kao_ord
2007-11-03, 22:40
Hi
ran Spybot S&D multiple times virtumonde keeps coming back. help! I had tried to download combofix from other threads. didn't seem to help.
log from last scan. pls let me know if you need more.
--- Process list ---
PID: 0 ( 0) [System]
PID: 792 ( 4) \SystemRoot\System32\smss.exe
PID: 856 ( 792) \??\C:\WINDOWS\system32\csrss.exe
PID: 880 ( 792) \??\C:\WINDOWS\system32\winlogon.exe
PID: 924 ( 880) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 936 ( 880) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1096 ( 924) C:\Program Files\SafeBoot\SBMGRNT.EXE
size: 49212
MD5: 63C86F5ABDC2482D74804B0E7AA089ED
PID: 1244 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1312 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1456 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1592 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1688 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1892 ( 924) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 177776
MD5: C70B0215DE5CFC5681D536506EDB42DD
PID: 1996 ( 924) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 185968
MD5: C8E9F9C289EEF55B97EE2C1D245B1AF3
PID: 684 ( 924) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 574808
MD5: 377F0FE06DCD6BB3669F3E0FC4DF2511
PID: 1124 ( 924) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1184 ( 924) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 1824 ( 924) C:\PROGRA~1\CA\SHARED~1\CAM\bin\cam.exe
size: 147456
MD5: BB12F5FD9C35AF5969C19E6C9D4075C9
PID: 1864 (1564) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1944 ( 924) C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
size: 90480
MD5: 8F4CA6B9A94002FE3A1348164CC45B74
PID: 1936 ( 924) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
size: 1409048
MD5: 865148FB7C6BC7C083CF642D3959BF69
PID: 2036 ( 924) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 20208
MD5: 1BCFDAFF0E5CA8EFA32295C94BC864E9
PID: 128 ( 924) c:\Program Files\ENDFORCE\AgentAPI.exe
size: 2490368
MD5: A4C2067EA45E9EDA6D53A4450EEDA29F
PID: 220 ( 924) C:\WINDOWS\LogWatNT.exe
size: 49152
MD5: 41A74D6CAC31F76C77555B6C44516DB5
PID: 232 ( 924) C:\WINDOWS\System32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 252 ( 924) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 476 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 784 ( 924) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1756912
MD5: 85ECC034B4DEC0B3640C2D72509C03BE
PID: 1488 ( 924) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1632 ( 924) C:\WINDOWS\System32\WLTRYSVC.EXE
size: 18944
MD5: 8E12ADCD26A2AC8006E52B74463E9DD1
PID: 1648 (1632) C:\WINDOWS\System32\bcmwltry.exe
size: 1200128
MD5: 3118A7345A5C28E8D5C6BE7A90AEA0A6
PID: 1660 ( 924) C:\WINDOWS\UMCSTUB.EXE
size: 136704
MD5: 1C613B3D9B87BD53A95BC62905FE8D76
PID: 2072 ( 924) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 96341
MD5: 5753532C476B83119D85AA43B1B10AB3
PID: 2100 ( 924) c:\Program Files\CA\DSM\bin\caf.exe
size: 194064
MD5: F982A41001B7A4390890F34AD340100D
PID: 2400 (2100) c:\Program Files\CA\DSM\Bin\cfsmsmd.exe
size: 32784
MD5: 86FA6153202ED6D03465BB33529FBC63
PID: 3980 ( 924) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2792 (2100) c:\Program Files\CA\DSM\Bin\ccnfagent.exe
size: 226832
MD5: FDF29E9983A76190455D039F63CE6547
PID: 2964 (2100) c:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
size: 206352
MD5: 590BD9C8537E08913AF01C67D6865059
PID: 3008 (2100) c:\Program Files\CA\DSM\Bin\ccsmagtd.exe
size: 31232
MD5: F0CA742B2E20B3EB181A4BE8FA87977D
PID: 3284 (2100) c:\Program Files\CA\DSM\Bin\amswmagt.exe
size: 153104
MD5: A361DD68AE852B2763B0CC143A8E73AB
PID: 3480 (2100) c:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
size: 32272
MD5: D4C5A1B6B44A0EEF9211427F6E42ECE4
PID: 3636 (2100) c:\Program Files\CA\DSM\Bin\cfftplugin.exe
size: 62992
MD5: 01AD20DB50B9C62A46BCE094D13F3BEA
PID: 1868 (1864) C:\WINDOWS\System32\hkcmd.exe
size: 77824
MD5: 19D63CF10330B51FD42ABB1D4D39D0C4
PID: 456 (1864) C:\WINDOWS\System32\igfxpers.exe
size: 118784
MD5: 697963452107C59BE69A67BEE54E3EAC
PID: 2192 (1244) C:\WINDOWS\System32\igfxsrvc.exe
size: 159744
MD5: 93084839F7517112829F2A26F486E8CF
PID: 2208 (1864) C:\WINDOWS\System32\WLTRAY.exe
size: 1347584
MD5: 234C29A211817B5C69C2E4C4C4F71750
PID: 1800 (1864) C:\WINDOWS\stsystra.exe
size: 397312
MD5: 931E5E560D5F7BD2A22C8D32C24FE8F3
PID: 2488 (1864) C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325
PID: 2772 (1864) C:\Program Files\ENDFORCE\AgntTray.exe
size: 1626112
MD5: 326802CD647BCBE0C41B6423129434C7
PID: 2816 (1864) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 49152
MD5: FDD5D54D4EACCE42B260225863F9A0F0
PID: 2828 (1864) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
PID: 2876 (2824) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 4C737FE32049AF0547827C3EB49AC3C0
PID: 2976 (2488) C:\Program Files\Apoint\HidFind.exe
size: 45056
MD5: DFCB0A7BCBC97922F2EE24FE11318C6C
PID: 3208 (1864) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
PID: 3184 (1864) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 57344
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C
PID: 3236 (1244) C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
size: 65536
MD5: E508B0095D4871A6DB4AB32B878501EE
PID: 3256 (1864) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: 78FF388FD58CE0BAE1F7C9670F5473C1
PID: 3560 (1864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 48752
MD5: C9AB8AB4576EFD3B26A2D108B7F6AC01
PID: 3700 (1864) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 85744
MD5: 0C66A89163A726B6DA0548D65E990363
PID: 3832 (1864) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1207080
MD5: 9F7129FFFF7BB008FEA0C11745F16553
PID: 2252 (1244) C:\PROGRA~1\MICROS~3\rapimgr.exe
size: 187176
MD5: 9FE1E108E1BFCB789294CAC1D85A743B
PID: 3500 (1864) C:\Program Files\Intellisync Mobile Suite\Client\ClientShell.exe
size: 317032
MD5: 45B2669D5B8AAA99D99747AB0B835D6F
PID: 3312 (2836) C:\WINDOWS\system32\notepad.exe
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 1972 (1864) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3912 (1972) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/03/2007 4:34:02 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://med.home.ge.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://healthcare.home.ge.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
ran Spybot S&D multiple times virtumonde keeps coming back. help! I had tried to download combofix from other threads. didn't seem to help.
log from last scan. pls let me know if you need more.
--- Process list ---
PID: 0 ( 0) [System]
PID: 792 ( 4) \SystemRoot\System32\smss.exe
PID: 856 ( 792) \??\C:\WINDOWS\system32\csrss.exe
PID: 880 ( 792) \??\C:\WINDOWS\system32\winlogon.exe
PID: 924 ( 880) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 936 ( 880) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1096 ( 924) C:\Program Files\SafeBoot\SBMGRNT.EXE
size: 49212
MD5: 63C86F5ABDC2482D74804B0E7AA089ED
PID: 1244 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1312 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1456 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1592 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1688 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1892 ( 924) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 177776
MD5: C70B0215DE5CFC5681D536506EDB42DD
PID: 1996 ( 924) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 185968
MD5: C8E9F9C289EEF55B97EE2C1D245B1AF3
PID: 684 ( 924) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 574808
MD5: 377F0FE06DCD6BB3669F3E0FC4DF2511
PID: 1124 ( 924) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1184 ( 924) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 1824 ( 924) C:\PROGRA~1\CA\SHARED~1\CAM\bin\cam.exe
size: 147456
MD5: BB12F5FD9C35AF5969C19E6C9D4075C9
PID: 1864 (1564) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1944 ( 924) C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
size: 90480
MD5: 8F4CA6B9A94002FE3A1348164CC45B74
PID: 1936 ( 924) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
size: 1409048
MD5: 865148FB7C6BC7C083CF642D3959BF69
PID: 2036 ( 924) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 20208
MD5: 1BCFDAFF0E5CA8EFA32295C94BC864E9
PID: 128 ( 924) c:\Program Files\ENDFORCE\AgentAPI.exe
size: 2490368
MD5: A4C2067EA45E9EDA6D53A4450EEDA29F
PID: 220 ( 924) C:\WINDOWS\LogWatNT.exe
size: 49152
MD5: 41A74D6CAC31F76C77555B6C44516DB5
PID: 232 ( 924) C:\WINDOWS\System32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 252 ( 924) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 476 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 784 ( 924) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1756912
MD5: 85ECC034B4DEC0B3640C2D72509C03BE
PID: 1488 ( 924) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1632 ( 924) C:\WINDOWS\System32\WLTRYSVC.EXE
size: 18944
MD5: 8E12ADCD26A2AC8006E52B74463E9DD1
PID: 1648 (1632) C:\WINDOWS\System32\bcmwltry.exe
size: 1200128
MD5: 3118A7345A5C28E8D5C6BE7A90AEA0A6
PID: 1660 ( 924) C:\WINDOWS\UMCSTUB.EXE
size: 136704
MD5: 1C613B3D9B87BD53A95BC62905FE8D76
PID: 2072 ( 924) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 96341
MD5: 5753532C476B83119D85AA43B1B10AB3
PID: 2100 ( 924) c:\Program Files\CA\DSM\bin\caf.exe
size: 194064
MD5: F982A41001B7A4390890F34AD340100D
PID: 2400 (2100) c:\Program Files\CA\DSM\Bin\cfsmsmd.exe
size: 32784
MD5: 86FA6153202ED6D03465BB33529FBC63
PID: 3980 ( 924) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2792 (2100) c:\Program Files\CA\DSM\Bin\ccnfagent.exe
size: 226832
MD5: FDF29E9983A76190455D039F63CE6547
PID: 2964 (2100) c:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
size: 206352
MD5: 590BD9C8537E08913AF01C67D6865059
PID: 3008 (2100) c:\Program Files\CA\DSM\Bin\ccsmagtd.exe
size: 31232
MD5: F0CA742B2E20B3EB181A4BE8FA87977D
PID: 3284 (2100) c:\Program Files\CA\DSM\Bin\amswmagt.exe
size: 153104
MD5: A361DD68AE852B2763B0CC143A8E73AB
PID: 3480 (2100) c:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
size: 32272
MD5: D4C5A1B6B44A0EEF9211427F6E42ECE4
PID: 3636 (2100) c:\Program Files\CA\DSM\Bin\cfftplugin.exe
size: 62992
MD5: 01AD20DB50B9C62A46BCE094D13F3BEA
PID: 1868 (1864) C:\WINDOWS\System32\hkcmd.exe
size: 77824
MD5: 19D63CF10330B51FD42ABB1D4D39D0C4
PID: 456 (1864) C:\WINDOWS\System32\igfxpers.exe
size: 118784
MD5: 697963452107C59BE69A67BEE54E3EAC
PID: 2192 (1244) C:\WINDOWS\System32\igfxsrvc.exe
size: 159744
MD5: 93084839F7517112829F2A26F486E8CF
PID: 2208 (1864) C:\WINDOWS\System32\WLTRAY.exe
size: 1347584
MD5: 234C29A211817B5C69C2E4C4C4F71750
PID: 1800 (1864) C:\WINDOWS\stsystra.exe
size: 397312
MD5: 931E5E560D5F7BD2A22C8D32C24FE8F3
PID: 2488 (1864) C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325
PID: 2772 (1864) C:\Program Files\ENDFORCE\AgntTray.exe
size: 1626112
MD5: 326802CD647BCBE0C41B6423129434C7
PID: 2816 (1864) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 49152
MD5: FDD5D54D4EACCE42B260225863F9A0F0
PID: 2828 (1864) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
PID: 2876 (2824) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 4C737FE32049AF0547827C3EB49AC3C0
PID: 2976 (2488) C:\Program Files\Apoint\HidFind.exe
size: 45056
MD5: DFCB0A7BCBC97922F2EE24FE11318C6C
PID: 3208 (1864) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
PID: 3184 (1864) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 57344
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C
PID: 3236 (1244) C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
size: 65536
MD5: E508B0095D4871A6DB4AB32B878501EE
PID: 3256 (1864) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: 78FF388FD58CE0BAE1F7C9670F5473C1
PID: 3560 (1864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 48752
MD5: C9AB8AB4576EFD3B26A2D108B7F6AC01
PID: 3700 (1864) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 85744
MD5: 0C66A89163A726B6DA0548D65E990363
PID: 3832 (1864) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1207080
MD5: 9F7129FFFF7BB008FEA0C11745F16553
PID: 2252 (1244) C:\PROGRA~1\MICROS~3\rapimgr.exe
size: 187176
MD5: 9FE1E108E1BFCB789294CAC1D85A743B
PID: 3500 (1864) C:\Program Files\Intellisync Mobile Suite\Client\ClientShell.exe
size: 317032
MD5: 45B2669D5B8AAA99D99747AB0B835D6F
PID: 3312 (2836) C:\WINDOWS\system32\notepad.exe
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 1972 (1864) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3912 (1972) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/03/2007 4:34:02 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://med.home.ge.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://healthcare.home.ge.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm