Need Help! av.protect.com and spyware

Thanks to Belazhur for all the help before (Oct 2009). You guys are awesome so when I had another problem I knew I had to come back to you. :-)

Something turned off my firewall and I can't turn it back on. I have two things on my computer one is called av.protect.com and the other is called wgatray.exe and I'm not sure where they came from. I also have all these cookies in my temporary internet files that won't delete, most of them are from some poker sites but I have never gone to any of those sites before. I ran hijack this. Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:08 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174200426125
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5721/mcfscan.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c96df6734db668) (gupdate1c96df6734db668) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7581 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I tried to download it but before it finished install I received a run-time error '0' and a run-time error '440' and I can not open the program to run it.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Ok I was able to download that and run it. The OTL.txt log is:

OTL logfile created on: 2/21/2010 4:18:55 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.80 Gb Total Space | 174.03 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 1.14 Gb Free Space | 18.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 460.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THORZHAMMER
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 16:18:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/03/22 13:18:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/29 05:24:52 | 000,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 12:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/10/24 16:56:28 | 000,126,976 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\Fix-It\mxtask.exe
PRC - [2006/06/05 13:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2006/03/02 20:49:14 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/09/23 17:30:48 | 000,038,912 | ---- | M] () -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 16:18:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/13 19:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 19:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2006/09/07 18:39:06 | 000,028,672 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\Fix-It\WinHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2009/01/03 17:55:45 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c96df6734db668) Google Update Service (gupdate1c96df6734db668)
SRV - [2008/04/27 14:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 12:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/12/05 10:21:38 | 001,087,680 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/24 16:56:28 | 000,126,976 | ---- | M] (Avanquest Publishing USA, Inc.) [Auto | Running] -- C:\Program Files\VCOM\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2006/06/05 13:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2006/03/02 20:49:14 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/12/10 06:06:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/09/23 17:30:48 | 000,038,912 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)


========== Driver Services (SafeList) ==========

DRV - [2009/04/28 15:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/07 18:06:14 | 000,190,480 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\VCOM\Fix-It\tmxpflt.sys -- (tmxpflt)
DRV - [2006/09/07 18:06:12 | 001,022,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\VCOM\Fix-It\Vsapint.sys -- (Vsapint)
DRV - [2006/09/07 18:06:12 | 000,031,248 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\VCOM\Fix-It\tmpreflt.sys -- (tmpreflt)
DRV - [2006/06/05 13:30:04 | 000,829,008 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\css-dvp.sys -- (CSS DVP)
DRV - [2005/12/10 06:06:00 | 003,536,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/11 08:38:16 | 000,020,480 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GRTdiMon.sys -- (GRTdiMon)
DRV - [2005/07/11 08:36:50 | 000,015,548 | ---- | M] (Authentium, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GRFilter.sys -- (GRFILTER)
DRV - [2004/10/01 19:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/09/23 19:52:20 | 000,173,312 | ---- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/08/21 01:26:00 | 000,737,874 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/29 22:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/06 02:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/03/19 02:52:00 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/03/19 02:52:00 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/03/19 02:51:00 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 22:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/05/28 17:46:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 14:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 14:09:38 | 000,000,000 | ---D | M]

[2009/08/28 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/24 16:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\gtx077i7.default\extensions
[2009/08/28 20:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/17 12:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll

O1 HOSTS File: ([2009/10/17 18:55:09 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirusScannerPro] C:\Program Files\VCOM\Fix-It\MemCheck.exe (Avanquest Publishing USA, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\VCOM\Fix-It\MxAVLsp.dll (Avanquest Publishing USA, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} https://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174200426125 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5721/mcfscan.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.freetoolsassociation.com/ActiveGS.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/22 01:44:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/11/21 14:50:59 | 000,494,095 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/21 16:18:36 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/02/21 13:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/19 13:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/19 12:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\rhmbpf
[2010/02/11 18:13:38 | 000,000,000 | ---D | C] -- C:\2362dfb81cbe8440663d48cc
[2009/09/09 16:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/12 14:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/23 10:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/08/14 08:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/03 11:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/05/03 11:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/04/06 19:03:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/21 21:24:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/23 15:16:38 | 027,936,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x64-enu.exe
[2007/05/23 15:15:39 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/04/13 23:24:21 | 002,317,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-KB928089-WindowsXP-x86-enu.exe
[2007/04/13 23:22:43 | 000,778,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-KB929969-WindowsXP-x86-enu.exe
[2007/04/13 23:21:48 | 002,115,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB917425-x86-ENU.exe
[2007/04/13 23:21:06 | 000,802,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB929969-x86-ENU.exe
[2007/04/13 23:05:31 | 006,350,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows-KB890830-V1.28.exe
[2007/04/13 23:04:32 | 001,823,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB925902-x86-ENU.exe
[2007/04/13 23:00:54 | 000,288,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[2007/04/13 13:45:17 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2007/01/04 10:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VCOM
[2006/04/18 18:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/01/05 21:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 16:20:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 16:18:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/02/21 15:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 14:34:11 | 000,072,044 | ---- | M] () -- C:\Documents and Settings\HP_Owner\.plugin141_01.trace
[2010/02/21 14:21:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\HP_Owner\webct_upload_applet.properties
[2010/02/21 13:51:27 | 025,690,112 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/02/21 12:46:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 12:46:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 12:46:44 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 08:47:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/02/20 19:56:15 | 018,271,282 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\BackintheDay.pdf
[2010/02/19 13:30:13 | 024,379,392 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/02/19 12:39:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\jigituba
[2010/02/20 19:56:15 | 018,271,282 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\BackintheDay.pdf
[2009/10/15 12:21:35 | 000,210,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/15 00:08:41 | 000,018,098 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\zigykinowi.db
[2009/08/26 07:02:00 | 000,019,095 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yliqatixyh._sy
[2009/08/26 07:02:00 | 000,017,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ewiwed.db
[2009/08/26 07:02:00 | 000,014,094 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\amokykudaj.db
[2009/08/26 07:02:00 | 000,013,889 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\cydazij.lib
[2009/08/24 09:21:09 | 000,015,671 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nafon.ban
[2009/08/24 09:21:09 | 000,012,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\yqyjuvypis.dl
[2009/08/22 14:04:28 | 000,016,683 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\fasefape.dl
[2009/08/22 14:04:28 | 000,015,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huji.ban
[2009/08/21 17:22:22 | 000,017,860 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uryh._sy
[2009/08/21 13:29:01 | 000,015,060 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quxogerur.ban
[2009/08/21 13:13:19 | 000,016,640 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\dykyt.lib
[2009/08/21 13:13:19 | 000,013,169 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\zoramy.db
[2009/08/21 13:13:19 | 000,012,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\siqyweduxo.dl
[2009/04/16 18:05:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/22 12:16:57 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\h@tkeysh@@k.dll
[2008/02/01 20:39:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\dm.ini
[2008/01/14 13:53:12 | 000,001,429 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/10/21 02:51:49 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/01 19:45:10 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/06/02 13:48:31 | 000,001,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/26 16:33:37 | 005,154,816 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/02/11 03:21:18 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\performent202.dll
[2007/02/11 03:21:17 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\win32hp.dll
[2007/02/11 03:21:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\spp3.dll
[2007/02/11 03:21:08 | 000,014,848 | ---- | C] () -- C:\WINDOWS\inetdctr.dll
[2007/01/05 09:02:28 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/24 00:50:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/17 14:22:30 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2006/09/05 22:16:18 | 000,000,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/06 20:21:31 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/06 12:15:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/07/22 01:46:36 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2006/07/22 01:42:35 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/22 01:42:34 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/22 01:42:34 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/22 01:42:34 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/22 01:42:34 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/22 01:42:34 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/22 18:27:20 | 000,051,502 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/04/22 18:27:20 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/22 17:56:19 | 000,005,665 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/22 17:56:19 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/22 17:47:43 | 000,036,786 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/22 17:47:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/07 19:40:14 | 000,000,516 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/02/18 20:55:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/10 06:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 06:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 06:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 06:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 06:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 06:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/10 06:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/23 22:32:05 | 000,001,092 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\BestModePatch_RubenMain.log
[2005/09/23 22:32:05 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2005/05/10 11:16:26 | 000,054,928 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2005/04/29 21:31:10 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\AdobeDLM.log
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/10/22 16:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 21:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 21:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 20:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 20:05:48 | 000,005,781 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/10/21 19:51:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/21 19:51:33 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/21 19:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 19:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 18:55:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 18:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D601744
< End of report >

The Extras.txt log is:

OTL Extras logfile created on: 2/21/2010 4:18:55 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.80 Gb Total Space | 174.03 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 1.14 Gb Free Space | 18.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 460.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THORZHAMMER
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{087004CC-46B3-4016-96DF-73595706776C}" = EZface ActiveX 209
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DCC4AA0-9252-44CD-959D-1AA783B0EEC8}" = Sony Media Manager for PSP 2.5
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1_01
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe Extendscript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{37F79672-76E1-11D6-B2FB-0002A5E32BEF}" = Beauty and the Beast Magical Ballroom
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 7 Professional
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6959A52E-2B55-4042-9DF7-0F31EBDEDA60}" = EZface ActiveX 210
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87FDB1C6-785F-3482-B30E-FF2F2A021F65}" = Google Gears
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe Photoshop Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2EFF20D-30BF-4907-B1FD-B7EBCED798D6}" = HPHDiscovery
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Photoshop Album Starter Edition 3.2" = Adobe Photoshop Album Starter Edition 3.2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Digital Camera Driver" = Digital Camera Driver
"Easy Adder_is1" = Easy Adder 3.65
"FilmLoopPlayer" = FilmLoop Player
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Chrome Frame" = Google Chrome Frame
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imikimi Plugin" = Imikimi Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2010 2:20:01 PM | Computer Name = THORZHAMMER | Source = MsiInstaller | ID = 11714
Description = Product: Google Gears -- Error 1714. The older version of Google Gears
cannot be removed. Contact your technical support group. System Error 1612.

Error - 2/20/2010 7:20:01 PM | Computer Name = THORZHAMMER | Source = MsiInstaller | ID = 11714
Description = Product: Google Gears -- Error 1714. The older version of Google Gears
cannot be removed. Contact your technical support group. System Error 1612.

Error - 2/20/2010 8:00:53 PM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1612, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/20/2010 8:01:02 PM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/21/2010 12:20:04 AM | Computer Name = THORZHAMMER | Source = MsiInstaller | ID = 11714
Description = Product: Google Gears -- Error 1714. The older version of Google Gears
cannot be removed. Contact your technical support group. System Error 1612.

Error - 2/21/2010 3:04:31 AM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1612, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/21/2010 3:04:38 AM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/21/2010 9:48:03 AM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1612, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/21/2010 9:48:11 AM | Computer Name = THORZHAMMER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/21/2010 2:20:01 PM | Computer Name = THORZHAMMER | Source = MsiInstaller | ID = 11714
Description = Product: Google Gears -- Error 1714. The older version of Google Gears
cannot be removed. Contact your technical support group. System Error 1612.

[ System Events ]
Error - 2/21/2010 9:22:44 AM | Computer Name = THORZHAMMER | Source = Service Control Manager | ID = 7022
Description = The dvpapi service hung on starting.

Error - 2/21/2010 9:22:44 AM | Computer Name = THORZHAMMER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 2/21/2010 9:23:03 AM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Automatic Updates.

Error - 2/21/2010 9:47:58 AM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error - 2/21/2010 9:48:04 AM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 2/21/2010 9:48:12 AM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB974417).

Error - 2/21/2010 1:48:26 PM | Computer Name = THORZHAMMER | Source = Service Control Manager | ID = 7022
Description = The dvpapi service hung on starting.

Error - 2/21/2010 1:48:26 PM | Computer Name = THORZHAMMER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 2/21/2010 2:24:02 PM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Automatic Updates.

Error - 2/21/2010 2:33:39 PM | Computer Name = THORZHAMMER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
  O32 - AutoRun File - [2007/11/21 14:50:59 | 000,494,095 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
  [2010/02/19 12:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\rhmbpf
  [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\jigituba
  [2009/10/15 00:08:41 | 000,018,098 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\zigykinowi.db
  [2009/08/26 07:02:00 | 000,019,095 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yliqatixyh._sy
  [2009/08/26 07:02:00 | 000,017,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ewiwed.db
  [2009/08/26 07:02:00 | 000,014,094 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\amokykudaj.db
  [2009/08/26 07:02:00 | 000,013,889 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\cydazij.lib
  [2009/08/24 09:21:09 | 000,015,671 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nafon.ban
  [2009/08/24 09:21:09 | 000,012,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\yqyjuvypis.dl
  [2009/08/22 14:04:28 | 000,016,683 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\fasefape.dl
  [2009/08/22 14:04:28 | 000,015,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huji.ban
  [2009/08/21 17:22:22 | 000,017,860 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uryh._sy
  [2009/08/21 13:29:01 | 000,015,060 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quxogerur.ban
  [2009/08/21 13:13:19 | 000,016,640 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\dykyt.lib
  [2009/08/21 13:13:19 | 000,013,169 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\zoramy.db
  [2009/08/21 13:13:19 | 000,012,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\siqyweduxo.dl
  [2008/04/22 12:16:57 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\h@tkeysh@@k.dll
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Ok I ran the custom fix and the machine made me re-boot. After re-boot I got the log and the contents are below.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\rhmbpf folder moved successfully.
C:\WINDOWS\system32\jigituba moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\zigykinowi.db moved successfully.
C:\Documents and Settings\All Users\Application Data\yliqatixyh._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\ewiwed.db moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\amokykudaj.db moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\cydazij.lib moved successfully.
C:\Documents and Settings\All Users\Application Data\nafon.ban moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\yqyjuvypis.dl moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\fasefape.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\huji.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\uryh._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\quxogerur.ban moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\dykyt.lib moved successfully.
C:\Documents and Settings\HP_Owner\Application Data\zoramy.db moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\siqyweduxo.dl moved successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll moved successfully.

OTL by OldTimer - Version 3.1.30.1 log created on 02222010_175235

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 8.1.2
Java 2 Runtime Environment, SE v1.4.1_01

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 18.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3

Please download Firefox 3.6 and install it. It will install over version 3.5.3 you currently have installed, so you won't lose any bookmarked websites.

---

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

How is the machine running now?

The system won't allow me to uninstall Java 2 Runtime Environment, SE v1.4.1_01
When I click the uninstall button nothing happens. Should I follow the rest of the instructions or wait for new direction?

Yes, we'll remove the old Java another way.

Ok I did everything you instructed above. I could not remove the old Java and I could not install the new Adobe. I receive an error when I tried to install. I also have all these cookies in my temporary internet folders that will not delete. None of them were there before I started having problems with the computer. I can't copy and paste them but some of the titles are hp_owner@
serv4.imageshackhost
gigya.com
imageshack.us
demr.opt.fimserve.com
fulltiltpoker.com
titanpoker.com
doubleclick.net
ultimatebanking.net
banner.poker770.com
mansionpoker.com
media6degrees.com
and on and on. I have never been to any poker or gambling site so I don't know where they are coming from or why they won't go away. I've also tried to run my VCOM Fix-It Utility program and it will never finish scanning. It always stops shorts and gives me an error.

Hello.

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Any difference? TFC will clean out the cookies, so that should deal with that problem.

Ok, I went and got TFC and ran it. I delete my temp files and cookies almost daily so I didn't expect it to take too long. The first time I ran it it ran for about 4 minutes until it finally said "not responding" and froze. I had to CTRL-ALT-DELETE shut down my computer and re-start. I tried it again and it ran for 7 minutes before it did the same thing. So I can't run it and all the files are still there.

Try this instead.

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Ok I tried that too and it didn't work. I ran it and selected all the boxes and ran it but it froze and was "not responding" so I shut it down and re-opened it this time trying to check one box at a time and running it multiple times. Each time it said it deleted files but after it was completely finished I checked internet explorer's temp files folder and they are all still there. If I tried to run it on all boxes it keeps freezing. I still can't run the Malware anti-malware program either. It freezes every time I open it.

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

cleanmgr

Wait for it to load, and press okay when it shows C:\ drive, then wait for the cleaner to load.
Once it has, tick everything and select OK, then let it run.

I'm very sorry, I had to go away for a while but I'm back at home and I"m still having the same problems and now my computer is running very slow. ?