Win32:Dialer-gen [Solved]

Hello, jen147, and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy.

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please note that these logs may be very long, and might get cut off at the end, as there is a character limit on this forum. If the logs get cut off, feel free to post another separate reply with the rest.

Thanks so much for your reply, below are the logs you requested:

OTListIt logfile created on: 1/15/2009 5:27:46 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 201.39 Mb Available Physical Memory | 45.01% Memory free
1.06 Gb Paging File | 0.53 Gb Available in Paging File | 49.77% Paging File free
Paging file location(s): C:\pagefile.sys 700 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.26 Gb Total Space | 30.08 Gb Free Space | 43.43% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.77 Gb Free Space | 14.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OBADIAH
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
C:\Program Files\Comodo\Firewall\cfp.exe ()
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Comodo\Firewall\cmdagent.exe ()
C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe (BIA Information Network)
C:\Program Files\SpywareGuard\sgmain.exe ()
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\WINDOWS\system32\HPZipm12.exe (HP)
C:\Program Files\SpywareGuard\sgbhp.exe ()
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
(AgereModemAudio [Auto | Running]) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(cmdAgent [Auto | Running]) -- C:\Program Files\Comodo\Firewall\cmdagent.exe ()
(FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
(WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
(AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
(ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
(AmdK7 [System | Stopped]) -- C:\WINDOWS\system32\drivers\amdk7.sys (Microsoft Corporation)
(AmdK8 [System | Running]) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
(aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
(aswMon2 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
(cmdGuard [System | Running]) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
(cmdHlp [System | Running]) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
(fasttx2k [Boot | Running]) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
(HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
(ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
(Inspect [Boot | Running]) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
(Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
(Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
(SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiS315 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
(SISAGP [Boot | Running]) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
(SiSkp [System | Running]) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
(SISNIC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
(SQTECH905C [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
(viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
(viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
(WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (296333 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.webbrowser.tv
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 213.131.225.2
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 127.0.0.1 babeweb.de
O1 - Hosts: 127.0.0.1 start-seite.com
O1 - Hosts: 127.0.0.1 sexolymp.com
O1 - Hosts: 127.0.0.1 toriii.cc
O1 - Hosts: 127.0.0.1 www.xtipp.de
O1 - Hosts: 127.0.0.1 urawa.cool.ne.jp
O1 - Hosts: 127.0.0.1 777search.com
O1 - Hosts: 127.0.0.1 ace-webmaster.com
O1 - Hosts: 127.0.0.1 aifind.info
O1 - Hosts: 10251 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Weather Authority.lnk = C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe (BIA Information Network)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 436 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1122703680500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144095485656 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 206.74.254.2,204.116.57.2
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = C:\WINDOWS\system32\guard32.dll
>C:\WINDOWS\system32\guard32.dll ()

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" (HKLM) -- C:\Program Files\SpywareGuard\spywareguard.dll ()
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

AUTOEXEC.IVI [@PATH C:\MSBOB;%PATH% | ]
C:\AUTOEXEC.IVI () -- [ NTFS ]

AUTOEXEC.BAT []
D:\AUTOEXEC.BAT () -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
D:\Autorun.inf () -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/15 17:24:58 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt2.exe
[2009/01/11 23:07:54 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2009/01/11 23:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/11 21:50:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/11 21:47:29 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2009/01/11 21:47:29 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2009/01/11 21:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/11 21:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint_v13
[2009/01/11 21:38:28 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint_v13.zip
[2009/01/11 11:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2009/01/10 23:39:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2009/01/10 22:46:06 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\vwbmmiwv.sys
[2009/01/10 22:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2009/01/10 22:32:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/10 22:31:58 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/10 22:31:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/10 22:31:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/10 20:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2009/01/10 20:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/01/10 20:54:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/01/06 11:05:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/20 14:27:08 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mapquest Maps, DirectionsDirectory.url

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/01/15 17:25:12 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt2.exe
[2009/01/15 16:18:36 | 00,002,731 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MyEbay.url
[2009/01/15 15:36:34 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/15 07:20:14 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/15 07:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/15 07:16:15 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/01/15 07:16:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/15 07:16:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/14 22:07:19 | 02,110,210 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2009/01/14 18:13:30 | 00,000,279 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PaperBackSwap.url
[2009/01/14 17:26:04 | 00,001,445 | ---- | M] () -- C:\WINDOWS\ARCADE.INI
[2009/01/13 12:37:14 | 00,000,536 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Netflix.url
[2009/01/11 23:07:54 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2009/01/11 22:30:23 | 03,544,064 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/01/11 21:47:29 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2009/01/11 21:47:29 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2009/01/11 21:40:12 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint.exe
[2009/01/11 21:38:29 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint_v13.zip
[2009/01/10 22:46:06 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\vwbmmiwv.sys
[2009/01/10 21:31:30 | 00,001,134 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/10 21:31:30 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/10 21:31:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/09 19:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 17:20:27 | 00,000,404 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/01/09 10:28:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/08 22:07:04 | 00,296,333 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/04 18:41:24 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:41:20 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 23:24:30 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TOP ads Buy, Sell, Trade.url
[2009/01/03 22:49:16 | 00,000,543 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Local Sales Network.url
[2008/12/27 18:16:32 | 06,338,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/23 13:00:38 | 00,048,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Amazon.com.url
[2008/12/19 11:28:48 | 00,295,838 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090108-220703.backup
[2008/12/19 08:15:45 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2008/12/18 22:31:00 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mapquest Maps, DirectionsDirectory.url

========== LOP Check ==========

[2009/01/10 22:31:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/21 11:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/10 20:57:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2007/01/10 15:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/03/08 17:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/08/30 23:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/08/30 23:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/08 11:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2005/11/26 21:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/11/25 19:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/11/22 11:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2008/07/02 16:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Weather Authority
[2007/11/28 12:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2005/05/09 20:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2009/01/08 21:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/11/17 20:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2004/10/20 08:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2004/10/20 08:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2005/02/27 12:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/03/02 09:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2005/02/27 12:24:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/01/10 22:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/05/07 13:35:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/10/21 00:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2005/08/02 15:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/03/22 16:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/05/29 20:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2005/12/02 22:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/01/06 11:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/03/08 17:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/10/20 08:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2005/11/25 19:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2004/10/20 07:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/11/17 20:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/09/02 19:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/02/07 12:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2006/06/15 10:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/13 08:25:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/09 16:15:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2006/06/14 13:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2005/04/16 12:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/07/28 14:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/01/10 23:39:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data
[2008/10/21 15:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
[2006/05/27 11:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeAUM
[2007/01/10 11:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
[2008/07/27 12:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Amazon
[2005/03/08 17:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AOL
[2006/04/03 13:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
[2008/11/23 12:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ArcSoft
[2007/11/22 11:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Comodo
[2006/06/19 13:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CyberPatrol Client
[2005/03/13 21:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Digital Album Organizer
[2005/06/02 17:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\funkitron
[2006/11/05 14:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Google
[2005/09/10 13:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2005/11/17 21:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\HP
[2005/07/29 21:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
[2005/07/31 18:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express
[2007/11/11 11:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
[2005/07/29 22:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2005/02/27 12:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intuit
[2007/09/10 11:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\iWin
[2008/05/07 13:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft
[2005/03/01 19:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2006/02/10 20:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
[2009/01/10 22:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2008/07/07 15:19:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
[2005/03/06 11:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
[2005/03/29 20:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2005/07/03 16:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MX
[2005/12/02 22:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nova Development
[2005/07/29 22:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real
[2004/10/21 00:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2008/08/06 11:26:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Skinux
[2007/01/02 12:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Snapfish
[2005/07/29 22:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
[2004/10/20 07:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
[2009/01/10 23:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2005/07/29 22:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
[2005/04/03 21:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2006/05/25 09:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TrojanHunter
[2006/06/14 13:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2009/01/10 20:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2005/04/07 16:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity
[2009/01/08 22:23:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
[2005/03/08 17:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\You've Got Pictures Screensaver
[2009/01/09 17:20:27 | 00,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/01/09 10:28:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/12/19 08:15:45 | 00,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2009/01/15 07:20:14 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/01/15 07:16:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 318 bytes -> %UserProfile%\Desktop\Netflix.url:favicon
@Alternate Data Stream - 25214 bytes -> %UserProfile%\Desktop\Local Sales Network.url:favicon
@Alternate Data Stream - 17542 bytes -> %UserProfile%\Desktop\Amazon.com.url:favicon
@Alternate Data Stream - 1406 bytes -> %UserProfile%\Desktop\PaperBackSwap.url:favicon
@Alternate Data Stream - 1406 bytes -> %UserProfile%\Desktop\MyEbay.url:favicon
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\TOP ads Buy, Sell, Trade.url:favicon
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\mapquest Maps, DirectionsDirectory.url:favicon
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %ProgramFiles%\Thumbs.db:encryptable
< End of report >



OTListIt Extras logfile created on: 1/15/2009 5:27:46 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 201.39 Mb Available Physical Memory | 45.01% Memory free
1.06 Gb Paging File | 0.53 Gb Available in Paging File | 49.77% Paging File free
Paging file location(s): C:\pagefile.sys 700 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.26 Gb Total Space | 30.08 Gb Free Space | 43.43% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.77 Gb Free Space | 14.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OBADIAH
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

Continuation of Log:


========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe:*:Enabled:TrueWeather (BIA Information Network)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{008D90CE-5EF0-4D19-96C5-4C75C2842536}" = ArcSoft Software Suite
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD040AAA-F295-492B-AD91-C8DC24488273}" = Photo Explosion SE 2.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"avast!" = avast! Antivirus
"BackWeb-6750491 Uninstaller" = Compaq Connections
"Bricks of Egypt" = Bricks of Egypt
"christmas2005" = christmas2005
"CleanUp!" = CleanUp!
"COMODO Firewall Pro" = COMODO Firewall Pro
"Desktop Weather Authority" = Desktop Weather Authority
"eGames GameButler" = eGames GameButler
"ERUNT_is1" = ERUNT 1.1j
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Luxor AR" = Luxor Amun Rising (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureToTV_is1" = PictureToTV 1.4.5
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SiS VGA Driver" = SiS VGA Utilities
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/15/2007 9:20:13 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://thumbs.ebayst...612478080_1.jpg failed, 0000A413.

Error - 7/15/2007 9:20:13 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\TQGVJQ65\1801394612478080_1[1].jpg
failed, 0000A413.

Error - 7/15/2007 9:21:05 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://i2.ebayimg.co...a/3c/c92b_1.JPG failed, 0000A413.

Error - 4/6/2008 10:31:37 AM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 4/7/2008 8:08:42 AM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 7/5/2008 8:14:02 AM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMP\~DF9882.TMP failed, 00000005.

Error - 7/7/2008 12:36:41 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMP\~DF9882.TMP failed, 00000005.

Error - 11/25/2008 7:45:43 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUU47D8\SmithsonBartlettChakinalaManagingOtherFormsOfPH[1].pdf
failed, 0000A413.

Error - 11/25/2008 7:45:44 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.phassocia...erFormsOfPH.pdf
failed, 0000A413.

Error - 11/25/2008 8:21:44 PM | Computer Name = OBADIAH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Acr97D0.tmp failed, 0000A413.

[ Application Events ]
Error - 1/5/2009 3:04:24 PM | Computer Name = OBADIAH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module mshtmled.dll, version 7.0.6000.16762, fault address 0x000046a6.

Error - 1/8/2009 9:24:32 AM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2009 12:01:15 PM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2009 2:42:15 PM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2009 8:37:12 PM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2009 11:19:01 PM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2009 11:45:14 PM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 12:31:53 AM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.10.56.119, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 11:47:48 AM | Computer Name = OBADIAH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 11:47:57 AM | Computer Name = OBADIAH | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

[ System Events ]
Error - 1/15/2009 9:20:17 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 1/15/2009 9:20:48 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 1/15/2009 9:20:48 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 1/15/2009 9:21:20 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 1/15/2009 9:21:20 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 1/15/2009 9:21:55 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 1/15/2009 9:21:56 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 1/15/2009 9:22:29 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 1/15/2009 9:22:30 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 1/15/2009 9:24:53 AM | Computer Name = OBADIAH | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Files
  C:\WINDOWS\System32\drivers\vwbmmiwv.sys
  C:\Documents and Settings\All Users\Application Data\Viewpoint
  
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

I've done the first part of your instruction, and I'm still doing the Kaspersky. But just wanted to check if it's normal for it to take so long to do the part called Updating the database. It's been over an hour since I started the whole thing. It was at about 80%, then the Update size changed and it went back to 43% complete. I don't mind waiting and being patient just wanted to make sure it's working correctly.

Never mind, it's done and is now scanning.

Ok, here are the reports:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\System32\drivers\vwbmmiwv.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFC79E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD62B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_260.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_183119

Files moved on Reboot...
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFC79E.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD62B.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_260.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_678.dat not found!


The Kaspersky showed: No Malware Detected. There was no report generated.

Thanks again! Will check in with you tomorrow.

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

• Make sure you have an Internet Connection.
• Download OTCleanIt to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard gives you realtime protection from spyware.
• Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
• Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Sorry I forgot to post the new HJT log.

I do still have several questions if you'll bear with me.

#1. I'm still having the original problem with IE not opening all the way. I still have to use Task Manager to shut it down. I've noticed that everytime I go into TM to shut it down that it's always stuck at around 27,000k. Always. I don't know much about what processes are supposed to run at but I have seen IE over 150,000 with more than one tab open. Again I don't know what's normal but I've seen kbd.exe (my understanding is this is the keyboard) running at 16,000k. Usually it's around 1000k. Just didn't know if these fluctuations are normal, but when that kbd.exe was up high like that I had a lot of trouble with IE being so super slow.

#2. So was I indeed infected?

#3. Why do you think Avast had errors trying to move those two to the Chest?

#4. Those two files are still in the quarantine in MBAM, should I delete them?

I will wait for your response before I perform the clean up tasks in your last email. HJT log I was supposed to post last night follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:26 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Desktop Weather Authority.lnk = C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122703680500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144095485656
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1CBDC9-A518-417C-B290-1644F2F55370}: NameServer = 206.74.254.2,204.116.57.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10380 bytes

#1. I'm still having the original problem with IE not opening all the way. I still have to use Task Manager to shut it down. I've noticed that everytime I go into TM to shut it down that it's always stuck at around 27,000k. Always. I don't know much about what processes are supposed to run at but I have seen IE over 150,000 with more than one tab open. Again I don't know what's normal but I've seen kbd.exe (my understanding is this is the keyboard) running at 16,000k. Usually it's around 1000k. Just didn't know if these fluctuations are normal, but when that kbd.exe was up high like that I had a lot of trouble with IE being so super slow.

The longer a process usually is running and is used, the more memory it will use. So, these things would be normal. If you are having trouble with Internet Explorer still, I would ask this question, and full details of what happens in this forum. They would be best to help you with that.

#2. So was I indeed infected?

You did have a trace of Trojan.Agent, and a Adware program (Viewpoint Media Player), but other than that, you were clean.

#3. Why do you think Avast had errors trying to move those two to the Chest?

According to your original post:

Then I ran my Avast scanner, set to Standard Scan & scan archive files, took 2 long hours and ran it twice first time it came up:

C:\WINDOWS\Installer\91453f.msi\lSSetupFile.SetupFile13 : Win32:Dialer-gen

Second scan show the above and also:

C:\System Volume Information\...\Issetup.SetupFile13

The first file is part of an installer file, and the second file is from your System Restore. Avast! may not have the ability to delete a portion of an installer file, nor a system restore point for that file.

#4. Those two files are still in the quarantine in MBAM, should I delete them?

Yes, you are safe to delete them.

Thanks so much for explaining, it helps me to learn.

One last question:

When I updated HijackThis, it didn't take off the older version, it's still on my computer/desktop. How do I properly get rid of the older version?

The only one installed on your computer is HijackThis Version 2.0.2. If you have an earlier version that still left over on your desktop, all you would need to do is send it to the recycle bin, and delete it. That should be all that's left.

Thank you so much for all your help!! I've completed all but one of your final instructions. I could not install the recovery console because I do not have a Win XP CD. I don't remember our computer ever having one?? We bought it brand new about 4 yrs ago. Anyway, I will seek help in the other forum you recommended for the IE stall problem. It's actually not been as bad. Thanks for answering all my questions.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.