Posts by jholland1964

You first need to go to Add/Remove and uninstall PC Check-up. If you cannot find it there then go to C:\Program Files\PC Check-up\ and uninstall it from there.

Then run HiJackThis again and place checkmarks next to the following entries if they still exist;

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC Check-up\PCCheckUp.exe" -mini
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

Once you have those checkmarks placed then click the Fix Checked button. Exit HJT.
Reboot the computer and run one more HJT scan and post the log here.

See if you can download via Safe Mode with networking.

You do have some questionable entries in your log. I recommend that you begin by following the steps given HERE
Be sure to allow Malwarebytes' Anti-Malware to fix whatever it finds.
Once you have completed those steps then post back here with the MABM log, ESET scanner log and a new HJT log.

You should scan that USB device to be certain there are no infections on that.
Frankly I would have advised using the programs recommended by several forums, including here to remove this antivirus xp 08.
I would still recommend that you download, install and update Malwarebytes'Anti-Malware. Then do a scan with it of your computer and have it remove everything found. It will also clean registry entries and right now is the normally recommended tool to attack and remove this virus.
Run that, let if fix and then post back here with that log.

Log looks better, however I see that you DID NOT uninstall that Registry Booster, even with it's not so good reviews. This is your choice of course but let me pass along some information I learned several years ago from an advisor whom I trust immensely and his thoughts on most Registry programs;

... those orphans and duplicates are all harmless and will not be negatively impacting on the performance of your system. Were registry cleaning *really* able to improve performance, the developers of these utilities would support their marketing claims with some form of empirical evidence (performance prior to cleaning -vs- performance post cleaning). But have you ever seen such benchmarking? No, and that's because registry cleaning does *not* improve perforance. Think about it ... programs such as SpywareBlaster dump 1000's of entries into the registry without causing any performance hit. Similarly, the fact that registries tend to hold significantly more information than in years gone by (bigger hard disks = more programs installed/data stored = more registry entries) has not resulted in systems slowing to a crawl.

Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix. The best way to deal with (possibly) registry-related issues is is to throughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).

But the choice is yours. Just be careful, know what you are doing.

Hi, welcome to daniweb.

i couldn't do a system restore either.

You don't need to do a system restore. That file was IN your system restore. If you turned off system restore then that should have removed the file.

You need to update your java program your program is out of date. Current version is version 6 update 7

I would advise that you uninstall, via Add/Remove Uniblue RegistryBooster 2009. These programs are certainly not necessary to run all the time in the background. The registry isn't someplace one should play around in, as you can do serious damage to the computer. When checking out this one it really didn't get very good reviews and as one site said,

We appreciated the attempt to explain areas of the Registry to be scanned in plain English, but this wasn't continued into the results section, where brief and often confusing descriptions abound. The same disappointment was experienced with the scan itself, which was the slowest on test; ....It comes across as a work-in-progress rather than a commercial product

Uninstall it.
Next, download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan …

Once you back up your data. Then the only thing you would need to do with System Restore is turn it off, this will clear the old and possibly infected restore points. Wait a minute and then turn it back on and it will set a new clean Restore point. That is it. You DON'T want to go back to another time or date because you do run the risk of bringing the infection back.

Recovery Console and System Restore are two different things.

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx
The System Restore feature is built into Windows XP and is used to return your computer to an earlier state if you have a system failure or other major problem with your computer. System Restore automatically tracks changes to your computer and creates restore points before major changes are to occurFor example, restore points are created before new device drivers, automatic updates, unsigned drivers, and some applications are installed. These healthy system checkpoints are created without prompting or intervention from the user the first time the computer is started after Windows XP is installed and, by default, on a daily basis after that. You can also manually create restore points.

When you use System Restore, you can revert to a saved state (of several days or weeks earlier if needed) without losing personal data including Word documents, e-mail settings and messages, and your Internet favorites list. System Restore won't lose any data you have stored in the My Documents, My Pictures, or My Music folders either

http://pcsupport.about.com/od/termsr/p/recoveryconsole.htm
The Recovery Console is for use when your system does not start correctly. The Recovery Console is particularly useful if you have to repair your computer by copying a file from a disk or CD-ROM to your hard disk, or if you have to reconfigure a service that is preventing your computer from starting correctly. These actually would be KEY original system files, NOT a saved document or …

Post the malwarebytes log as soon as it is complete. Be sure to have it fix what it finds.
After that I want you to download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double Click the Combofix icon on the desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
When the program begins to run you will be offered a disclaimer. To agree to run the program you must press 1. Please do so.
Then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.

Once the Windows Registry …

Was the zip file the only way to post it? You can either copy/paste or attach as a .txt file.

thanks for a quick prompt.
I have tried the suggestions in the read before posting:
system restore as i said before has a problem. sometimes, only sometimes works in safe mode.
atf-cleaner cannot be accessed.
microsoft malicious removal tool.... can be accessed to the downloading part and then stops. try the other link... not able to access.
option 9 for the online scanning... all of them cannot be accessed.!
i have been trying to post the HJT log with no success.... i will keep on trying

Don't worry about the System Restore part...you don't need to do anything with that until we are sure the system is clean.
When you say ATF-Cleaner cannot be accessed do you mean you cannot download it or you have downloaded it but cannot run it?
If nothing else try the built-in disk clean up program on the computer. If you can't do that either don't worry about it.
A key program would be the Malwarebytes program. Have you been able to download and install it?
The main thing is do what you can.
What is happening when you are trying to post the HJT log?

Can you try the steps HERE?.
Especially the Malwarebytes program. Have it fix everything found.
Ignore the DSS scanner program in that sticky for now, it is not available.
See if you can get us a scan with HiJackThis too

Maybe somebody else can come up with solution on those avira driver warnings...we know they actually are not even supposed to be on the system since you removed the program but obviously there is still a setting someplace that says they are supposed to load. Have searched high and low and cannot find the answer. I will be away for a week beginning tomorrow afternoon so other folks will be checking in this post I am sure. Hopefully one of them will have the answer I couldn't find.
Judy

Please check your video driver also.
Right Click My Computer, Choose Properties. When System Properties opens then go to Hardware, Device Manager. You should then be able to find the Display Adapter. Double Click on that and you should see what video adapter you are using and the manufacturer. Go to that manufacturer's web page to check on current adapters.

at the very least you've forced me to learn more about XP...is that an advantage??

Absolutely. I love this os. Honestly, I didn't find it that much different from my old 98.
I believe most HP's come with the Recovery Partition. A small partition on the hard drive contains a record of all software installed at the factory and shipped with this system. This includes images for the Microsoft Operating System and supplemental products. If you have a problem with the operating system or device drivers, the programs on the recovery partition can restore the PC to proper operation.
Here is an HP link that explains it in general terms anyway. There are more than likely specific instructions at their website dealing with your specific model.

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&docname=c00239036&dlc=en

Why not try Chat with a Tech on HP?
I have done it many times with pretty good results. They can certainly explain to you how to do this.

That's why I keep wanting to do a complete reload of Windows...used to work wonders pre-XP.

Another option, if you are seriously considering this, is to use your XP CD to do a repair installation of XP. You will not lose any info, but you will need to redownload any security updates or service packs.

Well, have done some searching around about this and sounds to me like it is a very common problem with all versions of the game. Most places seem to feel that persons having problems had video cards which were not compatible with the games. Found several threads where solution was to reset graphics settings from "normal" I guess you would say, to specific settings for the game to play correctly but that this didn't work with all graphics cards!
Could be part of your problems maybe, at this point I am stumped.
What graphics card do you have and do you have the most current drivers? These you should get from the graphic card website by the way rather than your computer manufacturers website.
I am still wondering about some hidden "something" on there though, but if "Tiger" made some settings changes....?

avgio.sys
abipbb.sys
ssmdrv.sys
avgntflt.sys
Can I get those files from i386?

All of those above are related to Antivir Avira Personal Edition. You don't need to restore these because it is gone. Log shows that these are set to load during either boot up or system start.

ftsata2.sys can be related to Promise ATA RAID drivers. Do you have this on the system?

Looking through the log I see references to two registry cleaner program that I am not familiar with;
Max Registry Cleaner
Eusing Free Registry Cleaner
Did you use these? If so, did you make backups?

Ok, have gone back through our other thread. I want to be absolutely certain that all remnants of your previous infections were removed and I was really wrong not to request it in the other thread.
If you still have Malwarebytes-Anti-Malware program on the machine, hopefully you do, go back into it and find the log for the scan you did that removed the trojans, etc. When you open the program you will see a lot of TABS, one of those says Logs. There the previous logs are saved by date. If you are not sure of the date then you will have to go through and double-click on each log to open and read it so you can hopefully find the right one.
Post that for me.

Then next I would like you to update Malwarebytes and run another full scan. Allow it to fix whatever is found. Post THAT log also.
Then I would like you to run Deckard's System Scanner and post the logs that it will produce, there should be two of them.

If you don't have Malwarebytes program remaining on your system then you can download both it and Deckard's at this link HERE

Judy

wmipruse.exe

Are you sure it isn't wmiprvse.exe?

I am sorry you did not approve of the methods used. I checked your thread at securitycadets, same programs and steps were used there as were and here and if given the chance to do so here the completion steps given there would have also been used here.
Sorry I couldn't have been of more help.

Thanks PP cause I could find nothing.

I just find that odd since it shows up absolutely no where in any of the logs.
How about the trusted site I asked about?

Also, in your first post you said....

norton has detected 4 downloaders and cant remove them

What were the names of those downloaders and where exactly were they located?

Looks like MBA-M removed a couple of problems, the ESET scanner located a file in the spybot quarantine, wouldn't be a problem. Empty that quarantine folder.
Not sure what you mean by this...

i also removed the program Otto

Looking through the logs I don't see this anywhere, what is the full name of the program you removed?

Also did you add this to your Trusted Sites....

http://*.trymedia.com (HKLM)

How about the Malwarebytes' Anti-Malware program and the ESET Online Scanner? Have you run those? I will need those logs too. Also be sure you have Malwarebytes fix everything it finds.

Follow the instructions given HERE Post back with the requested logs.
I notice you are still using Firefox 3 Beta. You should update Firefox as version 3 is no longer a beta version and is now at version 3.01.

Happy that I could supply some help. Good detective work on your part finding that Zone Alarm problem. Bravo to you!!!
Now should your friend question the use of the Windows Firewall here is the explanation I always use as to why I myself use it and not another. Have kept this from a forum I used for years, fellow really always gave top notch advise and this has worked for me without difficulty for going on 5 years;

Windows Firewall blocks only incoming stuff whereas third-party firewalls block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find significantly more threads relating to problems caused …

It's Avira with something still running in the machine that I can't find. The Avira Scheduler Service and Guard Service are trying to run and there's nothing to run

Go to Start, Control Panel, Administrative Tools, Services. When this opens everything is listed in alphabetical order and scroll down to Avira listings, there are probably two of them like it shows in my first attachment.
One at a time double click on each entry. Change Start up type to Disabled. Click Apply.
See both of my other attachments.
Once you have done that then reboot the machine and see if errors are still appearing.

In IE go to Tools, Internet Options, Privacy Tab. There is where you will find the option to turn on or off the pop up blocker.

It's saying there are processes that weren't loaded at startup.

So, I've suspected for some time that my copy of XP has been compromised somehow and that the crashes come when the system calls one of these subroutines that's not there. What that would mean by now is that the backup for XP now doesn't have the files either. Short of buying a full copy of XP, how can I clean this up since the O/S no longer comes with the machine?

Number 1;
What ARE the processes which are not being loaded?
Number 2; No, this does not necessarily mean your copy of XP is compromised, this just means they are disabled. It is very possible they can be turned back on, but I need to know what they are. That does NOT mean the backup doesn't have the files either. Backup is exactly what it means...a backup copy. A working copy may have compromised or corrupted files but the backup copy isn't used...it is sitting there as backup...usually untouched.
Number 3. Did your system come with a restore disk? If so, then you DO have a copy of XP. If the computer has a restore partition, then you DO have a copy of XP. However, if this was/is a pirated copy of XP then no, you do not have …

Camera software can be a pain really. Much of the time if you use a card reader instead of just hooking the camera to the computer the software that came with the camera doesn't need to be installed at all. I have had three digital cameras, an HP, and two Olympus and used card readers with all and never installed any of the software that came with the cameras.
I am "leaning" towards the problem being the HP Image program...it too contains a Photo Gallery portion. Ask him if he uses this, if not, uninstall it. If he does, be sure he has the disks and have him totally uninstall it. See if he still gets that Photo Gallery message. If he doesn't then he knows that is what caused it. It was probably a corrupt file in there. If he wants to use the program then have him install again but when he does have him go offline, disable his antivirus and firewall and install. Reboot and see if the message comes back, if not then he knows that is what the problem was. Be sure to then have him re-enable the antivirus and firewall.

The computer prompts "Application Failed to Load" errors upon log in. Then a program called PhotoGallery tries to install automatically but fails repeatedly.

For the above part of your post, I am guessing that this has something to do with either your Olympus Master software or else your HP...whatever you have...printer?
Neither of these programs...the Olympus Master OR your HP Updates need to run at start up and can easily be run manually, I would remove both of those from autostart and see if this makes a difference with the Photo Gallery program trying to install. Both of these have a Photo Gallery portion to them. There is also a Windows Live Photo Gallery which may be trying to load. Don't know if you have tried to install this or not, if so the application failed, possibly because the download was corrupt. Have you looked in your Add/remove to see if there is a Photo Gallery of some kind listed there? If so try uninstalling it.
Now wireless is really something I don't know about so I cannot help you there. But how long has that problem been happening?

Have found this information you might try, now you didn't say if you have the pop-up blocker turned on or off but try this and see if it makes a difference go to that Accuweather site where you had the problem and try changing your settings to always allow pop-ups for this site.
You need to check
your Internet Privacy Options (which will be the same in IE6 &7). If you are
using IE7 then at the bottom of the page for the site you should see a small
icon for changing the security options for the site and you can do it there
online. Allow all popups.
See if this makes a difference.

Well rats! zeroth, I thought we had this licked last week!
I really don't see a thing in the log.
Tell me, how much RAM is installed on the sytem?
Have you done "general housecleaning" of the computer lately? Don't mean disk cleanup or anything like that, I mean checking for dust inside the case, vents, on fan blades, etc.?
Also, go to Start, Control Panel, Administrative Tools, Event Viewer. Click on Application and take note of errors showing there around the time of the shut downs. Double click on one of them to actually see what caused the error.
Do the same in System. This "might" give us a clue, can't promise it will but it cannot hurt to check.

Looks good to me Barry. How is the computer running?

Looks pretty good, just a few files I am not sure about so I would like you to go Jotti's malware scan
There you can upload files and they will be analyzed by apporx. 20 different scanners to maybe tell us exactly what they are.
At the top of the Jotti page there is a window, there you will copy/paste the names and location of these files and then click the submit button. The file will be scanned and the results given to you. Please post those results here. There is a browse button but you will only need to click the submit button since the combofix log gave us the locations. You will have to do these one at a time.
Here are the files you need analyzed one at a time;

C:\WINNT\system32\Jamster.ico

C:\WINNT\system32\ZoneAlarmIconUS.ico

C:\WINNT\mkok

C:\Program Files\Common Files\mkok

Post back here with the results.

Looking good Barry,
Just a couple more cleanup steps;
Open Notepad and copy/paste the text in the below quote box into it:

KILLALL::

Folder::

C:\WINNT\system32\ywmivq.dll
C:\WINNT\system32\csibuesi.dll
C:\WINNT\system32\tagyoogx.dll
C:\WINNT\system32\yhcyuj.dll
C:\WINNT\system32\ewqndptq.dll
C:\WINNT\system32\cfchunpg.dll
C:\WINNT\system32\psfbkt.dll
C:\WINNT\system32\jnbfmson.dll
C:\WINNT\system32\ekfjmlug.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OOBEDDDemise"="erase" [X]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Next run HiJackThis again and place checkmarks next to the following entries if they still exist;

O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
Once you have the checkmarks placed then click the Fix Checked button.
Exit HJT.
Reboot the system.
Run HJT once more and post the log here.
Now, you do not appear to be running a Firewall or you are running the built in Windows Firewall, which is fine, but you do need a firewall.
Also, your …

Ok, give me some time to go through all this and I will get back with you. In the meantime, empty the Malwarebytes Anti-malware quarantine and then update that program and run it again. Also run HJT again too. Post back with those logs, even if I have not come back with the combofix info.
Judy

Yep, still there.
Let's try this;
Download ComboFix to the desktop.
You may get a prompt asking if you want to Run or Save. Choose Save and be absolutely certain you save it to the desktop.
At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When you click that Combofix Icon you may get a warning prompt because ComboFix doesn't have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix will prepare to run and then you may see a Disclaimer Screen. You should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.

Did do this?

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'.
In the field, copy and paste C:\WINNT\system32\karina.dat
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes..

Why didn't you tell mbam to fix the following?

Files Infected: 1
Files Infected:
C:\WINNT\system32\drivers\27d8974d.sys (Rootkit.Agent) -> No action taken.

I want you to try this with HJT.
Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'.
In the field, copy and paste C:\WINNT\system32\karina.dat
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes..

Allow the PC to reboot, if it doesn't do it automatically, reboot manually.
Once you have done that, empty ALL those Quarantine files....AVG and MBAM both.
Reboot again.
Then run both programs again...MBAM first and then your AVG. Save the logs for posting here, even if you believe they are empty. I want to see them.
Once you have run both of those then run a new HJT scan and save the log.
Post back with the new logs requested.
Judy

First of all, you are running two antivirus programs, AVG8 and Norton. This is an absolute no-no. You need to totally UNINSTALL one of them using Add/Remove, following any prompts given by the uninstall. Then you need to do a manual file search on the computer using Start, Search, Files and Folders and looking in hidden files also, for any remaining files from the removed application. This is one reason fixes may not have been completed or one reason this infection is not found.

Once you have removed the program then also turn off SuperAntispyware and the PrevxCSI programs you don't want them running in the background right now as they could possibly interfere with the scans also.
You are showing an infection by Troj/FakeAle-DQ which is a trojan which will then drop other malware on the computer, so there could be more.

Uninstall the extra antivirus program and Update the remaining one. Update Malwarebytes, update the Superantispyware and then of course TURN it off.
Run a scan with the ESET Online Scanner
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a …

Keep us posted please.

Anyway, when I was following your suggestions just now, the Windows Security suite said there was already an antiVirus up and running and reporting everything OK! Yep, this Avira thing. But there's nothing in the system to do with Avira that I can see.

Try running Belarc Advisor. It is free and will do a quick scan of the computer and give you a full picture of the computer, including programs installed. If it shows on there then there has to be a least one little file remaining. If so, then do a file search and be sure to check hidden files and folders also. If something is found you can then remove it.
Now for your auto starts; I recommend CodeStuffStarter to control these. You can use it for both the Start Up programs and also Services too. Very easy to use.
Here are those items that you can safely disable auto starts;

Remind_XP.exe...HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

Recorder.exe...records all kinds of sound from sound card with high quality. It records the sound from other Windows applications with CD quality. It also supports to record sound from microphones, line-in, Cassette Tape, Video Tape and more input devices (am not familiar with the program but would …

I will go through the start ups and note the ones that can be disabled and get back on that shortly with instructions how to do so but FIRST and foremost, I don't see an anti-virus program or a firewall running on the system. These are absolute MUSTS today.
You can use the built in Windows firewall, I do. Many disagree with it since it only is a "one way" firewall, just stops invaders but doesn't stop your computer from sending out...my feeling is, if the Windows Firewall stops things from coming in then there won't be anything going out. But this is your choice, there are several good FREE firewalls many recommend;
ZoneAlarm Free - - Probably the most popular free choice.
Comodo Firewall Version 3.0 - - Quite possibly the best Free choice!
PC Tools Firewall Plus™ 3.0 for Windows® - - Another solid Free option!

For anti-virus programs;
AVG Free Edition

• AntiVir® Personal Edition Classic

• Avast! Home Edition
Your Java is also out of date. Current version is 6 update 7. I would update that AFTER you install the anti-virus program and firewall.
I will go through the rest of the log and let you know what and how to disable from auto starting.
Judy

Do me a favor, go back into msconfig and re-enable everything that you disabled. Can't tell you what or how to turn off an auto start unless I know what they are. msconfig should really be used only for troubleshooting not for permanent turn off. I can give you a couple of GOOD FREE programs to use to control auto starts but need to see all of them first.
Re-enable them and then run me a new HJT scan and I can tell you what and how to do it.
Judy

What anti-malware program did you run? Do you have THAT log? If so we need to see that also. We also need more information on the computer itself, hard drive size, how much RAM is installed?
You have a LOT running at start up and running in the background which could affect the ability of the computer to run resource intensive programs. I don't see an onboard antivirus program running? Where is it and what is it? This is an ABSOLUTE MUST. Your logs also do not show any firewall, also an absolute must. Are you using the built in Windows Firewall or No firewall?
You have also left off the top portion of the second log...the part that reads like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:35 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

That needs to be posted each time also as it gives the time the scan was done and vital information on the computer.

For one thing, turn off that Spybot TeaTimer. It truly causes more trouble than it is worth.
Please check the following are started:

1.Automatic Updates
2.Background Intelligent Transfer Service (BITS)
3.Cryptographic Services
4.Remote Procedure Call (RPC)
5.System Restore Service

To verify that BITS is correctly configured :

1.Double-click `Background Intelligent Transfer Service.`

2.In the Startup type box, click Manual, and then Apply.

3. Click the `Log On` tab, and then verify that the service is enabled in
every hardware profile that you have listed.

If the service is disabled in one or more hardware profiles, click the
hardware profile, Enable, and then Apply.

4. Click the General tab and then Start.

If BITS starts successfully, visit the Windows Update Web site or the
Microsoft Update Web site to see if you can obtain updates. If it works OK,
change (2.) to automatic
-
If you still receive the same errors, verify that you have correctly
performed steps 1 through 5.

WHO knows you are online? How do you actually KNOW this? You have to have some proof of this.

Lordy! Didn't even look at the original date!

Your problem is more than likely caused by the fact that you have THREE anti-virus programs running on the computer...at least a portions of Ewido Security Suite, and also Norton and Avast. The absolute rule is ONE anti-virus program on a computer. Pick ONE and totally UNINSTALL the others. Your choice. But be sure to UNINSTALL via Add/Remove, DON'T under any circumstances just delete them. If that Avast file shows as missing then it probably means that you attempted to uninstall but did not. You must do it the correct way otherwise portions of programs remain and cause problems.

Once you have done the uninstalls then REBOOT the computer. Delete the OLD version of HiJackThis that you have and download the newest version from HERE Be sure to install it to a folder of it's own. To do this create a new folder by right clicking on the desktop and choose New Folder. Then Rename the Folder HJT.
Download the new version of HJT to this folder and then run a new full system scan. Post back here with that new log.
You need to run a new scan with the newest version of HJT because there IS malware showing on the present log.