Trogan Horse SHeur.CJVO

Good Morning
I have cleaned my machine, and have run Hijack this. I use Windows XP, Internet Explorer 6, have AVG (free version). Could you please help me get rid of this trogan horse. Seems many people are picking this up. I am trying to copy & paste my log, but keep getting an error message about posting URL's...

Trying again
Here's my Malwarebytes report...
Malwarebytes' Anti-Malware 1.28
Database version: 1181
Windows 5.1.2600 Service Pack 3

9/20/2008 11:59:06 AM
mbam-log-2008-09-20 (11-59-06).txt

Scan type: Quick Scan
Objects scanned: 49011
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\save (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\save\gamesave0.sav (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\save\gamesave2.sav (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\save\gamesave3.sav (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Slowly but surely. Here is the SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log

Generated 09/20/2008 at 01:12 PM

Application Version : 4.21.1004

Core Rules Database Version : 3575
Trace Rules Database Version: 1563

Scan type : Complete Scan
Total Scan Time : 01:08:13

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 7312
Registry threats detected : 1
File items scanned : 24562
File threats detected : 30

Unclassified.PC MightyMax
HKU\S-1-5-21-2329832509-4018661553-1082311385-1009\Software\PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax

I've read on other forums this may be a false positive report with AVG.
Off to do the BitDefender scan...

No problems found with BitDefender. Here is the log followed by an updated Hijack this log. All done now. Thanks in advance.
BitDefender Online Scanner

Scan report generated at: Sat, Sep 20, 2008 - 15:00:37

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time
01:36:32

Files
527484

Folders
7867

Boot Sectors
0

Archives
16941

Packed Files
21058

Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0

Engines Info

Virus Definitions
1772391

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
4


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:51 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = : See =3&tp=iehome&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = =3&tp=iesearch&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = =3&tp=iesearch&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = =3&tp=iehome&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.Pirates of the carribean online
O15 - Trusted Zone:
O15 - Trusted Zone: http://*.pogo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) -
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) -
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) -
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Here is the last post for Uninstall list:
AC3Filter (remove only)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AVG Free 8.0
Azureus
CCleaner (remove only)
Chaotic
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
Creative WebCam NX User's Guide (English)
croNous
DivX Codec
DivX Content Uploader
DVD Shrink 3.2
DVDFab HD Decrypter 3.2.0.0
Enhanced Multimedia Keyboard Solution
Google Talk (remove only)
Help and Support Additions
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HomeWorks
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3840
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5
HP Image Zone Plus 4.2
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.0
HP Software Update
HP Update
HPIZ402
IntelliMover Data Transfer Demo
Interactive User’s Guide
InterActual Player
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Mage Knight(TM) Apocalypse
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Demo
NVIDIA Drivers
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
Project Torque
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
RealPlayer
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.6
Spybot - Search & Destroy
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
TweakNow RegCleaner Standard
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Upgrade
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Internet Mail
Yahoo! Messenger

Welcome

Since running those steps how is the computer running now.
What issues are you experiencing ???


Now

Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all windows and browsers except HJT and click fix checked.

NEXT

Remove all older versions of Java except Java(TM) 6 Update 7
Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select it and click Remove.
* Close any programs you may have running - especially your web browser.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.


Old ones

Hi Porthos
The computer runs slow off & on. Pretty slow at starting up. Run multiple applications & again it is slow. It wasn't till last night when the AVG was run that this Trojan showed up in the results. AVG was not able to move it to the virus vault. I've done all you asked above. Would you like a new HJT log?

Lets look deeper


Download OldTimer's OTViewIt from HERE to your desktop, then click OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt.

OTViewIt will also create a second log, Extras.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored on your desktop).

Note - do not press any other buttons or make any other changes when running the scan.


You can use separate posts here when replying and posting the log files if needed.

Hi
Here is the scan
OTViewIt logfile created on: 9/20/2008 5:55:54 PM - Run 1
OTViewIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 144.37 Mb Available Physical Memory | 28.23% Memory free
981.26 Mb Paging File | 591.93 Mb Available in Paging File | 60.32% Paging File free
Paging file location(s): C:\pagefile.sys 500 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.72 Gb Total Space | 40.17 Gb Free Space | 58.46% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.75 Gb Free Space | 13.01% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETERSON
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
Files within: 30 Days

========== Processes - Non-Microsoft Only ==========
[2008/08/28 23:29:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/28 23:30:11 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/08/28 23:29:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/09/03 14:07:12 | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2008/08/28 23:29:51 | 00,551,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
[2008/09/20 17:54:09 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[2008/08/28 23:29:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/28 23:29:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

[2008/08/28 23:29:48 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2006/09/08 21:35:09 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
File not found -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\DMSKSSRh.sys -- (DMSKSSRh [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs [Disabled | Stopped])
File not found -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [System | Stopped])
File not found -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm [System | Stopped])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
File not found -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])


========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.citynews.ca/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q404&bd=pavilion&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.citynews.ca/

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (266914 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9246 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"nwiz"=nwiz.exe /install ()
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe ()

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\free: http in Local intranet
http: * in Trusted sites
Pirates of the carribean online: * in Trusted sites
pogo.com: http in Trusted sites
pogo.com\www: http in My Computer
54 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2329832509-4018661553-1082311385-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\free: http in Local intranet
http: * in Trusted sites
Pirates of the carribean online: * in Trusted sites
pogo.com: http in Trusted sites
pogo.com\www: http in My Computer
54 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00B71CFB-6864-4346-A978-C0A14556272C}: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -- Checkers Class
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/FacebookPhotoUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2B323CD9-50E3-11D3-9466-00A0C9700498}: http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab -- Yahoo! Audio Conferencing
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab -- Symantec AntiVirus scanner
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{3107C2A8-9F0B-4404-A58B-21BD85268FBC}: http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB -- PogoWebLauncher Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{3DA5D23B-EFE1-4181-ADB7-7D457567AACA}: http://sympatico.zone.msn.com/bingame/pacz/default/pandaonline.cab -- TGOnlineCtrl Class
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab -- Disney Online Games ActiveX Control
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF}: http://zone.msn.com/bingame/rock/default/popcaploader1.cab -- Reg Error: Key does not exist or could not be opened.
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/FacebookPhotoUploader.cab -- Facebook Photo Uploader Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101002144531 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab -- Symantec RuFSI Utility Class
{64D01C7F-810D-446E-A07E-16C764235644}: http://zone.msn.com/bingame/amad/default/atomaders.cab -- AtlAtomadersCtlAttrib Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139444856062 -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab -- HouseCall Control
{7CCAD6DD-DD0B-440B-91FF-7670F5AADC21}: http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab -- SpinTop Games Launcher
{7D1E9C49-BD6A-11D3-87A8-009027A35D73}: http://chat.yahoo.com/cab/yacsui.cab -- Yahoo! Audio UI1
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab -- MJLauncherCtrl Class
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}: http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab -- UnoCtrl Class
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}: http://www.worldwinner.com/games/shared/wwlaunch.cab -- Wwlaunch Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{8C279F4E-917E-4CD2-8DF0-D9C73C0CE763}: http://zone.msn.com/bingame/zpagames/zpa_wof.cab34227.cab -- ZPA_WheelOfFortune Object
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab -- MessengerStatsClient Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{97438FE9-D361-4279-BA82-98CC0877A717}: http://www.worldwinner.com/games/v55/cubis/cubis.cab -- Cubis Control
{9AA73F41-EC64-489E-9A73-9CD52E528BC4}: http://zone.msn.com/binGame/ZAxRcMgr.cab -- ZoneAxRcMgr Class
{9D8D7672-93FF-417E-9024-C16AD141C50C}: http://www.worldwinner.com/games/v48/haunted/haunted.cab -- Haunted Control
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}: http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab -- BatchDownloader Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab -- MSN Games - Installer
{BD8667B7-38D8-4C77-B580-18C3E146372C}: http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab -- Creative Toolbox Plug-in
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}: http://zone.msn.com/bingame/shpo/default/shapo.cab -- TikGames Online Control
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}: http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab -- CPlayFirstDinerDashControl Object
{E5D419D6-A846-4514-9FAD-97E826C84822}: http://fdl.msn.com/zone/datafiles/heartbeat.cab -- Reg Error: Key does not exist or could not be opened.
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}: http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? -- Photo Upload Plugin Class
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab -- Solitaire Showdown Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{03DB376B-7674-46F3-86BA-2F81B27DD6FC} (Servers: | Description: 1394 Net Adapter)
{83E3A146-DEA0-44F1-82DB-39B938F790E5} (Servers: | Description: )
{D4F0B400-B117-425A-BD0E-A8770563A03A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
>[2001/09/18 19:37:34 | 00,016,973 | ---- | M] () -- C:\WINDOWS\system32\ZWebAuth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/07 15:03:34 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 22:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]



========== Files/Folders - Created Within 30 days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/09/20 17:54:07 | 00,424,448 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/09/20 12:02:19 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/09/20 11:51:53 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/20 11:51:53 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/20 11:51:52 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/20 11:47:00 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2008/09/20 11:22:57 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2008/09/20 11:21:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2008/09/06 21:35:07 | 00,000,363 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\croNous.lnk
[2008/09/06 21:18:42 | 48,217,7811 | ---- | C] (Lizard Interactive Co) -- C:\Documents and Settings\HP_Owner\My Documents\Cronous_Aeria_200808.exe

========== Files - Modified Within 30 days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/09/20 17:54:09 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/09/20 16:47:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/20 16:45:50 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2008/09/20 16:45:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/20 16:45:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/20 16:44:56 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/20 16:33:01 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Microsoft Word.lnk
[2008/09/20 15:25:45 | 00,000,585 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\My Sharing Folders.lnk
[2008/09/20 12:02:20 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/09/20 11:51:53 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/20 11:47:00 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2008/09/20 11:22:58 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2008/09/20 10:51:13 | 00,266,914 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/20 09:29:52 | 27,514,879 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/18 16:05:36 | 00,249,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/14 23:05:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/14 13:17:38 | 01,606,692 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2008/09/12 05:57:29 | 00,111,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/06 21:35:07 | 00,000,363 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\croNous.lnk
[2008/09/06 21:20:25 | 48,217,7811 | ---- | M] (Lizard Interactive Co) -- C:\Documents and Settings\HP_Owner\My Documents\Cronous_Aeria_200808.exe
[2008/09/05 19:49:10 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/08/28 23:29:48 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/08/26 16:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >

Here is the 2nd log. Glad you understand this stuff.
OTViewIt Extras logfile created on: 9/20/2008 5:55:54 PM - Run HP_Owner
OTViewIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 144.37 Mb Available Physical Memory | 28.23% Memory free
981.26 Mb Paging File | 591.93 Mb Available in Paging File | 60.32% Paging File free
Paging file location(s): C:\pagefile.sys 500 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.72 Gb Total Space | 40.17 Gb Free Space | 58.46% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.75 Gb Free Space | 13.01% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETERSON
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
Files within: 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
File not found -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/08/28 13:22:19 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/28 23:29:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\Program Files\Steam\SteamApps\damianblood909\sin 1 multiplayer\sin.exe:*:Enabled:sin
File not found -- C:\Program Files\Steam\SteamApps\damianblood909\sin episodes emergence\SinEpisodes.exe:*:Enabled:SinEpisodes
[2006/10/27 10:52:00 | 06,444,581 | ---- | M] () -- C:\Program Files\MageKnight.exe:*:Enabled:MageKnight

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Standard
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}"=hpg8200
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{14589F05-C658-4594-9429-D437BA688686}"=IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}"=hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}"=HP Photo & Imaging 3.5 - HP Devices
"{17293791-C82E-476C-9997-9A0FF234A19B}"=HP Product Assistant
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}"=InstantShare
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}"=Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}"=PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}"=hpg3970
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}"=TrayApp
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{267868CE-6DFF-40F7-9C58-C01119B7B117}"=Fax
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}"=CameraDrivers
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}"=Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}"=AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}"=CueTour
"{3AE681E0-4E8D-453F-950A-48534D3C0724}"=Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}"=PSPrinters06
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}"=ShareIns
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}"=HP Image Zone Plus 4.2
"{5E8D588F-307C-4250-B622-26969027319A}"=PanoStandAlone
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}"=CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}"=PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}"=HP Software Update
"{651FF3BA-C2B5-AC2E-F05A-C4F78D611033}"=Nero 7 Demo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}"=Destinations
"{6DE39343-0C7E-4b3a-8BDC-A846B7A8CAFE}"=CameraDrivers
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}"=BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}"=HP Photosmart Cameras 4.5
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}"=HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}"=SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8D9768AE-DE42-4A04-A461-2361A58C384D}"=HPIZ402
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}"=QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}"=PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}"=Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}"=AiO_Scan
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}"=Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}"=hpg5530
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}"=HP Deskjet 3840
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}"=DocProc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}"=DocumentViewer
"{B911B811-BA3E-46D4-90F8-6F3338359651}"=Director
"{BC339BFD-F550-471a-8D26-4D08126C62F7}"=SkinsHP2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}"=HPODiscovery
"{C698CB91-D535-46D0-851F-E6B6A9B6AE97}"=HomeWorks
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}"=WebReg
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D1BA4778-61DB-4405-AD57-03C939080E19}"=Chaotic
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{E2EFF20D-30BF-4907-B1FD-B7EBCED798D6}"=HPHDiscovery
"{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}"=Interactive User’s Guide
"{E94FF1F8-E9E7-4A5C-B36A-0B2439EC68CA}"=Mage Knight(TM) Apocalypse
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}"=hpg2436
"{F270470B-D4A7-4EE2-B010-390E104443A7}"=croNous
"{F419D20A-7719-4639-8E30-C073A040D878}"=HP Deskjet Preloaded Printer Drivers
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}"=CreativeProjectsTemplates
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AC3Filter"=AC3Filter (remove only)
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Agere Systems Soft Modem"=Agere Systems PCI Soft Modem
"Atlantis"=Atlantis (remove only)
"AVG8Uninstall"=AVG Free 8.0
"Azureus"=Azureus
"CCleaner"=CCleaner (remove only)
"Creative PC-CAM Center"=Creative PC-CAM Center Lite
"Creative PD1110"=Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor"=Creative WebCam Monitor
"Creative WebCam NX User's Guide English"=Creative WebCam NX User's Guide (English)
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab HD Decrypter_is1"=DVDFab HD Decrypter 3.2.0.0
"Help and Support Additions"=Help and Support Additions
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.5
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InterActual Player"=InterActual Player
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"KBD"=Enhanced Multimedia Keyboard Solution
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"MVApplication1"=Memorex exPressit Label Design Studio
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"NVIDIA GART Driver"=NVIDIA GART Driver
"Project Torque"=Project Torque
"PS2"=PS2
"Python 2.2 combined Win32 extensions"=Python 2.2 combined Win32 extensions
"Python 2.2.1"=Python 2.2.1
"RealPlayer 6.0"=RealPlayer
"S3"=VIA/S3G Display Driver
"SpywareBlaster_is1"=SpywareBlaster 4.1
"ST6UNST #1"=Upgrade
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay"=S3 S3Display
"VTGamma2"=S3 S3Gamma2
"VTInfo2"=S3 S3Info2
"VTOverlay"=S3 S3Overlay
"WinAVIVideoConverter_is1"=WinAVIVideoConverter
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2008 11:09:54 PM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2008 12:48:04 AM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application ProjectTorque.bin, version 0.8.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2008 2:29:05 AM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 7.0.1.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2008 11:38:52 PM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2008 11:38:52 PM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2008 2:09:56 PM | Computer Name = PETERSON | Source = Application Error | ID = 1000
Description = Faulting application projecttorque.bin, version 0.8.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x01931aad.

Error - 8/31/2008 2:10:43 PM | Computer Name = PETERSON | Source = Application Error | ID = 1001
Description = Fault bucket 909114728.

Error - 9/4/2008 12:57:00 PM | Computer Name = PETERSON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5626, fault address 0x00094c08.

Error - 9/19/2008 9:10:30 PM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2008 9:10:30 PM | Computer Name = PETERSON | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/20/2008 4:43:22 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:22 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:22 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:22 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/20/2008 4:43:23 PM | Computer Name = PETERSON | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

Just wanted to give an update. I have run AVG again, and this time no Trojan Horse came up. Maybe it was a false positive reading. I'd still like to clean this computer up some more if there is anything more I can do...
TY for your help so far.

The only things I see left that causes slowdown.

1- This computer has only 512mb ram, Today 1 gig is recommended nowadays.
2- Your AVG got installed with the standard install which includes the linkscanner and the toolbar.

Reinstall AVG after you read this site so you can be rid of that awful component.

http://grandstreamdreams.blogspot.c...avg-simply.html


Also I would download
Auslogics Disk Defrag from HERE and defrag your hard drive.


Do that and post another HJT log and tell me if there is any improvement.

Good Morning
There has been more memory added to the computer in question. 1 gig stick. Going to see if maybe it wasn't installed properly. I'll go the AVG thing to 2 computers. Didn't know they installed extra components. I'll get back to you.....thxs again.

Good idea. That is one reason I had you run the last log and it showed me this.




Also we can do some more diagnostics .( I do computer repair for a living.)


Lets test some of your hardware.

Download This it is a control panel addon that works on XP and Vista. It will add these programs to your control panel.


BootSafe v2.0.1000
ClearType PowerToy
CPU-Z v1.46
Expired Cookies Cleaner v1.02
GPU-Z v0.2.6
HD Tune v2.55
HWmonitor v1.10
MemTest v3.7
Microsoft AutoPlay Repair Wizard
Microsoft TimeZone <-- Requires .NET Framework
Microsoft Virtual CD-ROM Control Panel v2.1
MSI CleanUp Utility 4.4
Nero Info Tool v5.2.3.0
New MSConfig
Regedit
Startup v2.8 CPL
Services and Devices v2.7
Windows Task Manager
User Accounts 2 CPL

See here





Now after this is done OPEN your control panel and choose classic view and open (do these one at a time)

HD Tune v2.55 choose error scan and click start (do not check quick scan)




After that is done and hopefully no red dots


Open MemTest v3.7






Click start testing and let it run for about an hour. It will keep going untill you tell it to stop.

What we are looking for is this not to come up

Hiya
I ran the HD Tune, no red dots
Ran the memory test, no errors
Reinstalled AVG, easy as pie.
Going to go defrag now. I'm going to do it through System tools rather than downloading another program (I ususally do it once a month).
Then I'll come back with a new HJT log. Your instructions are really easy to follow. Thank you