Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:39 AM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\joey\reader_s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\q03r0cc3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\TEMP\q03r0cc3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\joey\reader_s.exe
C:\WINDOWS\TEMP\271253316.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\joey\LOCALS~1\Temp\22575994.exe
C:\Documents and Settings\joey\My Documents\LaurenJunk\software\ATF-Cleaner.exe
C:\Documents and Settings\joey\My Documents\LaurenJunk\software\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\system32\yaubfh983ind.dll - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\joey\LOCALS~1\Temp\22575994.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\joey\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\LocalService\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\q03r0cc3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\q03r0cc3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\271253316.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\LocalService\reader_s.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170978095015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O22 - SharedTaskScheduler: as3iur98wajkef3wgf3 - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\zfgh83jg3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12374 bytes

*** UPDATED APRIL 16, 2009 ***

Please read and complete the following steps before posting your logs in the Malware Help Forum:

Special Note if Spybot is installed: Before proceeding, disable Spybot Tea Timer and leave it disabled until we're done here. See http://aumha.net/viewtopic.php?t=32409 for information on disabling Tea Timer.

Note: If you don't fully understand what Tea Timer does and how it does it, best to leave it permanently disabled.

Special Note for Vista: In all that follows, and subsequent sessions, you need to run these utilties "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.

You may want to print the rest of these instructions for offline reference.

1. Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2. Please download ATF Cleaner by Atribune, saving it to your desktop: http://www.atribune.org/ccount/click.php?id=1
(Mirror site: http://www.majorgeeks.com/ATF_Cleaner_d4949.html)

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
• If you use Firefox browser (and some Mozilla-based browsers):
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

3. Enable Show Hidden Files and Folders
If using Windows XP:

• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

If using Windows Vista or Windows 7:

• Close all programs so that you are at your desktop.
• Open the Control Panel menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

[Online tutorial covering both of the above: http://www.bleepingcomputer.com/tutorials/tutorial62.html]

4. Important! Open Notepad; Click on Format; Uncheck Word wrap, if checked.

5. Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
• In the lower right corner of the Top Panel, checkmark 'LOP Check'; and checkmark 'Purity Check'.
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
• It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
• Exit OTListIt2 by clicking the X at top right.

6. Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
• A Notepad document named checkup.txt should then open automatically; close Notepad, saving the file to your desktop. We will need this log, too.

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

7. After Registering, begin your own new thread. Briefly state your problem(s) and tell us what you've done so far to resolve them. Then copy/paste the following into your post (in order):

• the contents of the MBAM log (Step 1)
• the contents of OTListIt.txt (Step 5)
• the contents of Extras.txt (Step 5)
• the contents of checkup.txt (Step 6)

Please do NOT use the Attachment feature, despite what you might see in any of the above TXT files!

If you follow the above steps, it will accomplish three things:

1. Your computer will be cleaner and in better shape before we even get to your log!
2. It will save the volunteers on this site many hours of work and add to the accuracy of the information they are able to give you - it's easier to see individual trees in a thinned forrest.
3. You won't delay the process of getting up & running again by having to answer a lot of questions.

Please provide us the information we need in order to help you efficiently and effectively. Without this information you will only delay the cleaning process.

I'm using a different computer to type this response. I cannot access antivirus help viruses from my infected computer, and I cannot perform several other processes on that computer; for instance, my infected computer cannot access nor download from: http://oldtimer.geekstogo.com/OTListIt2.exe and http://screen317.spywareinfoforum.org/SecurityCheck.exe. I am also redirected to a poiskin.ru website from time to time when clicking on google links.

I couldn't download the .exe files from step 5 and 6 (I already had malwarebytes and atf cleaner on my computer before posting my initial post), so below is a hijackthis and mbam log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:01 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\9.tmp
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\joey\My Documents\LaurenJunk\software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\wu8zpr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\wu8zpr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2580465258.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VRT8] C:\WINDOWS\TEMP\VRT8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\joey\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\wu8zpr.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170978095015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10410 bytes



----------

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
4/24/2009 6:40:59 PM
mbam-log-2009-04-24 (18-40-59).txt
Scan type: Quick Scan
Objects scanned: 73076
Time elapsed: 6 minute(s), 54 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Failed to unload process.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\joey\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

You are heavily infected. Your best option is to reformat and start over, but if you want to try cleaning it, start with the following. Understand, that it may b err necessary to reformat as we attempt to clean. THat's why I suggested it first.

First:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Press the 'Scan' button and when done check the following items in HijackThis:
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exeO4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\wu8zpr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\wu8zpr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2580465258.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VRT8] C:\WINDOWS\TEMP\VRT8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\joey\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\wu8zpr.exe (User 'Default user')

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe


Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will usually be located in C:\Windows\ or C:\Windows\System32\)
C:\WINDOWS\TEMP\rtv_winupd.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\TEMP\wu8zpr.exe
C:\WINDOWS\TEMP\2580465258.exe
c:\program Files\ThunMail\testabd.exe
C:\WINDOWS\TEMP\VRT8.exe
c:\progra~1\ThunMail\testabd.dll
C:\WINDOWS\dhcp\svchost.exe

*How to Boot into Safe mode:
http://www.computerhope.com/issues/chsafe.htm

**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread. (Be sure that Word Wrap is turned off in Notepad)


Second:
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Once downloaded, rename Combofix.ex to Laurchie.exe and copy it to the infected computer.


Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on Laurchie.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
[color="#FF0000"][/color]

I downloaded combofix, but I kept getting an alert saying that it is unsafe to continue, and I should download another copy from bleepingcomputer (I did redownload, but I kept getting the same alert).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:19 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\joey\My Documents\LaurenJunk\software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170978095015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8357 bytes

--------------------

OTListIt logfile created on: 4/30/2009 5:46:14 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\joey\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 526.42 Mb Available Physical Memory | 51.46% Memory free
1.28 Gb Paging File | 0.49 Gb Available in Paging File | 38.03% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 4.78 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORTENCIO-MAIN
Current User Name: joey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 03:23:07 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/02/28 13:42:38 | 00,249,856 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/30 17:34:20 | 00,015,546 | ---- | M] () -- C:\WINDOWS\TEMP\BN2.tmp
PRC - [2006/04/13 13:27:40 | 00,081,920 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2003/10/06 15:16:00 | 00,102,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/07 18:59:40 | 00,800,504 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
PRC - [2007/01/04 14:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/08/29 05:59:24 | 00,143,360 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/04/03 02:01:00 | 00,155,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2004/03/04 08:46:24 | 00,192,512 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/03/25 21:27:58 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/12/07 18:59:42 | 00,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
PRC - [2004/09/03 17:21:26 | 01,032,192 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 14:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/12/12 23:21:14 | 00,675,328 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2004/08/04 03:00:00 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/03/25 20:49:02 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 20:49:00 | 00,589,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 02:25:18 | 00,307,200 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/30 17:38:17 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
PRC - [2009/04/30 17:38:18 | 00,061,440 | ---- | M] () -- C:\WINDOWS\system32\D.tmp
PRC - [2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/06 15:32:44 | 01,298,064 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/04/30 17:44:53 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey\Desktop\OTListIt2.exe
PRC - [2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Win32 Services (SafeList) ==========

SRV - [2007/05/14 21:01:01 | 00,093,184 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/03/20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/28 13:42:38 | 00,249,856 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/13 13:27:40 | 00,081,920 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC [Auto | Running])
SRV - [2007/12/12 23:21:14 | 00,675,328 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/03/25 21:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,094,208 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/02/28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2003/10/06 15:16:00 | 00,102,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/02/28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/06/05 13:59:18 | 00,194,560 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/01/04 14:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/08/29 05:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/10/10 15:55:36 | 00,019,712 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Stopped])
DRV - [2004/08/25 17:15:38 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])
DRV - [2004/09/03 14:23:54 | 00,023,640 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2004/08/25 17:18:22 | 00,028,591 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Stopped])
DRV - [2007/11/29 15:30:24 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2007/11/29 15:30:24 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2004/12/13 14:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2003/09/22 09:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2002/09/19 15:59:50 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/15 21:05:16 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008/04/15 21:05:16 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008/04/15 21:05:16 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/02/11 10:19:20 | 00,055,216 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2005/02/11 10:21:02 | 00,006,576 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
DRV - [2005/02/11 10:21:10 | 00,089,872 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
DRV - [2005/02/11 10:22:48 | 00,081,728 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
DRV - [2005/02/11 10:24:24 | 00,079,488 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])
DRV - [2001/08/17 06:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2006/05/29 08:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006/05/29 08:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2003/10/06 15:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2003/09/22 09:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/09/22 13:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X [On_Demand | Running])
DRV - [2008/05/22 22:40:23 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2006/04/13 13:30:02 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Stopped])
DRV - [2006/04/13 13:26:56 | 00,008,960 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2004/04/01 16:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/03/05 13:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2005/12/07 18:59:30 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys -- (Pivot [System | Running])
DRV - [2005/12/07 18:59:28 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/29 15:30:24 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/04/23 15:54:46 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115bus.sys -- (s115bus [On_Demand | Stopped])
DRV - [2007/04/23 15:54:48 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 15:54:48 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 15:54:50 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 15:54:50 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2004/08/11 15:13:00 | 00,060,756 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Stopped])
DRV - [2004/08/11 15:13:14 | 00,081,416 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Stopped])
DRV - [2008/01/27 15:54:24 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\Restore -- (restore [On_Demand | Stopped])
DRV - [2009/04/30 17:38:18 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\spn3604.sys -- (spn3604 [System | Stopped])
DRV - [2009/04/30 17:38:22 | 00,018,944 | -H-- | M] () -- C:\WINDOWS\System32\drivers\protect.sys -- (protect [Boot | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2009/03/30 13:12:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (51 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 microsoft.com
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup (Creative Technology Ltd)
O4 - HKLM..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder (Portrait Displays, Inc)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" ()
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1170978095015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/06 18:50:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7200113-19f7-11dc-8cf5-000000000000}\Shell\AutoRun\command - "" = F:\MSMSGS.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[78 C:\*.tmp files]
[13 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/30 17:44:52 | 00,526,336 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joey\Desktop\OTListIt2.exe
[2009/04/30 17:38:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/30 17:38:22 | 00,018,944 | -H-- | C] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/04/30 17:38:18 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\spn3604.sys
[2009/04/30 17:38:17 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/04/30 16:57:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 16:57:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 16:57:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 16:57:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 16:45:04 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/30 16:44:58 | 00,071,758 | ---- | C] () -- C:\WINDOWS\System32\frmwrk32.ex_
[2009/04/24 15:38:52 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\VT100.EXE
[2009/04/23 21:34:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸuŸu
[2009/04/20 17:32:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸrŸr
[2009/04/20 17:31:36 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/20 15:45:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\joey\Application Data\Malwarebytes
[2009/04/20 15:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 10:26:57 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\bversion.dll
[2009/04/19 10:26:57 | 00,000,000 | ---D | C] -- C:\Program Files\LanqiEngine
[2009/04/19 10:26:48 | 00,735,232 | ---- | C] (???? http://www.lunchsoft.com/yzm) -- C:\WINDOWS\System32\AdvOcr.dll
[2009/04/19 10:26:47 | 00,094,208 | ---- | C] (Transym Computer Services Ltd) -- C:\WINDOWS\System32\TRSOCR.dll
[2009/04/19 10:26:46 | 00,001,308 | ---- | C] () -- C:\WINDOWS\System32\TRSOCR.ini
[2009/04/19 10:26:46 | 00,001,308 | ---- | C] () -- C:\WINDOWS\System32\TRSOCR.dat
[2009/04/19 10:26:34 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\IPHACTION.dll
[2009/04/19 10:16:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IpSvchostF.dll
[2009/04/19 09:28:17 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/04/19 09:27:28 | 10,106,144 | ---- | C] () -- C:\Documents and Settings\joey\Desktop\POILoaderforWindows_253.exe
[2009/04/19 05:32:47 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\tcpd.exe
[2009/04/19 05:32:46 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\AUTMGR.EXE
[2009/04/19 05:32:41 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32_check.dll
[2009/04/19 05:32:37 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/19 05:32:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/19 05:32:36 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/19 05:32:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/19 05:32:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/19 05:32:20 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 05:32:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/17 17:53:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/17 17:52:47 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ferryl.cbv
[2009/04/17 17:52:47 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\fairy.an
[2009/04/17 17:52:46 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\ashl.nq
[2009/04/17 17:52:46 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dolman.zt
[2008/09/23 18:36:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/08/22 23:29:48 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/22 23:29:47 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/20 22:29:53 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/02/18 17:26:25 | 00,000,068 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/12/12 23:59:14 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/11/29 15:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/29 15:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/11/29 15:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/11/28 14:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/03 11:29:08 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/06/06 16:04:40 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/06/06 16:04:39 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/06/06 16:04:39 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/06/06 16:04:39 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/05/26 14:18:18 | 00,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/04/17 20:43:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/04 15:00:23 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2007/02/25 14:54:05 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/07 16:44:01 | 00,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/07 16:43:24 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/02/07 16:43:24 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2007/02/07 16:43:24 | 00,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2007/02/07 16:43:24 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2007/02/07 16:43:24 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/02/06 20:03:29 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2004/08/04 03:00:00 | 00,000,586 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 03:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/10/06 15:16:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

========== Files - Modified Within 30 Days ==========

[78 C:\*.tmp files]
[13 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[9 C:\Documents and Settings\joey\My Documents\*.tmp files]
[2009/04/30 17:44:53 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey\Desktop\OTListIt2.exe
[2009/04/30 17:38:22 | 00,018,944 | -H-- | M] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/04/30 17:38:18 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\spn3604.sys
[2009/04/30 17:38:17 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/04/30 17:34:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/30 17:34:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\joey\Local Settings\desktop.ini
[2009/04/30 17:33:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/30 17:33:53 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/30 17:33:46 | 10,727,66976 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/04/30 16:57:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 16:45:04 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/30 16:44:55 | 00,071,758 | ---- | M] () -- C:\WINDOWS\System32\frmwrk32.ex_
[2009/04/30 16:41:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/04/24 18:47:05 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/24 15:40:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸrŸr
[2009/04/24 15:38:51 | 00,132,608 | ---- | M] () -- C:\WINDOWS\System32\VT100.EXE
[2009/04/23 21:34:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸuŸu
[2009/04/22 14:49:00 | 00,468,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/22 14:49:00 | 00,400,176 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/22 14:49:00 | 00,060,994 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/22 05:52:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/04/19 10:26:57 | 00,735,232 | ---- | M] (???? http://www.lunchsoft.com/yzm) -- C:\WINDOWS\System32\AdvOcr.dll
[2009/04/19 10:26:57 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\bversion.dll
[2009/04/19 10:26:48 | 00,094,208 | ---- | M] (Transym Computer Services Ltd) -- C:\WINDOWS\System32\TRSOCR.dll
[2009/04/19 10:26:46 | 00,565,248 | ---- | M] () -- C:\WINDOWS\System32\IPHACTION.dll
[2009/04/19 10:26:46 | 00,001,308 | ---- | M] () -- C:\WINDOWS\System32\TRSOCR.ini
[2009/04/19 10:26:46 | 00,001,308 | ---- | M] () -- C:\WINDOWS\System32\TRSOCR.dat
[2009/04/19 10:16:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IpSvchostF.dll
[2009/04/19 09:28:00 | 10,106,144 | ---- | M] () -- C:\Documents and Settings\joey\Desktop\POILoaderforWindows_253.exe
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/04/19 05:32:47 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\tcpd.exe
[2009/04/19 05:32:46 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\AUTMGR.EXE
[2009/04/19 05:32:39 | 00,984,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32_check.dll
[2009/04/19 05:32:37 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/19 05:32:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/19 05:32:36 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/19 05:32:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/19 05:32:22 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/17 18:19:14 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\joey\My Documents\desktop.ini
[2009/04/17 18:16:46 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/17 18:16:46 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/17 17:53:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/17 17:52:47 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\ferryl.cbv
[2009/04/17 17:52:47 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\fairy.an
[2009/04/17 17:52:46 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\ashl.nq
[2009/04/17 17:52:46 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\dolman.zt
[2009/04/08 16:57:35 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\joey\Desktop\Microsoft Word.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 17:46:14 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk

========== LOP Check ==========

[2009/04/26 08:37:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/03/29 23:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/05/15 17:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/12/13 00:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2007/06/06 16:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/10/19 12:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2008/08/22 23:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/06/28 10:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/04/26 14:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/02/02 11:39:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/09/28 14:17:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/12/30 08:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/10/19 12:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/03/30 13:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/03/30 13:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/03/10 15:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/19 19:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/20 15:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/26 11:10:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/13 21:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/07/07 23:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/04 10:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/10 00:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/08/26 20:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2007/08/26 20:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/05/22 22:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/20 16:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/10/21 22:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2008/01/22 02:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/30 13:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2007/02/08 16:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/24 17:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/04/26 14:19:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\joey\Application Data
[2008/06/21 17:09:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\AccurateRip
[2009/04/12 18:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Adobe
[2008/10/26 11:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Aim
[2008/08/22 23:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\AVSMedia
[2009/01/26 15:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Canon
[2008/04/15 18:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Datalayer
[2008/06/21 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\dBpoweramp
[2007/02/06 20:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\DisplayTune
[2008/01/06 19:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\DivX
[2008/02/18 19:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\DVD Flick
[2007/06/06 15:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\F-Secure
[2007/05/20 16:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\funkitron
[2007/03/05 23:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Google
[2007/02/07 16:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\GTek
[2007/05/05 14:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Help
[2009/03/30 13:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\HP
[2009/04/17 18:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\HPAppData
[2009/04/17 18:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Identities
[2008/05/17 22:59:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\joey\Application Data\ijjigame
[2007/02/19 16:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\InstallShield
[2008/03/20 10:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Intuit
[2007/02/07 17:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\ispnews
[2007/02/07 19:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Macromedia
[2009/04/20 15:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Malwarebytes
[2008/03/29 22:53:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\joey\Application Data\Microsoft
[2007/04/17 20:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Microsoft Web Folders
[2008/09/28 09:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Move Networks
[2008/02/01 23:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\MSNInstaller
[2007/06/01 00:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\NCH Swift Sound
[2007/08/20 11:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Nokia
[2007/08/20 11:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\PC Suite
[2007/09/04 10:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\PlayFirst
[2008/10/11 06:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Skype
[2007/11/16 19:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Snapfish
[2007/08/26 20:28:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Sony Ericsson
[2007/05/20 16:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Sun
[2007/08/26 20:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Teleca
[2008/08/30 21:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\U3
[2008/09/23 18:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Verizon
[2007/04/18 20:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Viewpoint
[2008/05/23 23:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Vso
[2008/09/23 18:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\joey\Application Data\Yahoo!
[2008/12/31 01:39:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2008/12/31 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2008/12/31 01:33:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2008/12/31 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2008/12/31 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2009/01/05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2008/11/04 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2008/12/31 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2009/01/05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2008/12/31 01:42:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2008/11/04 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2008/12/31 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2008/12/31 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2009/01/05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2008/11/04 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2009/04/26 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2009/04/26 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2009/04/22 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2009/04/26 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2009/04/19 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2009/04/26 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2009/04/26 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2009/04/26 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2009/04/26 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2009/04/30 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2009/04/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2009/04/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2009/04/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2009/04/19 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2009/04/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2009/04/28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2009/04/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2009/04/19 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2009/04/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/30 17:34:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF
< End of report >

OTListIt Extras logfile created on: 4/30/2009 5:46:14 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\joey\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 526.42 Mb Available Physical Memory | 51.46% Memory free
1.28 Gb Paging File | 0.49 Gb Available in Paging File | 38.03% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 4.78 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ORTENCIO-MAIN
Current User Name: joey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/09/03 17:21:26 | 01,032,192 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:Bluetooth Application
File not found -- C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{84288B51-B162-47FB-A74E-25C6D67E44BB}" = EzTune
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4580_ProductContext
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4580_Help
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AviSynth" = AviSynth 2.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RER MOV Converter3.0.5" = RER MOV Converter
"Shop for HP Supplies" = Shop for HP Supplies
"TallStick TS-AudioToMIDI 3.30" = TallStick TS-AudioToMIDI 3.30 (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2009 12:51:22 AM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application BN3.tmp, version 8.1.0.137, faulting module unknown,
version 0.0.0.0, fault address 0x5f802442.

Error - 4/24/2009 6:39:03 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application vt100.exe, version 0.0.0.0, faulting module vt100.exe,
version 0.0.0.0, fault address 0x00042f74.

Error - 4/24/2009 6:39:18 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application 6.tmp, version 0.0.0.0, faulting module 6.tmp,
version 0.0.0.0, fault address 0x00001220.

Error - 4/24/2009 6:39:34 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application BN1.tmp, version 8.1.0.137, faulting module unknown,
version 0.0.0.0, fault address 0x5f802442.

Error - 4/24/2009 6:43:43 PM | Computer Name = ORTENCIO-MAIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 8:46:35 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application BNF.tmp, version 8.1.0.137, faulting module unknown,
version 0.0.0.0, fault address 0x5f802442.

Error - 4/24/2009 9:05:10 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module urlmon.dll, version 7.0.6000.16825, fault address 0x0002011a.

Error - 4/24/2009 9:47:56 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application BN1.tmp, version 8.1.0.137, faulting module unknown,
version 0.0.0.0, fault address 0x5f802442.

Error - 4/24/2009 9:48:24 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application l2w24to6n.exe, version 0.0.0.0, faulting module
l2w24to6n.exe, version 0.0.0.0, fault address 0x000012ce.

Error - 4/24/2009 9:48:39 PM | Computer Name = ORTENCIO-MAIN | Source = Application Error | ID = 1000
Description = Faulting application l2w24to6n.exe, version 0.0.0.0, faulting module
l2w24to6n.exe, version 0.0.0.0, fault address 0x000012ce.

[ System Events ]
Error - 4/29/2009 1:00:00 AM | Computer Name = ORTENCIO-MAIN | Source = Schedule | ID = 7901
Description = The At71.job command failed to start due to the following error: %%2147942405

Error - 4/29/2009 1:04:25 AM | Computer Name = ORTENCIO-MAIN | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/30/2009 7:43:19 PM | Computer Name = ORTENCIO-MAIN | Source = Service Control Manager | ID = 7000
Description = The Dhcp server service failed to start due to the following error:
%%2

Error - 4/30/2009 7:44:47 PM | Computer Name = ORTENCIO-MAIN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/30/2009 8:00:00 PM | Computer Name = ORTENCIO-MAIN | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942405

Error - 4/30/2009 8:00:00 PM | Computer Name = ORTENCIO-MAIN | Source = Schedule | ID = 7901
Description = The At42.job command failed to start due to the following error: %%2147942405

Error - 4/30/2009 8:00:00 PM | Computer Name = ORTENCIO-MAIN | Source = Schedule | ID = 7901
Description = The At66.job command failed to start due to the following error: %%2147942405

Error - 4/30/2009 8:03:31 PM | Computer Name = ORTENCIO-MAIN | Source = Service Control Manager | ID = 7034
Description = The sopidkc Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/30/2009 8:37:01 PM | Computer Name = ORTENCIO-MAIN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/30/2009 8:37:01 PM | Computer Name = ORTENCIO-MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

Your system is beyond the point I where I am comfortable trying to clean it. THe only suggestion I will make is reformat and re-install.