Results 1 to 3 of 3

Thread: Malware

  1. 2009-07-18, 08:20 #1
    Demonicslaya
    Demonicslaya is offline
    Junior Member
    Join Date
    Jul 2009
    Location
    Massachusetts
    Posts
    2

    Default Malware

    System Security strikes again.

    So yeah I have already Downloaded HJT, ERUNT, MBAM, RSIT, GMER, Spybot S&D, and Combo Fix.

    I have already backed up my registry with ERUNT and ran MBAM, HJT, RSIT, Spybot, and Combo. I have Combo log, HJT log, and RSIT log.

    ComboFix 09-07-14.08 - William 07/18/2009 1:36.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1041 [GMT -4:00]
    Running from: c:\documents and settings\William\My Documents\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
    FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    Overlay aborted ... Please run ComboFix once more
    ((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-24 13:26 . 2008-09-02 02:17 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2006-05-06 16:42 . 2006-12-05 19:34 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-17 1948440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2006-05-05 12:27 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-07-17 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BounceBack Launcher.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nostromo Loadout Manager.lnk]
    backup=c:\windows\pss\Nostromo Loadout Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
    backup=c:\windows\pss\Privoxy.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    backup=c:\windows\pss\FrostWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^Last.fm Helper.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^TimeLeft.lnk]
    backup=c:\windows\pss\TimeLeft.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^William^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Update
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGEMS"=2 (0x2)
    "Avg7UpdSvc"=2 (0x2)
    "Avg7Alrt"=2 (0x2)
    "SPBBCSvc"=2 (0x2)
    "SNDSrvc"=2 (0x2)
    "SAVScan"=3 (0x3)
    "NSCService"=3 (0x3)
    "NPFMntor"=2 (0x2)
    "FirebirdServerMAGIXInstance"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "SmcService"=2 (0x2)
    "MyWebSearchService"=2 (0x2)
    "LiveUpdate Notice Service"=2 (0x2)
    "iPod Service"=3 (0x3)
    "WMP54Gv4SVC"=2 (0x2)
    "WMP54GSSVC"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "Symantec Core LC"=2 (0x2)
    "StarWindServiceAE"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "ose"=3 (0x3)
    "nSvcLog"=2 (0x2)
    "nSvcIp"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "NBService"=3 (0x3)
    "navapsvc"=2 (0x2)
    "MDM"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "LBTServ"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "ForcewareWebInterface"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "btwdins"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Nexon\\Combat Arms\\NMService.exe"=


    R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
    R2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys [x]
    R3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\DRIVERS\Alpham.sys [2005-12-04 34944]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-17 327688]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-17 108552]
    S1 Fadpu16E;Fadpu16E;c:\windows\System32\Drivers\Fadpu16E.sys [2006-04-14 43008]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-17 298776]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
    S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2007-08-14 34304]
    S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 23040]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IP6FW
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{581439C4-9ABC-4878-A370-07A528EE792B} - c:\windows\system32\jkkKbBTl.dll
    BHO-{5f6daa33-0cb0-4efd-b9ea-94e44c9894fb} - c:\windows\system32\diwupesa.dll
    BHO-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\geBqPGAS.dll
    BHO-{9A5C36CE-FF2C-43F0-BDA3-74B0A801B117} - (no file)
    HKLM-Run-3c6ba3dc - c:\windows\system32\lapomefe.dll
    HKLM-Run-CPM3f589040 - c:\windows\system32\wevozobo.dll
    HKLM-RunOnce-<NO NAME> - (no file)
    ShellExecuteHooks-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\geBqPGAS.dll
    Notify-geBqPGAS - geBqPGAS.dll
    MSConfigStartUp-slide - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: aol.com\free
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\docume~1\William\APPLIC~1\Mozilla\Firefox\Profiles\i3y5ibvn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-18 01:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(556)
    geyekrlnoemruw.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrlnoemruw.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-18 1:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-18 05:51

    Pre-Run: 42,232,393,728 bytes free
    Post-Run: 43,307,094,016 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /noguiboot

    Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
    268 --- E O F --- 2008-03-11 21:47
  2. 2009-07-18, 08:24 #2
    Demonicslaya
    Demonicslaya is offline
    Junior Member
    Join Date
    Jul 2009
    Location
    Massachusetts
    Posts
    2

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:06:08 AM, on 7/18/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/stg_drm.ocx
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/armhelper.ocx
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 7320 bytes


    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'FIXES' before helpers have analyzed the HJT log
    Last edited by tashi; 2009-07-18 at 10:14. Reason: added links to forum FAQS
  3. 2009-07-19, 03:19 #3
    Demonicslaya
    Demonicslaya is offline
    Junior Member
    Join Date
    Jul 2009
    Location
    Massachusetts
    Posts
    2

    Default

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by William at 2009-07-18 01:04:35
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 40 GB (21%) free of 194 GB
    Total RAM: 2047 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:24:32 AM, on 7/18/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\William\My Documents\Downloads\RSIT.exe
    C:\Program Files\trend micro\William.exe
    C:\WINDOWS\system32\cmd.execf
    C:\32788R22FWJFW\NirCmd.cfexe
    C:\Documents and Settings\William\Desktop\explorer.exe.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {581439C4-9ABC-4878-A370-07A528EE792B} - C:\WINDOWS\system32\jkkKbBTl.dll (file missing)
    O2 - BHO: (no name) - {5f6daa33-0cb0-4efd-b9ea-94e44c9894fb} - C:\WINDOWS\system32\diwupesa.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - C:\WINDOWS\system32\geBqPGAS.dll (file missing)
    O2 - BHO: (no name) - {9A5C36CE-FF2C-43F0-BDA3-74B0A801B117} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [3c6ba3dc] rundll32.exe "C:\WINDOWS\system32\lapomefe.dll",b
    O4 - HKLM\..\Run: [CPM3f589040] Rundll32.exe "c:\windows\system32\wevozobo.dll",a
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1630] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7575] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1123] command.com /c del "C:\WINDOWS\wt\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1516] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5968] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1551] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6556] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4849] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2028] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7162] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1961] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3754] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5460] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8097] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6480] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1793] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8104] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7472] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1743] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2402] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4069] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6930] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA835] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9867] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7011] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9348] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2792] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4671] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9563] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2269] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3558] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9837] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA786] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7591] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6801] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5223] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7188] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2229] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1934] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC549] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8757] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC459] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3575] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6676] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5034] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8124] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4456] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7877] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5067] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8118] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7798] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8274] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2135] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7322] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9912] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8771] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8395] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1504] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA478] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC990] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6332] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7857] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9729] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4023] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3042] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC710] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7401] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3479] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1097] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC945] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3931] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9985] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5093] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9003] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1238] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4911] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4199] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1219] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4608] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1819] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2727] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8215] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9110] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7441] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8849] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7373] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2150] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8705] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7680] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3137] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3495] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8793] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9493] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9123] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1966] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2111] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5030] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6757] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9304] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9234] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1136] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9754] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4866] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4492] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7444] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4791] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9566] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8822] command.com /c del "C:\WINDOWS\system32\wevozobo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5985] cmd.exe /c del "C:\WINDOWS\system32\wevozobo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6514] command.com /c del "C:\WINDOWS\system32\lapomefe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3525] cmd.exe /c del "C:\WINDOWS\system32\lapomefe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4194] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6791] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5884] command.com /c del "C:\WINDOWS\wt\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5822] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2250] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1917] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8041] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD597] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6704] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2064] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8458] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6023] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4209] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7173] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1372] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5412] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB22] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2418] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8340] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9842] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3088] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9949] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4094] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9243] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6581] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2036] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8821] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1435] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB987] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1850] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9775] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD618] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3246] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7562] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6980] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6420] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8515] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7247] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB279] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD417] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6205] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD33] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7676] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD283] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4884] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6251] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7623] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9785] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6162] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6911] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1142] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7065] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8916] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7858] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2639] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1936] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5618] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4134] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5999] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2000] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8323] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB43] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2178] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7206] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7820] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7254] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB110] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9439] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7536] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2475] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6071] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD236] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1005] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9392] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB715] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8452] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6935] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9566] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6274] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5006] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1619] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7895] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9940] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5188] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4014] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9648] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5444] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7715] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6198] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5911] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6924] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB153] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2325] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3778] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2359] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2441] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9978] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5739] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5487] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6643] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3960] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6593] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD105] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8259] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD663] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8333] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8803] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8872] command.com /c del "C:\WINDOWS\system32\wevozobo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3569] cmd.exe /c del "C:\WINDOWS\system32\wevozobo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4471] command.com /c del "C:\WINDOWS\system32\lapomefe.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8229] cmd.exe /c del "C:\WINDOWS\system32\lapomefe.dll_old"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/stg_drm.ocx
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/MCF%20-%20Prime%20Suspects/Images/armhelper.ocx
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: geBqPGAS - geBqPGAS.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wevozobo.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wevozobo.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules