Thread: Corrupt Norton, almost all webpages are redirected to microsoft.com
View Single Post
Old 10-02-2006, 10:24 AM   #21 (permalink)
randomrandom
Registered User
 
Join Date: Sep 2006
Posts: 31
OS: XP home edition


spybot is a problem child
Spybot would pop up each time i ran this scan asking "do you want to allow this registry change" and after i accepted the changes, combofix would close. I did that the first time today, but then i reran combofix with spybot disabled and it gave me this log....

********************************************************
Combofix
********************************************************
User1 - 06-10-02 9:21:35.76 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\User1\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-01 to 2006-10-01 ))))))))))))))))))))))))))))))))))


2006-09-27 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-27 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-27 22:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-27 21:54 13 --a------ C:\dumwnmifc.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.sys
2006-09-27 21:54 13 --a------ C:\dumwnmicf.dll
2006-09-25 14:47 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-25 14:47 7,483 --a------ C:\clean.bat
2006-09-25 14:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-25 14:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-25 14:47 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-23 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-23 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-23 13:41 38,912 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-09-23 13:41 10,752 --a------ C:\WINDOWS\system32\wpdtrace.dll
2006-09-23 13:09 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-23 13:09 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-23 13:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-23 13:09 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-23 13:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-23 13:09 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-23 13:09 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-23 13:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-23 13:09 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-23 13:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-23 13:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-23 13:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-23 13:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-23 13:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-23 13:09 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-23 13:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-23 13:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-23 13:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-23 13:09 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-23 13:09 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-23 13:09 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-23 13:09 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-23 13:09 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-23 13:09 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-23 13:09 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-23 13:09 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-23 13:08 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-23 13:08 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-23 13:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-23 13:08 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-23 13:08 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-23 13:08 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-23 13:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-23 13:08 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-23 13:08 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-23 13:08 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-23 13:08 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-23 13:08 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-23 13:08 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-23 13:08 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-23 13:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-23 13:08 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-23 13:08 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 13:08 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-23 13:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-23 13:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-23 13:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-23 13:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-23 13:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-23 13:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-23 13:07 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-23 13:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-23 13:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 13:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-23 13:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-23 13:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-23 13:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-23 13:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-23 13:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 13:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-23 13:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-23 13:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-23 13:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-23 13:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-23 13:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-23 13:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-23 13:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-23 13:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-23 13:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 13:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-23 13:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-23 12:12 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-23 12:11 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-21 17:28 182,784 --ah----- C:\WINDOWS\system32\dxmamcia.dll
2006-09-21 17:08 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-09-21 17:08 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-09-21 17:08 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-09-21 17:08 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-09-21 17:08 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-09-21 17:08 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-09-21 17:08 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-09-21 17:08 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2006-09-21 17:08 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-09-21 17:08 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-09-21 17:08 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-09-21 17:08 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-09-21 17:08 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-09-21 17:08 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-09-21 17:08 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-09-21 17:08 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-09-21 17:08 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-09-21 17:08 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-09-21 17:08 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-09-21 17:08 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-09-21 17:08 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-09-21 17:08 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-09-21 17:05 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2006-09-21 17:05 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2006-09-21 17:05 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-21 17:05 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-21 17:05 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-21 17:05 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-21 17:05 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-17 18:01 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2006-09-17 18:01 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-17 18:01 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-17 18:01 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-17 18:01 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-17 18:01 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-17 18:01 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-17 18:01 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-02 00:09 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-01 23:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-01 12:43 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-01 00:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-01 00:44 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2006-10-01 00:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 23:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 22:29 -------- d-------- C:\Program Files\CleanUp!
2006-09-27 21:55 -------- d-------- C:\Program Files\HaxFix
2006-09-27 15:50 -------- d-------- C:\Documents and Settings\User1\Application Data\DMCache
2006-09-26 19:25 -------- d-------- C:\Program Files\RegistryFix
2006-09-25 20:18 -------- d-------- C:\Program Files\Unlocker
2006-09-25 18:27 -------- d-------- C:\Documents and Settings\User1\Application Data\AVG7
2006-09-25 18:26 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-25 18:25 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-25 18:25 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-25 18:25 -------- d-------- C:\Program Files\Grisoft
2006-09-25 18:14 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 18:14 -------- d-------- C:\Documents and Settings\User1\Application Data\Symantec
2006-09-25 18:13 -------- d-------- C:\Program Files\Symantec
2006-09-25 18:12 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-24 23:00 -------- d-------- C:\Documents and Settings\User1\Application Data\Mozilla
2006-09-24 13:04 8329 --a------ C:\Documents and Settings\User1\Application Data\.googlewebacchosts
2006-09-24 09:07 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 21:53 -------- d-------- C:\Program Files\Pinnacle
2006-09-23 13:09 -------- d-------- C:\Program Files\Outlook Express
2006-09-23 13:09 -------- d-------- C:\Program Files\NetMeeting
2006-09-23 13:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-23 13:08 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 17:07 -------- d-------- C:\Program Files\SmartSound Software
2006-09-21 17:04 -------- d-------- C:\Program Files\Trillian
2006-09-18 16:28 -------- d-------- C:\Program Files\Internet Download Manager
2006-09-18 16:28 -------- d-------- C:\Documents and Settings\User1\Application Data\IDM
2006-09-17 21:11 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-17 18:11 -------- d-------- C:\Program Files\GTA-SanAndreas
2006-09-16 23:24 -------- d-------- C:\Documents and Settings\User1\Application Data\Sun
2006-09-16 10:07 -------- d-------- C:\Documents and Settings\User1\Application Data\Google
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 14:44 -------- d-------- C:\Program Files\Winamp
2006-09-10 19:43 -------- d-------- C:\Documents and Settings\User1\Application Data\AdobeUM
2006-09-10 18:24 -------- d---s---- C:\Documents and Settings\User1\Application Data\Microsoft
2006-09-10 10:34 -------- d-------- C:\Program Files\Java
2006-09-07 22:32 -------- d-------- C:\Program Files\Save Flash
2006-08-29 01:28 140984 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-08-24 20:40 -------- d-------- C:\Program Files\GeoVid
2006-08-22 18:32 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-22 18:32 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-08-22 18:25 -------- d-------- C:\Program Files\mobile PhoneTools
2006-08-22 18:05 -------- d-------- C:\Program Files\LiveUpdate
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins001.exe
2006-08-22 00:22 72748 --a------ C:\WINDOWS\unins000.exe
2006-08-22 00:22 -------- d-------- C:\Program Files\Temp
2006-08-22 00:22 -------- d-------- C:\Program Files\Anark
2006-08-21 23:49 -------- d-------- C:\Program Files\OceanDive
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:44 -------- d-------- C:\Program Files\SereneScreen
2006-08-19 11:23 -------- d-------- C:\Documents and Settings\User1\Application Data\RipIt4Me
2006-08-19 09:43 -------- d-------- C:\Program Files\PgcEdit
2006-08-18 15:30 -------- d-------- C:\Documents and Settings\User1\Application Data\Adobe
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-08-03 20:59 48 ---hs---- C:\Documents and Settings\User1\Application Data\.zreglib
2006-08-03 20:54 -------- d-------- C:\Program Files\Rip it 4 Me
2006-08-02 11:41 -------- d-------- C:\Program Files\BitComet


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IS CfgWiz"="\"C:\\Program Files\\Norton Internet Security\\cfgwiz.exe\" /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dxmamcia
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wnmicf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys

Completion time: 06-10-02 9:21:45.90
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
randomrandom is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here