Jump to content

Recommended Posts

i have been struggling with a nasty "virus" for about 3 days now. when i search (google, bing, yahoo, ect) it takes me to a legitamate page, but when i click the search links, it redirects me to other pages. the only way i can get to the right page is to "open in new tab" and sometimes that still redirects me. i have tried just about EVERY free antivirus, spyware, and adware i can get my hands on. nothing works. i believe (from reading) it has something to do with a fake wdmaud.sys file in my system32 folder. it wont let me delete it, i renamed it once, which fixed the problem for a few minutes, but the file reappeared as did the problem. finally, i found hijack this and this forum, so here is my log, ANY help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:03:46 PM, on 5/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\DISC\DiscStreamHub.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetteextra.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.70.0\MySpaceToolbar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)

O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\java\bin\jp2ssv.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)

O3 - Toolbar: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.70.0\MySpaceToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA7238] command.com /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC97] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA771] command.com /c del "C:\WINDOWS\wt\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC2995] cmd.exe /c del "C:\WINDOWS\wt\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA9039] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4170] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA7610] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6247] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA5619] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC358] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA8758] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2751] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2273] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC8252] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6080] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingC2707] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingA921] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC9915] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6987] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC9249] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA7609] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2551] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4122] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC1411] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA165] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingC2843] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingA6780] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC3530] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA4192] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3171] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA3382] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC4359] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA9740] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4294] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA564] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5439] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6214] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC1870] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA8946] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC4342] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA9934] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC6368] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA6498] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5514] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA7274] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC1756] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1817] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC779] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA8681] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7148] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA3153] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4263] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA832] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKLM\..\RunOnce: [spybotDeletingC1812] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKLM\..\RunOnce: [spybotDeletingA2301] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA159] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC1131] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4925] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5607] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6283] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingC5928] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingA5423] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4553] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6202] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC6483] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA6277] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC2977] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA8397] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC1387] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA1405] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6356] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA9664] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC6373] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA7588] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC9678] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA9008] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC2170] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA2315] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2688] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA5817] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4304] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA380] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC2733] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA6792] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7373] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA8845] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingC5783] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingA3585] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC4461] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA2970] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC5908] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA7792] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC3046] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA3352] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC8817] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6887] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3161] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6010] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC1653] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA5341] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC9713] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA144] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC7261] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA8848] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5076] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4837] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC8687] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA9350] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC3295] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA2191] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC5536] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA2248] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC6270] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB7524] command.com /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD899] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2958] command.com /c del "C:\WINDOWS\wt\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD8399] cmd.exe /c del "C:\WINDOWS\wt\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB5070] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD1151] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2822] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9731] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2884] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2866] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB1417] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD1118] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB3090] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2532] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8471] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingD9136] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingB6374] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9751] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9039] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingD611] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB916] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD7080] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9956] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD6139] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB5146] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingD8756] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingB7813] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD956] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB226] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8534] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB5138] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD1712] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB1636] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5574] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6048] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9935] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB3774] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD5706] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB5977] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD1529] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB3767] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD8768] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB4408] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8221] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB5924] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5286] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6784] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8911] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB7578] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD426] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB7959] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2573] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB1575] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKCU\..\RunOnce: [spybotDeletingD2055] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKCU\..\RunOnce: [spybotDeletingB2006] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5637] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB254] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD1711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB5429] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8915] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB957] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingD6504] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingB2119] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD6272] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8682] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD251] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB4207] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD156] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB2253] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD2926] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB1335] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD4776] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB5847] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD9005] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB5235] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD9931] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB7718] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingD8598] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB9001] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD996] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4666] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5621] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB7091] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD3051] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB7007] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5477] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB3383] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingD5102] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingB9370] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD1128] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB3608] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD8211] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB912] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD7781] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB4980] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD4248] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4655] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8057] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8221] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD5912] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB6461] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD7651] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB5530] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD1074] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB2116] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2380] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6683] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD5093] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB2774] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD1629] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB4504] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD8004] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB2223] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD4819] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256336061046

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)

Link to post
Share on other sites

Hi spykelz And Welcome to Malwarebytes!

DeFogger

Download DeFogger by jpshortstuff from here & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
    gmer_zip.gif
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      GMER_thumb.jpg
      Click the image to enlarge it

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

    [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.