/2004 11:41 PM 13,776 recagent.sys
08/03/2004 11:41 PM 126,686 mtlmnt5.sys
08/03/2004 11:41 PM 129,535 slnt7554.sys
08/03/2004 11:41 PM 404,990 slntamr.sys
08/03/2004 11:41 PM 13,240 slwdmsup.sys
08/03/2004 11:41 PM 95,424 slnthal.sys
08/03/2004 11:41 PM 220,032 hsfbs2s2.sys
08/03/2004 11:41 PM 685,056 hsfcxts2.sys
08/03/2004 11:41 PM 1,041,536 hsfdpsp2.sys
08/03/2004 11:41 PM 11,868 mdmxsdk.sys
08/04/2004 12:56 AM 4,255 adv01nt5.dll
08/04/2004 12:56 AM 3,967 adv02nt5.dll
08/04/2004 12:56 AM 3,615 adv05nt5.dll
08/04/2004 12:56 AM 3,647 adv07nt5.dll
08/04/2004 12:56 AM 3,135 adv08nt5.dll
08/04/2004 12:56 AM 3,711 adv09nt5.dll
08/04/2004 12:56 AM 3,775 adv11nt5.dll
08/04/2004 12:56 AM 15,423 ch7xxnt5.dll
08/04/2004 12:56 AM 21,183 atv01nt5.dll
08/04/2004 12:56 AM 11,359 atv02nt5.dll
08/04/2004 12:56 AM 25,471 atv04nt5.dll
08/04/2004 12:56 AM 14,143 atv06nt5.dll
08/04/2004 12:56 AM 17,279 atv10nt5.dll
08/04/2004 12:56 AM 3,901 siint5.dll
08/04/2004 12:56 AM 11,325 vchnt5.dll
08/04/2004 01:01 AM 40,840 termdd.sys
01/07/2005 05:07 PM 145,920 Hdaudio.sys
01/28/2005 01:44 PM 18,944 wpdusb.sys
07/07/2005 11:55 PM 16,496 HPZipr12.sys
07/07/2005 11:55 PM 51,088 hpzid412.sys
07/07/2005 11:55 PM 21,744 HPZius12.sys
10/20/2005 08:47 PM 30,592 rndismpx.sys
10/20/2005 08:47 PM 30,592 rndismp.sys
10/20/2005 08:47 PM 12,800 usb8023x.sys
10/20/2005 08:47 PM 12,800 usb8023.sys
02/28/2006 07:00 AM 82,944 wdmaud.sys
02/28/2006 07:00 AM 36,352 disk.sys
02/28/2006 07:00 AM 14,208 diskdump.sys
02/28/2006 07:00 AM 20,992 vga.sys
02/28/2006 07:00 AM 58,112 vdmindvd.sys
02/28/2006 07:00 AM 799,744 dmboot.sys
02/28/2006 07:00 AM 153,344 dmio.sys
02/28/2006 07:00 AM 5,888 dmload.sys
02/28/2006 07:00 AM 14,080 battc.sys
02/28/2006 07:00 AM 8,832 wmiacpi.sys
02/28/2006 07:00 AM 60,288 drmk.sys
02/28/2006 07:00 AM 2,944 drmkaud.sys
02/28/2006 07:00 AM 48,640 stream.sys
02/28/2006 07:00 AM 4,224 beep.sys
02/28/2006 07:00 AM 49,536 cdrom.sys
02/28/2006 07:00 AM 54,272 swmidi.sys
02/28/2006 07:00 AM 18,560 tdi.sys
02/28/2006 07:00 AM 63,744 cdfs.sys
02/28/2006 07:00 AM 10,496 dxapi.sys
02/28/2006 07:00 AM 71,040 dxg.sys
02/28/2006 07:00 AM 3,328 dxgthk.sys
02/28/2006 07:00 AM 18,688 cdaudio.sys
02/28/2006 07:00 AM 4,352 wmilib.sys
02/28/2006 07:00 AM 26,496 usbstor.sys
02/28/2006 07:00 AM 143,360 fastfat.sys
02/28/2006 07:00 AM 27,392 fdc.sys
02/28/2006 07:00 AM 34,944 fips.sys
02/28/2006 07:00 AM 20,480 flpydisk.sys
02/28/2006 07:00 AM 124,800 fltMgr.sys
02/28/2006 07:00 AM 12,160 fsvga.sys
02/28/2006 07:00 AM 7,936 fs_rec.sys
02/28/2006 07:00 AM 125,056 ftdisk.sys
02/28/2006 07:00 AM 352,256 atmuni.sys
02/28/2006 07:00 AM 3,440,660 gm.dls
02/28/2006 07:00 AM 646 gmreadme.txt
02/28/2006 07:00 AM 55,936 atmlane.sys
02/28/2006 07:00 AM 36,480 crusoe.sys
02/28/2006 07:00 AM 25,600 hidbth.sys
02/28/2006 07:00 AM 36,224 hidclass.sys
02/28/2006 07:00 AM 31,360 atmepvc.sys
02/28/2006 07:00 AM 24,960 hidparse.sys
02/28/2006 07:00 AM 9,600 hidusb.sys
02/28/2006 07:00 AM 59,904 atmarpc.sys
02/28/2006 07:00 AM 336,256 srv.sys
02/28/2006 07:00 AM 11,776 cpqdap01.sys
02/28/2006 07:00 AM 4,352 swenum.sys
02/28/2006 07:00 AM 9,344 compbatt.sys
02/28/2006 07:00 AM 95,360 atapi.sys
02/28/2006 07:00 AM 14,336 asyncmac.sys
02/28/2006 07:00 AM 72,960 mqac.sys
02/28/2006 07:00 AM 263,040 http.sys
02/28/2006 07:00 AM 52,736 i8042prt.sys
02/28/2006 07:00 AM 17,024 usbohci.sys
02/28/2006 07:00 AM 41,856 imapi.sys
02/28/2006 07:00 AM 36,096 intelppm.sys
02/28/2006 07:00 AM 29,056 ip6fw.sys
02/28/2006 07:00 AM 32,896 ipfltdrv.sys
02/28/2006 07:00 AM 20,992 ipinip.sys
02/28/2006 07:00 AM 134,912 ipnat.sys
02/28/2006 07:00 AM 74,752 ipsec.sys
02/28/2006 07:00 AM 60,800 arp1394.sys
02/28/2006 07:00 AM 11,264 irenum.sys
02/28/2006 07:00 AM 35,840 isapnp.sys
02/28/2006 07:00 AM 24,576 kbdclass.sys
02/28/2006 07:00 AM 14,848 kbdhid.sys
02/28/2006 07:00 AM 171,776 kmixer.sys
02/28/2006 07:00 AM 140,928 ks.sys
02/28/2006 07:00 AM 92,032 ksecdd.sys
02/28/2006 07:00 AM 16,000 usbintel.sys
02/28/2006 07:00 AM 57,600 usbhub.sys
02/28/2006 07:00 AM 7,680 mcd.sys
02/28/2006 07:00 AM 13,952 cbidf2k.sys
02/28/2006 07:00 AM 37,376 amdk7.sys
02/28/2006 07:00 AM 79,744 videoprt.sys
02/28/2006 07:00 AM 4,224 mnmdd.sys
02/28/2006 07:00 AM 30,080 modem.sys
02/28/2006 07:00 AM 23,040 mouclass.sys
02/28/2006 07:00 AM 12,160 mouhid.sys
02/28/2006 07:00 AM 42,240 mountmgr.sys
02/28/2006 07:00 AM 12,040 tdpipe.sys
02/28/2006 07:00 AM 181,248 mrxdav.sys
02/28/2006 07:00 AM 451,456 mrxsmb.sys
02/28/2006 07:00 AM 19,072 msfs.sys
02/28/2006 07:00 AM 35,072 msgpc.sys
02/28/2006 07:00 AM 7,552 mskssrv.sys
02/28/2006 07:00 AM 5,376 mspclock.sys
02/28/2006 07:00 AM 4,992 mspqm.sys
02/28/2006 07:00 AM 15,488 mssmbios.sys
02/28/2006 07:00 AM 36,992 amdk6.sys
02/28/2006 07:00 AM 52,352 volsnap.sys
02/28/2006 07:00 AM 138,496 afd.sys
02/28/2006 07:00 AM 107,904 mup.sys
02/28/2006 07:00 AM 142,464 aec.sys
02/28/2006 07:00 AM 182,912 ndis.sys
02/28/2006 07:00 AM 9,600 ndistapi.sys
02/28/2006 07:00 AM 12,928 ndisuio.sys
02/28/2006 07:00 AM 91,776 ndiswan.sys
02/28/2006 07:00 AM 38,016 ndproxy.sys
02/28/2006 07:00 AM 34,560 netbios.sys
02/28/2006 07:00 AM 162,816 netbt.sys
02/28/2006 07:00 AM 223,616 tcpip6.sys
02/28/2006 07:00 AM 61,824 nic1394.sys
02/28/2006 07:00 AM 12,032 nikedrv.sys
02/28/2006 07:00 AM 40,320 nmnt.sys
02/28/2006 07:00 AM 30,848 npfs.sys
02/28/2006 07:00 AM 574,592 ntfs.sys
02/28/2006 07:00 AM 17,024 bthenum.sys
02/28/2006 07:00 AM 2,944 null.sys
02/28/2006 07:00 AM 38,016 bthmodem.sys
02/28/2006 07:00 AM 12,416 nwlnkflt.sys
02/28/2006 07:00 AM 32,512 nwlnkfwd.sys
02/28/2006 07:00 AM 88,448 nwlnkipx.sys
02/28/2006 07:00 AM 63,232 nwlnknb.sys
02/28/2006 07:00 AM 55,936 nwlnkspx.sys
02/28/2006 07:00 AM 163,584 nwrdr.sys
02/28/2006 07:00 AM 61,056 ohci1394.sys
02/28/2006 07:00 AM 3,456 oprghdlr.sys
02/28/2006 07:00 AM 42,496 p3.sys
02/28/2006 07:00 AM 80,128 parport.sys
02/28/2006 07:00 AM 18,688 partmgr.sys
02/28/2006 07:00 AM 6,784 parvdm.sys
02/28/2006 07:00 AM 68,224 pci.sys
02/28/2006 07:00 AM 3,328 pciide.sys
02/28/2006 07:00 AM 25,088 pciidex.sys
02/28/2006 07:00 AM 119,936 pcmcia.sys
02/28/2006 07:00 AM 145,792 portcls.sys
02/28/2006 07:00 AM 35,328 processr.sys
02/28/2006 07:00 AM 69,120 psched.sys
02/28/2006 07:00 AM 4,736 usbd.sys
02/28/2006 07:00 AM 17,792 ptilink.sys
02/28/2006 07:00 AM 21,896 tdtcp.sys
02/28/2006 07:00 AM 8,832 rasacd.sys
02/28/2006 07:00 AM 51,328 rasl2tp.sys
02/28/2006 07:00 AM 41,472 raspppoe.sys
02/28/2006 07:00 AM 48,384 raspptp.sys
02/28/2006 07:00 AM 16,512 raspti.sys
02/28/2006 07:00 AM 34,432 rawwan.sys
02/28/2006 07:00 AM 176,512 rdbss.sys
02/28/2006 07:00 AM 4,224 rdpcdd.sys
02/28/2006 07:00 AM 100,992 bthpan.sys
02/28/2006 07:00 AM 139,400 rdpwd.sys
02/28/2006 07:00 AM 274,304 bthport.sys
02/28/2006 07:00 AM 34,560 wanarp.sys
02/28/2006 07:00 AM 59,648 rfcomm.sys
02/28/2006 07:00 AM 71,552 bridge.sys
02/28/2006 07:00 AM 51,712 tosdvd.sys
02/28/2006 07:00 AM 12,032 rio8drv.sys
02/28/2006 07:00 AM 12,032 riodrv.sys
02/28/2006 07:00 AM 200,064 RMCast.sys
02/28/2006 07:00 AM 14,080 cmbatt.sys
02/28/2006 07:00 AM 49,664 classpnp.sys
02/28/2006 07:00 AM 5,888 rootmdm.sys
02/28/2006 07:00 AM 31,616 usbccgp.sys
02/28/2006 07:00 AM 18,944 bthusb.sys
02/28/2006 07:00 AM 23,936 usbcamd2.sys
02/28/2006 07:00 AM 23,808 usbcamd.sys
02/28/2006 07:00 AM 63,744 mf.sys
02/28/2006 07:00 AM 262,528 cinemst2.sys
02/28/2006 07:00 AM 96,256 scsiport.sys
02/28/2006 07:00 AM 67,584 sdbus.sys
02/28/2006 07:00 AM 27,440 secdrv.sys
02/28/2006 07:00 AM 15,488 serenum.sys
02/28/2006 07:00 AM 64,896 serial.sys
02/28/2006 07:00 AM 11,136 sffdisk.sys
02/28/2006 07:00 AM 209,408 update.sys
02/28/2006 07:00 AM 10,240 sffp_sd.sys
02/28/2006 07:00 AM 11,392 sfloppy.sys
02/28/2006 07:00 AM 26,624 usbehci.sys
02/28/2006 07:00 AM 35,456 bthprint.sys
02/28/2006 07:00 AM 12,032 ws2ifsl.sys
02/28/2006 07:00 AM 11,648 acpiec.sys
02/28/2006 07:00 AM 187,776 acpi.sys
02/28/2006 07:00 AM 359,040 tcpip.sys
02/28/2006 07:00 AM 6,016 smbali.sys
02/28/2006 07:00 AM 14,592 smclib.sys
02/28/2006 07:00 AM 25,472 sonydcam.sys
02/28/2006 07:00 AM 53,248 1394bus.sys
02/28/2006 07:00 AM 73,472 sr.sys
02/28/2006 07:00 AM 66,176 udfs.sys
02/28/2006 07:00 AM 14,976 tape.sys
02/28/2006 07:00 AM 142,976 usbport.sys
02/28/2006 07:00 AM 12,416 tunmp.sys
02/28/2006 07:00 AM 21,376 tsbvcap.sys
02/28/2006 07:00 AM 60,800 sysaudio.sys
06/28/2006 10:54 AM 9,472 CPQBttn.sys
06/30/2006 04:10 PM 26,752 RimSerial.sys
07/13/2006 10:17 AM 22,528 RimUsb.sys
07/21/2006 11:21 AM 99,176 DRVMCDB.SYS
07/24/2006 12:00 AM 17,920 hpdskflt.sys
07/24/2006 12:00 AM 22,016 Accelerometer.sys
07/24/2006 03:00 AM 2,560 cdralw2k.sys
07/24/2006 03:00 AM 2,432 cdr4_xp.sys
07/24/2006 03:00 AM 36,528 pxhelp20.sys
08/07/2006 08:57 AM 93,952 aeaudio.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
10/09/2006 01:31 PM 44,720 SbAlg.sys
10/19/2006 01:23 AM 33,024 HP24X.sys
11/01/2006 10:14 PM 604,928 BCMWL5.SYS
11/01/2006 11:59 PM 33,664 BCMWLNPF.SYS
11/30/2006 11:24 AM 8,192 eabfiltr.sys
12/15/2006 02:44 PM 160,256 b57xp32.sys
12/18/2006 01:25 PM 3,696 SbHiber.sys
01/02/2007 02:01 PM 1,160,320 AGRSM.sys
01/09/2007 01:50 PM 288,768 ADIHdAud.sys
01/12/2007 11:04 AM 201,856 SynTP.sys
01/23/2007 05:13 PM 36,608 ifxtpm.sys
01/23/2007 06:07 PM 39,080 psd.sys
02/07/2007 11:22 AM 100,495 SafeBoot.sys
02/07/2007 11:23 AM 5,808 rsvlock.sys
02/08/2007 08:05 PM 28,120 DLARTL_M.SYS
02/08/2007 08:05 PM 12,856 DLACDBHM.SYS
02/09/2007 12:34 PM 51,768 DRVNDDM.SYS
02/14/2007 12:20 PM 530,861 btaudio.sys
02/14/2007 12:20 PM 868,298 btkrnl.sys
02/14/2007 12:20 PM 30,459 btport.sys
02/14/2007 12:20 PM 149,123 btwdndis.sys
02/14/2007 12:20 PM 47,907 btwhid.sys
02/14/2007 12:21 PM 67,960 btwusb.sys
02/22/2007 05:26 PM 71,168 swmx02.sys
02/22/2007 06:40 PM 140,680 atswpdrv.sys
09/10/2007 03:41 AM disdn
10/24/2007 06:18 PM UMDF
10/24/2007 06:25 PM 8,413 mcstrm.sys
04/13/2008 11:36 AM 144,384 hdaudbus.sys
04/13/2008 01:40 PM 10,240 sffp_mmc.sys
02/18/2009 12:57 PM 15,280 sbhr.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/25/2010 09:51 AM 145,968 symfw.sys
06/25/2010 09:51 AM 188,080 symtdi.sys
06/25/2010 09:51 AM 1,356 SymRedir.inf
06/25/2010 09:51 AM 12,720 symdns.sys
06/25/2010 09:51 AM 10,537 coh_mon.cat
06/25/2010 09:51 AM 9,892 SymRedir.cat
06/25/2010 09:51 AM 38,448 symndisv.sys
06/25/2010 09:51 AM 35,120 symndis.sys
06/25/2010 09:51 AM 39,856 symids.sys
06/25/2010 09:51 AM 26,416 symredrv.sys
06/25/2010 09:51 AM 23,888 COH_Mon.sys
06/25/2010 09:51 AM 706 COH_Mon.inf
06/25/2010 09:51 AM 7,442 srtspx.cat
06/25/2010 09:51 AM 7,438 srtsp.cat
06/25/2010 09:51 AM 1,415 srtsp.inf
06/25/2010 09:51 AM 283,184 srtsp.sys
06/25/2010 09:51 AM 7,442 srtspl.cat
06/25/2010 09:51 AM 1,430 srtspl.inf
06/25/2010 09:51 AM 320,944 srtspl.sys
06/25/2010 09:51 AM 43,696 srtspx.sys
06/25/2010 09:51 AM 1,421 srtspx.inf
06/25/2010 12:42 PM 124,976 SYMEVENT.SYS
06/25/2010 12:42 PM 806 SYMEVENT.INF
06/25/2010 12:42 PM 7,456 SYMEVENT.CAT
07/19/2010 10:05 AM etc
07/19/2010 10:11 AM .
07/19/2010 10:11 AM ..
348 File(s) 32,955,222 bytes
5 Dir(s) 86,972,256,256 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\rreiche\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RREICHE03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\rreiche
LOGONSERVER=\\STOREFRONT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Pervasive Software\PSQL\bin;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\rreiche\LOCALS~1\Temp
TMP=C:\DOCUME~1\rreiche\LOCALS~1\Temp
USERDNSDOMAIN=GJGrewe.local
USERDOMAIN=GJGREWE
USERNAME=rreiche
USERPROFILE=C:\Documents and Settings\rreiche
windir=C:\WINDOWS


Stealth malware?


Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivDiscUiShown REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x1
CertificateRevocation REG_DWORD 0x0
EnableAutodial REG_BINARY 00000000
GlobalUserOffline REG_DWORD 0x0
SyncMode5 REG_DWORD 0x4
ZonesSecurityUpgrade REG_BINARY 8897714DFFCDCA01
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://www.yahoo.com/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000F303000082010000
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
AutoHide REG_SZ yes
HistoryViewType REG_BINARY 0000
HistoryTopNSitesView REG_DWORD 0x14
ControlTooltipCount REG_DWORD 0x3
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{8dcb7100-df86-4384-8842-8fa844297b3f} REG_BINARY 00

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send to &Bluetooth Device...


Protocol hijack?



Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x1
FirewallOverride REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Microsoft ActiveSync\rapimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager





ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 05, 2010 4:48 pm

Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Autodesk DWF Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlackBerry_{04B8D15D-5A3B-4D18-98B4-DCD014E4A318}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11 Application

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11b Network Adapter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carbonite Setup Lite

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hp deskjet 656c series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{852D5643-A4AE-4681-A2B3-8F53DE60996C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9DADD0B7-E730-4F1F-89FA-19205EEA650D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909394

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932471.T301_380ToU433_380

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932823-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Complete

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Road Reporter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WavePad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0394CDC8-FABD-4ed8-B104-03393876DFDF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04B8D15D-5A3B-4D18-98B4-DCD014E4A318}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08234a0d-cf39-4dca-99f0-0c5cb496da81}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{082702D5-5DD8-4600-BCE5-48B15174687F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D397393-9B50-4c52-84D5-77E344289F87}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0dff3440-a901-11dc-8314-0800200c9a66}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16115E10-502B-4EA0-BD39-4DA329AD89E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CF925D3-1E33-4447-889B-0751D2CF886D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20A1D306-CE83-492A-8525-D6DF50B5944A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2656D0AB-9EA4-4C58-A117-635F3CED8B93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34541C80-0C92-46B9-84CD-6279D648F871}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{377E3D59-C8FB-4E16-B3D1-E1D92D30DA00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3912A629-0020-0005-3131-2FBA74D4DF0A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{429E92A4-159F-4AEC-85A1-D693E1E4274D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{521F72F4-FFE4-4959-AA88-EED06125211F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53648EBC-9298-4F1C-AE90-FCF5C8B1E7B4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-4009-0409-0002-0060B0CE6BBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59F6A514-9813-47A3-948C-8A155460CC2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D97A4A7-C274-4B63-86D9-07A33435F505}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61BEA823-ECAF-49F1-8378-A59B3B8AD247}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66468F4D-BC4E-470C-9093-B3B6A1BB378C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68822C73-7675-4BCB-BF82-0DE329518A08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68e0d9e4-1474-48c9-a191-a32cc6a40027}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69333A04-5134-40A5-A055-9166A7AA1EC8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{713AB069-D22F-4C15-89F0-0FEE92D9AD47}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{718FD58D-9D75-42DE-B625-B4AC3FF36742}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E41B06E-FD17-4518-8C8E-493C251C2C8E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FFCFC7-88C6-41c6-8752-958A45325C82}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84814E6B-2581-46EC-926A-823BD1C670F6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{852D5643-A4AE-4681-A2B3-8F53DE60996C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E35083D-B04F-4823-A260-C07FDD3D40FD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0010-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{432C5EE4-8096-4FF1-95E1-65219365DFF7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{667A88D1-0369-4070-A62A-70672D68A9BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6DE3DABF-0203-426B-B330-7287D1003E86}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7559E742-FF9F-4FAE-B279-008ED296CB4D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CF3D6499-709C-43D0-8908-BC5652656050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D45674C6-9127-4C84-8826-93FBC552DF53}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99052DB7-9592-4522-A558-5417BBAD48EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DADD0B7-E730-4F1F-89FA-19205EEA650D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A87CF139-0B79-4DFB-B3FD-1766F0D5006C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAD766FC-9DD0-4493-8EBF-B9DFA869E401}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE052EF7-2640-48D7-8915-69B810D975CB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB9948B-4FF2-47C9-990E-47014492A0FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D74DEC-9F82-428C-8C30-CCFBCFE45F90}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C66FF4FF-ED16-4461-B3F9-9746926201FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C74D0FA0-1D49-464F-A707-B427EE3385C1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB49B376-1136-44B4-83FA-036334B59937}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0F210C9-64C5-41C6-8882-A111C6C49911}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFE26D3B-2789-4068-A5BB-77E389FAEB98}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F18DB86D-BC16-4E01-BCCE-63F62B931D82}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sansa Updater

Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo REG_SZ http://www.adobe.com/go/flashplayer/
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
REG_SZ
DisplayName REG_SZ Adobe Shockwave Player
UninstallString REG_SZ C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
DisplayVersion REG_SZ 11
Publisher REG_SZ Adobe Systems, Inc.
URLInfoAbout REG_SZ http://www.adobe.com
InstallLocation REG_SZ C:\WINDOWS\system32\Adobe\
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x0
DisplayIcon REG_SZ C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe,0
HelpLink REG_SZ http://www.adobe.com/support/shockwave
URLUpdateInfo REG_SZ http://www.adobe.com/software/shockwaveplayer/index.html


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
OM2_Monitor REG_SZ "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SansaDispatch REG_SZ C:\Documents and Settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
AccelerometerSysTrayApplet REG_SZ C:\WINDOWS\system32\AccelerometerSt.exe
PTHOSTTR REG_SZ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
IFXSPMGT REG_SZ C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
CognizanceTS REG_SZ rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
Broadcom Wireless Manager UI REG_SZ C:\WINDOWS\system32\WLTRAY.exe
PDF Complete REG_SZ "C:\Program Files\PDF Complete\pdfsty.exe"
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Cingular Communication Manager REG_SZ "C:\Program Files\Cingular\Communication Manager\CingularCCM.exe" -a
RoxioDragToDisc REG_SZ "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
WatchDog REG_SZ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
HPHUPD05 REG_SZ C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 REG_SZ C:\WINDOWS\system32\hphmon05.exe
SMSTray REG_SZ C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSN Toolbar REG_SZ "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
Microsoft Default Manager REG_SZ "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
CarboniteSetupLite REG_SZ "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
MaxMenuMgr REG_SZ "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"


Restrictions - Internet Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel


Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48D8C83A-AAA3-4693-93C4-C88793CC9443}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F083B82-3D0C-4491-81D5-A2873D614FBB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51966D49-9569-4315-B6B5-3BE6F4EAC206}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51B9EF1E-F144-4759-8595-F97376B82342}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58782799-53B1-4441-8798-C3A4C70CEA18}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C79B3EB8-5BBD-4CAD-8E23-5DD6FBB84DBC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1F32847-2265-4BCE-9F87-00E43E4F3A5A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2EDD9CC-1339-4D16-8697-2AD5191CE1CD}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FDEAE4AB-1255-4941-B941-A7AB7BF80BCD}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FEF90959-EF2C-4876-8386-3B8C4016ED4D}


Windows IP Configuration



Host Name . . . . . . . . . . . . : rreiche03

Primary Dns Suffix . . . . . . . : GJGrewe.local

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : GJGrewe.local



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter

Physical Address. . . . . . . . . : 00-1A-73-74-65-BF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21a:73ff:fe74:65bf%4

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 213.109.64.53

213.109.73.74

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Thursday, August 05, 2010 9:20:17 AM

Lease Expires . . . . . . . . . . : Friday, August 06, 2010 9:20:17 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

Physical Address. . . . . . . . . : 00-22-64-6F-28-86



Ethernet adapter Bluetooth Network:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-1A-6B-AF-4F-DE



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-00-00-0D

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.0.0.13%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ C:\WINDOWS\system32\APSHook.dll



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE





ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 05, 2010 4:50 pm


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x4d0
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ SbHpNp\0scecli\0\0
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\builder.exe
REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\builder.exe
Path REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccApp.exe
REG_SZ C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PATH REG_SZ C:\Program Files\Common Files\Symantec Shared\;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CEAPPMGR.EXE
REG_SZ C:\Program Files\Microsoft ActiveSync\CEAPPMGR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\system32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x3

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\DOCUME~1\rreiche\Desktop\JACKIE~1\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DictWnd.exe
Path REG_SZ C:\Program Files\Olympus\DSSPlayerPro
REG_SZ C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DrgToDsc.exe
REG_SZ C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
Path REG_SZ C:\Program Files\Roxio\Drag-to-Disc\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\F5U109
Path REG_SZ C:\Program Files\BELKIN\F5U109
REG_SZ C:\Program Files\BELKIN\F5U109\F5U109

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GROOVE.EXE
REG_SZ C:\PROGRA~1\MICROS~3\Office12\GROOVE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HijackThis.exe
REG_SZ C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
Path REG_SZ C:\Program Files\Trend Micro\HijackThis

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ITC.exe
Path REG_SZ C:\Program Files\Road Reporter
REG_SZ C:\Program Files\Road Reporter\ITC.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LUALL.EXE
REG_SZ C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
Path REG_SZ C:\Program Files\Symantec\LiveUpdate

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaCapture9.exe
REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\Media Import 9\MediaCapture9.exe
Path REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\Media Import 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD9.exe
REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9\MyDVD9.exe
Path REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
REG_SZ C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pcc.exe
REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\pcc.exe
Path REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POWERARC.EXE
REG_SZ C:\tools\PowerArchiver\POWERARC.EXE
Path REG_SZ C:\tools\PowerArchiver\POWERARC.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\psawizrd.exe
REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\psawizrd.exe
Path REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\psc.exe
REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\psc.exe
Path REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PSDapp
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\
EventLogging REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rbldgui.exe
REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\rbldgui.exe
Path REG_SZ C:\Program Files\Pervasive Software\PSQL\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rhapsody.exe
Path REG_SZ C:\Program Files\Rhapsody\
REG_SZ C:\Program Files\Rhapsody\rhapsody.exe
Version REG_SZ 4.0.2.355

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RomLauncher.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Dragon\RomLauncher.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Dragon\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central33.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxMediaDB9.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWizardLauncher9.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxWizardLauncher9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smax4.exe
REG_SZ C:\Program Files\Analog Devices\SoundMAX\smax4.exe
Path REG_SZ C:\Program Files\Analog Devices\Core

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smax4pnp.exe
REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
Path REG_SZ C:\Program Files\Analog Devices\Core

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SMaxCore
REG_SZ C:\Program Files\Analog Devices\Core
Path REG_SZ C:\Program Files\Analog Devices\Core

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Smc.exe
REG_SZ C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smwdmif.dll
REG_SZ C:\Program Files\Analog Devices\Core\smwdmif.dll
Path REG_SZ C:\Program Files\Analog Devices\Core

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SoundMAX
Path REG_SZ C:\Program Files\Analog Devices\SoundMAX
REG_SZ C:\Program Files\Analog Devices\SoundMAX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpBackupWz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpMigWz.exe
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpMigWz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpP12Wz.exe
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpP12Wz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpPwdResetWz.exe
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpPwdResetWz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpTPMWz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpTPMWz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SpUserWz.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\
REG_SZ C:\Program Files\Hewlett-Packard\Embedded Security Software\SpUserWz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stax.exe
REG_SZ C:\Program Files\Roxio\Express Labeler 3\stax.exe
Path REG_SZ C:\Program Files\Roxio\Express Labeler 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SYNCMGR.EXE
REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCGProxyFileManager9.exe
REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoCore 9\VCGProxyFileManager9.exe
Path REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoCore 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCU3DcheckApp.exe
REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoCore 9\VCU3DcheckApp.exe
Path REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoCore 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoWave9.exe
REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9\VideoWave9.exe
Path REG_SZ C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCESCOMM.EXE
REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCESMGR.EXE
REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinDVD.exe
Path REG_SZ C:\Program Files\InterVideo\WinDVD
REG_SZ C:\Program Files\InterVideo\WinDVD\WinDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winzip.exe
REG_SZ C:\Program Files\WinZip\winzip32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winzip32.exe
REG_SZ C:\Program Files\WinZip\winzip32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
REG_SZ C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe
Path REG_SZ C:\Program Files\HP\Non Driver CIO Components

Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[You must be registered and logged in to see this link.] REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{27182e60-b5f3-411c-b545-b44205977502} REG_SZ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBoot



SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Downloaded program files (ActiveX)


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{406B5949-7190-4245-91A9-30A17DE16AD0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6F15128C-E66A-490C-B848-5000B5ABEEAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

PATH: C:\windows\Downloaded Program Files

dwusplay.dll
dwusplay.exe
FP_AX_CAB_INSTALLER.exe
HPDEXAXO.dll
HPDEXAXO.inf
IDrop.ocx
IDropENU.dll
isusweb.dll
muweb.inf
setup.inf
SnapfishActivia1000.inf
SnapfishActivia1000.ocx
swflash.inf
wuweb.inf


Mountpoints


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#accounting$

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#aerials

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#plans

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#property

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#shared

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#SKY$

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##occupied#users

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19637ba-9fc8-11df-a29f-001a6baf4fde}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d74426-5f78-11dc-8d59-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d74428-5f78-11dc-8d59-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d74429-5f78-11dc-8d59-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d7442b-5f78-11dc-8d59-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC


Winlogon


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ GJGREWE
DefaultUserName REG_SZ rreiche
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x0
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ rreiche
AltDefaultDomainName REG_SZ GJGREWE
DisableCAD REG_DWORD 0x0
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ GJGREWE
DCacheUpdate REG_BINARY 0221BB68BC34CB01
SyncForegroundPolicy REG_DWORD 0x1
GinaDLL REG_SZ C:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll
ChangePasswordUseKerberos REG_DWORD 0x1
Key REG_BINARY 50230701
LegalNotice Text REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts


Windows Update


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2008-06-16 21:26:24
LastError REG_DWORD 0x0


Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: Symantec Endpoint Protection *Scanner enabled* (Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}


{END OF FILE}



ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Fri Aug 06, 2010 1:27 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Aug 09, 2010 3:20 pm

I haven't ran that yet (didn't have access to the laptop) but my friend noticed that his tethering no longer works with his cell phone. Could what we ran above have changed something? On his phone it says it is connected, on the laptop it says that it connected, but it won't allow us to connect to the internet. He has not done anything else to the laptop except what I have done above...

Thanks.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Mon Aug 09, 2010 7:20 pm

Might have. I will check it out, and report back if I have an idea.

For now, are you able to run the ESET Online Scan?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Aug 09, 2010 7:57 pm

His computer is with him for the day - I'll try it out tomorrow.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Mon Aug 09, 2010 8:28 pm

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Tue Aug 10, 2010 5:03 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16674 (vista_gdr.080415-1732)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e3ad93c0e211304788036ea2f40c9825
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-10 04:11:01
# local_time=2010-08-10 11:11:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1399943 1399943 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95808
# found=0
# cleaned=0
# scan_time=2175

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Tue Aug 10, 2010 7:12 pm

Still redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Aug 18, 2010 6:09 am

Still with us? Please let me know how things are going!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 19, 2010 6:27 pm

Yup - still redirecting. Starting to drive me crazy!

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Thu Aug 19, 2010 7:27 pm

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Aug 23, 2010 6:22 pm

ComboFix 10-08-22.07 - rreiche 08/23/2010 12:05:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1867 [GMT -5:00]
Running from: c:\documents and settings\rreiche\desktop\combo-fix.exe
Command switches used :: /killall
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-19 17:29 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:29 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:29 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:29 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:29 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:29 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:29 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:29 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\program files\Alwil Software
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-19 17:10 . 2010-08-21 17:14 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Temp
2010-08-13 15:40 . 2010-08-13 15:40 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcp71.dll
2010-08-13 15:40 . 2010-08-13 15:40 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\jmc.dll
2010-08-13 15:40 . 2010-08-13 15:40 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcr71.dll
2010-08-13 15:40 . 2010-08-13 15:40 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-sse.dll
2010-08-13 15:40 . 2010-08-13 15:40 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-d3d.dll
2010-08-10 15:28 . 2010-08-10 15:28 -------- d-----w- c:\program files\ESET
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\program files\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Downloaded Installations
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\program files\Carbonite
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\documents and settings\rreiche\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 15:40 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:06 . 2007-09-10 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 14:05 . 2010-07-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-22 20:06 . 2010-07-22 20:06 354744 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-07-22 20:06 . 2010-07-22 20:06 79872 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-07-22 20:06 . 2010-07-22 20:06 574344 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-07-22 20:06 . 2010-07-22 19:41 -------- d-----w- c:\documents and settings\rreiche\Application Data\SanDisk
2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:44 . 2007-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-25 17:42 . 2007-09-10 15:09 -------- d-----w- c:\program files\Symantec
2010-06-25 17:42 . 2010-06-25 17:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:42 . 2010-06-25 17:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 17:42 . 2010-06-25 17:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:42 . 2010-06-25 17:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:19 . 2010-06-25 17:16 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\Microsoft
2010-06-25 17:19 . 2010-06-25 17:19 -------- d-----w- c:\program files\MSN Toolbar
2010-06-25 17:16 . 2007-09-10 14:52 -------- d-----w- c:\program files\Common Files\Java
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-25 17:15 . 2007-09-10 14:52 -------- d-----w- c:\program files\Java
2010-06-25 17:14 . 2007-09-10 15:08 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-25 17:08 . 2010-06-25 17:08 -------- d-----w- c:\documents and settings\rreiche\Application Data\Malwarebytes
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 15:15 . 2010-06-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]
"SansaDispatch"="c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-22 79872]
"Google Update"="c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 12:29 PM 165456]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 12:29 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155Core.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155UA.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-23 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-23 12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?i

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1184)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\capicom.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll

- - - - - - - > 'lsass.exe'(1240)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(2736)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\OLYMPUS\DeviceDetector\DM1Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2010-08-23 12:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-23 17:23
ComboFix2.txt 2010-07-19 15:11
ComboFix3.txt 2010-07-15 15:25

Pre-Run: 86,152,421,376 bytes free
Post-Run: 86,244,847,616 bytes free

- - End Of File - - 0758C2D67036E2A255279B86F7C7EE23

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Aug 25, 2010 9:00 am

Hi

Do you recognize this entry:

TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4

??

The bolded numbers are a specific IP address.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Aug 26, 2010 3:36 pm

No. I don't know any IP addresses around here though.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Thu Aug 26, 2010 8:07 pm

Ok. We will kill it and see what happens. Let me know if your browser is still redirecting after this fix has been run.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Code:
    DDS::
    Trusted Zone: gjgrewe.com\mail
    TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Thu Sep 02, 2010 6:27 pm

Still redirecting

ComboFix 10-08-22.07 - rreiche 09/02/2010 13:20:18.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2431.1658 [GMT -5:00]
Running from: c:\documents and settings\rreiche\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\rreiche\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-19 17:29 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:29 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:29 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:29 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:29 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:29 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:29 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:29 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\program files\Alwil Software
2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-19 17:10 . 2010-08-21 17:14 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Temp
2010-08-13 15:40 . 2010-08-13 15:40 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcp71.dll
2010-08-13 15:40 . 2010-08-13 15:40 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\jmc.dll
2010-08-13 15:40 . 2010-08-13 15:40 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67fa28c3-n\msvcr71.dll
2010-08-13 15:40 . 2010-08-13 15:40 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-sse.dll
2010-08-13 15:40 . 2010-08-13 15:40 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c3475c0-n\decora-d3d.dll
2010-08-10 15:28 . 2010-08-10 15:28 -------- d-----w- c:\program files\ESET
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\program files\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-08-04 13:05 . 2010-08-04 13:05 -------- d-----w- c:\documents and settings\rreiche\Local Settings\Application Data\Downloaded Installations
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\program files\Carbonite
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 13:04 . 2010-08-04 13:04 -------- d-----w- c:\documents and settings\rreiche\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 20:47 . 2007-09-10 14:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:06 . 2007-09-10 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 14:05 . 2010-07-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-22 20:06 . 2010-07-22 20:06 354744 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-07-22 20:06 . 2010-07-22 20:06 79872 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-07-22 20:06 . 2010-07-22 20:06 574344 ----a-w- c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-07-22 20:06 . 2010-07-22 19:41 -------- d-----w- c:\documents and settings\rreiche\Application Data\SanDisk
2010-07-14 18:42 . 2010-07-14 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-25 17:42 . 2010-06-25 17:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:42 . 2010-06-25 17:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:15 . 2010-06-25 17:15 503808 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcp71.dll
2010-06-25 17:15 . 2010-06-25 17:15 499712 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\jmc.dll
2010-06-25 17:15 . 2010-06-25 17:15 348160 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43d36242-n\msvcr71.dll
2010-06-25 17:15 . 2010-06-25 17:15 61440 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-sse.dll
2010-06-25 17:15 . 2010-06-25 17:15 12800 ----a-w- c:\documents and settings\rreiche\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6df14a2f-n\decora-d3d.dll
2010-06-15 19:49 . 2010-06-15 19:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
[7] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll

[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2010-09-02 16:01 . 2010-09-02 16:01 16384 c:\windows\temp\Perflib_Perfdata_8f4.dat
+ 2010-09-02 16:01 . 2010-09-02 16:01 16384 c:\windows\temp\Perflib_Perfdata_824.dat
+ 2006-02-28 12:00 . 2010-09-02 16:05 34550 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2010-07-15 15:03 34550 c:\windows\system32\perfc009.dat
- 2009-01-13 22:34 . 2010-07-14 13:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-13 22:34 . 2010-09-02 16:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-13 22:34 . 2010-07-14 13:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-26 14:31 . 2010-09-02 16:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-23 14:05 . 2010-07-23 14:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut3_3AA20A2C6BEF43A6A3B4F09C5D78D1D4.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 50512 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe
+ 2010-08-04 13:06 . 2010-08-04 13:06 87376 c:\windows\Installer\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}\ARPPRODUCTICON.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-02-28 12:00 . 2010-09-02 16:05 292716 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-07-15 15:03 292716 c:\windows\system32\perfh009.dat
+ 2010-08-19 17:29 . 2010-08-19 17:29 219648 c:\windows\Installer\e8c7d2.msi
+ 2010-08-04 13:05 . 2010-08-04 13:05 331264 c:\windows\Installer\6bc7b.msi
+ 2010-07-23 14:05 . 2010-07-23 14:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-08-04 13:06 . 2010-08-04 13:06 3668992 c:\windows\Installer\6bc80.msi
+ 2010-07-23 14:05 . 2010-07-23 14:05 1544192 c:\windows\Installer\4046f7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 95800]
"SansaDispatch"="c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-22 79872]
"Google Update"="c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1282048]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Cingular Communication Manager"="c:\program files\Cingular\Communication Manager\CingularCCM.exe" [2007-01-12 19968]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 1116920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-25 115560]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2007-9-27 163840]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DeviceDetector\DirectrecConfig.exe [2007-9-27 167936]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-10 184320]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-2-23 92854]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 03:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2/7/2007 11:22 AM 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2/18/2009 12:57 PM 15280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2010 12:29 PM 165456]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 6:07 PM 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2/7/2007 11:23 AM 5808]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2010 12:29 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [3/11/2007 11:46 AM 208896]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/10/2007 9:41 AM 539936]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 12:56 PM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/10/2007 9:22 AM 36608]
R3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2/22/2007 5:26 PM 71168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336]
S2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/25/2010 9:51 AM 23888]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/10/2007 9:24 AM 33024]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\rreiche\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 5:18 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155Core.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301054588-4197235993-2086927575-1155UA.job
- c:\documents and settings\rreiche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 17:09]

2010-08-30 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2008-03-07 04:55]

2010-03-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-25 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: gjgrewe.com\mail
TCP: {5EC5CFAE-C50F-4FB0-87B2-F7570CDAD7AF} = 24.217.0.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-02 13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????H????????@???????@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\rreiche\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?i

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll

- - - - - - - > 'lsass.exe'(1236)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(4748)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-02 13:24:13
ComboFix-quarantined-files.txt 2010-09-02 18:24
ComboFix2.txt 2010-08-23 17:23
ComboFix3.txt 2010-07-19 15:11
ComboFix4.txt 2010-07-15 15:25

Pre-Run: 85,571,850,240 bytes free
Post-Run: 85,609,472,000 bytes free

- - End Of File - - 3078CD3BC37772F0DD1711D8BC16045B

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Sat Sep 04, 2010 4:42 am

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Sep 20, 2010 3:41 pm

2010/09/20 10:38:42.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:42.0656 SystemInfo:
2010/09/20 10:38:42.0656
2010/09/20 10:38:42.0656 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/20 10:38:42.0656 Product type: Workstation
2010/09/20 10:38:42.0656 ComputerName: RREICHE03
2010/09/20 10:38:42.0656 UserName: rreiche
2010/09/20 10:38:42.0656 Windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 System windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 Processor architecture: Intel x86
2010/09/20 10:38:42.0656 Number of processors: 2
2010/09/20 10:38:42.0656 Page size: 0x1000
2010/09/20 10:38:42.0656 Boot type: Normal boot
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:43.0062 Initialize success
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:53.0218 Scan started
2010/09/20 10:38:53.0218 Mode: Manual;
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:54.0656 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/20 10:38:54.0937 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2010/09/20 10:38:55.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/20 10:38:55.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/20 10:38:55.0328 ADIHdAudAddService (1600cb3056c984af1987627128874e39) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/20 10:38:55.0484 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/20 10:38:55.0625 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/09/20 10:38:55.0718 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/09/20 10:38:55.0843 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/20 10:38:56.0593 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/20 10:38:57.0187 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/20 10:38:57.0250 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/20 10:38:57.0375 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/20 10:38:57.0500 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/20 10:38:57.0625 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/20 10:38:57.0703 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/20 10:38:57.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/20 10:38:58.0218 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/20 10:38:58.0453 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2010/09/20 10:38:58.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/20 10:38:58.0765 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/20 10:38:58.0890 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/20 10:38:59.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/20 10:38:59.0203 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/20 10:38:59.0312 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/20 10:38:59.0484 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/20 10:38:59.0625 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/20 10:38:59.0718 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/09/20 10:38:59.0828 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/20 10:39:00.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/20 10:39:00.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/20 10:39:00.0531 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/20 10:39:00.0656 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/20 10:39:01.0031 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/20 10:39:01.0234 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/09/20 10:39:01.0343 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/20 10:39:01.0890 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/20 10:39:02.0031 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/09/20 10:39:02.0093 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/20 10:39:02.0171 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/20 10:39:02.0265 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/09/20 10:39:02.0328 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/20 10:39:02.0421 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/20 10:39:02.0500 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/20 10:39:02.0578 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/09/20 10:39:02.0656 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/20 10:39:02.0750 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/20 10:39:02.0921 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/20 10:39:03.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/20 10:39:03.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/20 10:39:03.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/20 10:39:03.0562 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/20 10:39:03.0687 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/20 10:39:03.0875 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/20 10:39:04.0000 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2010/09/20 10:39:04.0234 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/20 10:39:04.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/20 10:39:04.0546 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/20 10:39:04.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/20 10:39:04.0812 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/20 10:39:04.0906 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/20 10:39:05.0046 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/20 10:39:05.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/20 10:39:05.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/20 10:39:05.0390 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/20 10:39:05.0515 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/09/20 10:39:05.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/20 10:39:05.0765 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/20 10:39:05.0968 HP24X (04ebefe45b300a4edee5a38dc2791291) C:\WINDOWS\system32\DRIVERS\HP24X.sys
2010/09/20 10:39:06.0093 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2010/09/20 10:39:06.0375 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/20 10:39:06.0500 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/20 10:39:06.0609 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/20 10:39:06.0765 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/20 10:39:07.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/20 10:39:07.0437 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/09/20 10:39:07.0609 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/20 10:39:08.0015 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/20 10:39:08.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/20 10:39:08.0250 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/20 10:39:08.0375 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/20 10:39:08.0515 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/20 10:39:08.0609 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/20 10:39:08.0750 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/20 10:39:08.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/20 10:39:09.0093 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/20 10:39:09.0218 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/20 10:39:09.0312 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/20 10:39:09.0781 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/09/20 10:39:09.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/20 10:39:10.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/20 10:39:10.0218 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/20 10:39:10.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/20 10:39:10.0437 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/20 10:39:10.0671 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/20 10:39:10.0828 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/20 10:39:10.0968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/20 10:39:11.0125 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/20 10:39:11.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/20 10:39:11.0375 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/20 10:39:11.0531 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/20 10:39:11.0640 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/20 10:39:11.0859 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVENG.SYS
2010/09/20 10:39:11.0984 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVEX15.SYS
2010/09/20 10:39:12.0140 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/20 10:39:12.0234 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/20 10:39:12.0343 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/20 10:39:12.0437 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/20 10:39:12.0546 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/20 10:39:12.0687 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/20 10:39:12.0828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/20 10:39:13.0093 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/20 10:39:13.0218 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/20 10:39:13.0359 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/20 10:39:13.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/20 10:39:13.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/20 10:39:13.0734 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/20 10:39:13.0875 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/20 10:39:14.0093 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/20 10:39:14.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/20 10:39:14.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/20 10:39:14.0359 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/20 10:39:14.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/20 10:39:14.0703 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/20 10:39:14.0828 PCTINDIS5 (a31c8ce8d17b4ee912479c8a2aba23f7) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/09/20 10:39:15.0765 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\WINDOWS\System32\drivers\psd.sys
2010/09/20 10:39:16.0015 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/20 10:39:16.0140 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/20 10:39:16.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/20 10:39:16.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/20 10:39:16.0500 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/20 10:39:17.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/20 10:39:17.0281 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/20 10:39:17.0453 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/20 10:39:17.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/20 10:39:17.0687 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/20 10:39:17.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/20 10:39:17.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/20 10:39:18.0078 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/20 10:39:18.0203 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/20 10:39:18.0390 RimSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0484 RimUsb (c48ed71f500f07a01aa8ac274e144e93) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/20 10:39:18.0578 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0718 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/20 10:39:18.0953 RsvLock (874ed329b959e7ca77168fd0f1b837e2) C:\WINDOWS\system32\drivers\RsvLock.sys
2010/09/20 10:39:19.0125 SafeBoot (bf2d1bc0649aedbe8caa47d2f89e8d47) C:\WINDOWS\system32\drivers\SafeBoot.sys
2010/09/20 10:39:19.0125 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: bf2d1bc0649aedbe8caa47d2f89e8d47
2010/09/20 10:39:19.0171 SafeBoot - detected Locked file (1)
2010/09/20 10:39:19.0234 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
2010/09/20 10:39:19.0359 SBHR (6b91a8fb259db9b9f50e964b4f425296) C:\WINDOWS\system32\drivers\sbhr.sys
2010/09/20 10:39:19.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/20 10:39:19.0796 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/20 10:39:19.0921 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/20 10:39:20.0109 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/20 10:39:20.0671 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/20 10:39:20.0796 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/20 10:39:20.0921 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/20 10:39:21.0046 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/09/20 10:39:21.0203 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/09/20 10:39:21.0375 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/09/20 10:39:21.0515 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/20 10:39:21.0718 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/20 10:39:21.0953 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/20 10:39:22.0109 swmx02 (5753f4def80535e8d8ba753a18cb6a20) C:\WINDOWS\system32\DRIVERS\swmx02.sys
2010/09/20 10:39:22.0484 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/20 10:39:22.0593 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/20 10:39:22.0671 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/20 10:39:23.0015 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/20 10:39:23.0156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/20 10:39:23.0328 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/20 10:39:23.0453 Tcpip6 (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/20 10:39:23.0593 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/20 10:39:23.0718 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/20 10:39:23.0828 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/20 10:39:24.0156 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/20 10:39:24.0281 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
2010/09/20 10:39:24.0453 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/20 10:39:24.0703 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/20 10:39:24.0890 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/20 10:39:25.0015 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/20 10:39:25.0109 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/20 10:39:25.0218 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/20 10:39:25.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/20 10:39:25.0453 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/20 10:39:25.0578 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/20 10:39:25.0750 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/20 10:39:25.0984 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/20 10:39:26.0140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/20 10:39:26.0343 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/20 10:39:26.0750 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/20 10:39:26.0953 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/20 10:39:27.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/20 10:39:27.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0906 Scan finished
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0984 Detected object count: 1
2010/09/20 10:40:16.0328 Locked file(SafeBoot) - User select action: Skip

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Mon Sep 20, 2010 3:45 pm

Still redirecting as well.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Tue Sep 21, 2010 9:01 am

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Tue Sep 21, 2010 3:39 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : rreiche03

Primary Dns Suffix . . . . . . . : GJGrewe.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : GJGrewe.local

GJGrewe.local



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter

Physical Address. . . . . . . . . : 00-1A-73-74-65-BF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.15

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21a:73ff:fe74:65bf%4

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 213.109.64.53

213.109.73.74

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 8:49:18 AM

Lease Expires . . . . . . . . . . : Wednesday, September 22, 2010 8:49:18 AM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

Physical Address. . . . . . . . . : 00-22-64-6F-28-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.35.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::222:64ff:fe6f:2886%5

Default Gateway . . . . . . . . . : 10.1.35.254

DHCP Server . . . . . . . . . . . : 10.1.35.1

DNS Servers . . . . . . . . . . . : 24.217.0.4

fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

Primary WINS Server . . . . . . . : 10.1.35.1

Secondary WINS Server . . . . . . : 10.1.35.2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 9:52:52 AM

Lease Expires . . . . . . . . . . : Wednesday, September 29, 2010 9:52:52 AM



Ethernet adapter Bluetooth Network:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-1A-6B-AF-4F-DE



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-01-23-65

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.1.35.101%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-00-00-0F

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.0.0.15%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging facebook.com [69.63.189.11] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 69.63.189.11:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Tue Sep 21, 2010 7:44 pm

Your router has been hacked by a malware author...aka hacker.

It has placed illegitimate DNS addresses in to the DNS servers boxes, making websites you go to check with these fake addresses first.

If the hacker chooses to do so, you will be redirected. I have to conclude that your router configuration has been hacked.

Routers can be hacked from inside the network, which means if there is malware on your computer, it can trace itself back to your router, log in to your router, and change settings.

These IP addresses:
-Static DNS 1: 213.109.64.7
-Static DNS 2: 213.109.72.139

are Russian IP addresses from a company called ProLite LTD. They have been the core issue of hacked routers on the Internet for a few months now.

What we need to do is a 30/30/30 reset for the router. It is a type of reset that will return it to firmware defaults....in other words...remove the malicious code from it and restores its original configuration.

You will need a paper clip, or something as small as a paper clip head (like a safety pin or needle).


While doing this, it may be appropriate to have someone help you, or be near the plug in for the router.

On the back of the router, there will be a reset button...use the pin/needle to hold down the reset button for 30 seconds...while you have the button held down unplug the router from the outlet...continue holding reset button for 30 seconds...plug the router back in and continue holding reset button for 30 more seconds. After that, release the reset button.

You router should recognize most types of configuration and you should be able to use it right away.

Re-set up your router as you did when you first got it. I know it is a time-based task, however, to defeat this infection, the router needs to be fully reset.

If you have done this all successfully, let me know. Test out the Internet and tell me of any redirects.

If you have any issues reconnecting the router, or getting it to work on your network, then do the following:

unplug the (usually yellow) Internet cable that is run from the modem to the router, and plug that cable directly in to your computer. You should be able to access the Internet from that temporarily so you can communicate with me.

Let me know how you got through all of this.

So far, from other hacked routers, they have been successfully reset, and the infection disappeared.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Tue Sep 21, 2010 8:22 pm

If I'm reading this correctly, I'm not sure that this makes sense. He can be home, on the road or at work and this happens. Isn't a router stationary? I *think* it is when he is using wi-fi but I will need to double check with him to see if it happens when logged in to his own private account at home as well.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Sep 22, 2010 9:03 pm

Your computer should not have redirects while away from your normal location. But, in your normal location, the router is causing issues. By resetting the router, and throwing it back to its defaults, you can rid the infection.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by ltlfroggie on Wed Sep 22, 2010 9:13 pm

I asked him today and he can be at home on his personal account, he can be at Starbucks, he can be tethered to his phone, he can be at work and using local wi-fi. The only time it does not happen (and I have confirmed this in as many of those places as possible) is when it is plugged in to the network cable at work.

so do I reset the home router?

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26885
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo browser redirecting

Post by Dr Jay on Wed Sep 22, 2010 9:43 pm

Try that first, then we will search for more malware on the system.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum