Free Malware Removal Forum

by **ice-9** » August 29th, 2009, 10:23 pm

I'm helping a friend with this computer: They let the Norton that came with the machine expire and went without until they were somehow convinced to download 'Personal Antivirus'. I've cleaned up a lot, but there are still some issues (the task manager window, for instance, doesn't show any tabs but 'applications'). I've attached a Hijackthis log. Any help would be greatly, greatly appreciated!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:26 PM, on 8/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... jbfJ+a5rWr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3846] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1436] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7125] command.com /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD127] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4269] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9440] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5031] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9562] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6137] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3998] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4710] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5535] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8734] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7295] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3420] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5105] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7270] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5353] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5196] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4205] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2755] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5073] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB871] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5148] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7780] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7887] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4951] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8693] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB88] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD542] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6832] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7519] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8559] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5525] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7578] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9314] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7378] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD264] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7263] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9249] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4054] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4147] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5675] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5504] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8800] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2068] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5522] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2104] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB986] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5094] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2132] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3298] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6569] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD965] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8003] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3079] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6760] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8802] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9310] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6449] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7689] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8052] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB141] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6279] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3347] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9284] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7466] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1752] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6026] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5560] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8875] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9598] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4904] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5757] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4290] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD993] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3532] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9273] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1225] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1155] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2939] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7970] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3096] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4424] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2201] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9517] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB504] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9027] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4978] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5019] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8023] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4434] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2024] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5792] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1749] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1379] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2359] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4047] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3302] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2912] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6997] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3724] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB473] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8756] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB352] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7241] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8626] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2388] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6040] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2838] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7024] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD720] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2410] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6175] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2860] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5253] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/defaul ... oader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/defaul ... uncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-web ... Player.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/defaul ... uncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/defaul ... 0.0.46.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 23219 bytes

by **ice-9** » August 30th, 2009, 4:04 pm

You can forget this post: I had to return the computer to it's owner and I'm pretty sure that between Spybot S&D and Malwarebytes I got everything.

Thank you as always.

Ice-9

Free Malware Removal Forum

It started with "personal antivirus" (Hijackthis log attchd)

It started with "personal antivirus" (Hijackthis log attchd)

Re: It started with "personal antivirus" (Hijackthis log attchd)

Who is online