Malware [Archive] - Safer-Networking Forums

View Full Version : Malware

Demonicslaya

2009-07-18, 08:20

System Security strikes again.

So yeah I have already Downloaded HJT, ERUNT, MBAM, RSIT, GMER, Spybot S&D, and Combo Fix.

I have already backed up my registry with ERUNT and ran MBAM, HJT, RSIT, Spybot, and Combo. I have Combo log, HJT log, and RSIT log.

ComboFix 09-07-14.08 - William 07/18/2009 1:36.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1041 [GMT -4:00]
Running from: c:\documents and settings\William\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 13:26 . 2008-09-02 02:17 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-05-06 16:42 . 2006-12-05 19:34 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-17 1948440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-05-05 12:27 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-17 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BounceBack Launcher.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nostromo Loadout Manager.lnk]
backup=c:\windows\pss\Nostromo Loadout Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^Last.fm Helper.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SmcService"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"iPod Service"=3 (0x3)
"WMP54Gv4SVC"=2 (0x2)
"WMP54GSSVC"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"LBTServ"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ForcewareWebInterface"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys [x]
R3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\DRIVERS\Alpham.sys [2005-12-04 34944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-17 327688]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-17 108552]
S1 Fadpu16E;Fadpu16E;c:\windows\System32\Drivers\Fadpu16E.sys [2006-04-14 43008]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-17 298776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2007-08-14 34304]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 23040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IP6FW
.
- - - - ORPHANS REMOVED - - - -

BHO-{581439C4-9ABC-4878-A370-07A528EE792B} - c:\windows\system32\jkkKbBTl.dll
BHO-{5f6daa33-0cb0-4efd-b9ea-94e44c9894fb} - c:\windows\system32\diwupesa.dll
BHO-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\geBqPGAS.dll
BHO-{9A5C36CE-FF2C-43F0-BDA3-74B0A801B117} - (no file)
HKLM-Run-3c6ba3dc - c:\windows\system32\lapomefe.dll
HKLM-Run-CPM3f589040 - c:\windows\system32\wevozobo.dll
HKLM-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\geBqPGAS.dll
Notify-geBqPGAS - geBqPGAS.dll
MSConfigStartUp-slide - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\docume~1\William\APPLIC~1\Mozilla\Firefox\Profiles\i3y5ibvn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 01:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
geyekrlnoemruw.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrlnoemruw.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
.
Completion time: 2009-07-18 1:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 05:51

Pre-Run: 42,232,393,728 bytes free
Post-Run: 43,307,094,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /noguiboot

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
268 --- E O F --- 2008-03-11 21:47

Demonicslaya

2009-07-18, 08:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:08 AM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/stg_drm.ocx
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 7320 bytes

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )

Demonicslaya

2009-07-19, 03:19

Logfile of random's system information tool 1.06 (written by random/random)
Run by William at 2009-07-18 01:04:35
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 40 GB (21%) free of 194 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:32 AM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\William\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\William.exe
C:\WINDOWS\system32\cmd.execf
C:\32788R22FWJFW\NirCmd.cfexe
C:\Documents and Settings\William\Desktop\explorer.exe.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {581439C4-9ABC-4878-A370-07A528EE792B} - C:\WINDOWS\system32\jkkKbBTl.dll (file missing)
O2 - BHO: (no name) - {5f6daa33-0cb0-4efd-b9ea-94e44c9894fb} - C:\WINDOWS\system32\diwupesa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - C:\WINDOWS\system32\geBqPGAS.dll (file missing)
O2 - BHO: (no name) - {9A5C36CE-FF2C-43F0-BDA3-74B0A801B117} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [3c6ba3dc] rundll32.exe "C:\WINDOWS\system32\lapomefe.dll",b
O4 - HKLM\..\Run: [CPM3f589040] Rundll32.exe "c:\windows\system32\wevozobo.dll",a
O4 - HKLM\..\RunOnce: [SpybotDeletingA1630] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7575] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1123] command.com /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1516] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5968] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1551] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6556] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4849] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2028] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7162] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1961] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3754] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5460] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8097] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6480] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1793] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8104] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7472] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1743] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2402] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4069] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6930] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA835] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9867] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7011] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9348] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2792] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4671] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9563] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2269] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3558] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9837] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA786] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7591] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6801] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5223] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7188] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2229] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1934] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC549] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8757] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC459] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3575] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6676] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5034] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8124] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4456] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7877] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5067] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8118] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7798] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8274] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2135] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7322] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9912] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8771] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8395] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1504] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA478] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC990] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6332] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7857] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9729] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4023] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3042] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC710] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7401] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3479] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1097] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC945] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3931] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9985] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5093] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9003] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1238] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4911] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4199] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1219] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4608] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1819] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2727] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8215] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9110] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7441] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8849] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7373] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2150] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8705] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7680] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3137] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3495] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8793] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9493] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9123] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1966] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2111] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5030] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6757] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9304] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9234] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1136] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9754] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4866] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4492] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7444] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4791] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9566] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8822] command.com /c del "C:\WINDOWS\system32\wevozobo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5985] cmd.exe /c del "C:\WINDOWS\system32\wevozobo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6514] command.com /c del "C:\WINDOWS\system32\lapomefe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3525] cmd.exe /c del "C:\WINDOWS\system32\lapomefe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4194] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6791] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5884] command.com /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5822] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2250] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1917] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8041] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD597] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6704] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2064] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8458] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6023] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4209] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7173] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1372] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5412] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB22] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2418] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8340] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9842] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3088] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9949] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4094] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9243] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6581] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2036] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8821] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1435] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB987] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1850] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9775] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD618] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3246] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7562] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6980] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6420] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8515] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7247] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB279] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD417] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6205] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD33] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7676] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD283] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4884] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6251] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7623] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9785] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6162] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6911] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1142] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7065] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8916] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7858] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2639] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1936] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5618] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4134] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5999] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2000] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8323] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB43] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2178] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7206] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7820] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7254] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB110] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9439] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7536] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2475] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6071] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD236] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1005] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9392] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB715] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8452] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6935] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9566] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6274] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5006] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1619] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7895] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9940] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5188] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4014] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9648] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5444] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7715] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6198] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5911] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6924] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB153] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2325] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3778] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2359] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2441] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9978] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5739] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5487] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6643] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3960] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6593] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD105] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8259] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD663] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8333] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8803] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8872] command.com /c del "C:\WINDOWS\system32\wevozobo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3569] cmd.exe /c del "C:\WINDOWS\system32\wevozobo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4471] command.com /c del "C:\WINDOWS\system32\lapomefe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8229] cmd.exe /c del "C:\WINDOWS\system32\lapomefe.dll_old"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/stg_drm.ocx
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: geBqPGAS - geBqPGAS.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wevozobo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wevozobo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe