search redirect virus and gmail security certificate error

Hello,

Thanks so much for taking the time to help.

I'm having two problems but I'm unsure if they're related.. The first is that all search engine results redirect to third party ad sites. I tried running a spyware program and updating to IE8 but the problem persists.

The second problem is that when I try to access to gmail (www.gmail.com) I receive an error message that reads: "There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website has expired or is not yet valid.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server."

I initially thought this might be a problem with the internal date on my computer but it's not. Could this be a result of the virus?

hijackthis log below. Thanks again.
gajohns

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:05 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\EagleSoft\Shared Files\esinetconnect.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HotFax MessageCenter\Tray.exe
C:\PROGRA~1\HOTFAX~1\HFMC.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1202069749\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\9LW2CRPN\winlogon[1].scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O1 - Hosts: 89.149.210.60 www.google.com
O1 - Hosts: 89.149.210.60 www.google.de
O1 - Hosts: 89.149.210.60 www.google.fr
O1 - Hosts: 89.149.210.60 www.google.co.uk
O1 - Hosts: 89.149.210.60 www.google.com.br
O1 - Hosts: 89.149.210.60 www.google.co.jp
O1 - Hosts: 89.149.210.60 www.google.com.mx
O1 - Hosts: 89.149.210.60 www.google.gr
O1 - Hosts: 89.149.210.60 www.google.se
O1 - Hosts: 89.149.210.60 www.google.it
O1 - Hosts: 89.149.210.60 www.google.dk
O1 - Hosts: 89.149.210.60 www.google.ie
O1 - Hosts: 89.149.210.60 www.google.fi
O1 - Hosts: 89.149.210.60 www.google.ca
O1 - Hosts: 89.149.210.60 www.google.com.au
O1 - Hosts: 89.149.210.60 www.google.co.za
O1 - Hosts: 89.149.210.60 www.google.be
O1 - Hosts: 89.149.210.60 www.google.at
O1 - Hosts: 89.149.210.60 www.google.no
O1 - Hosts: 89.149.210.60 www.google.ch
O1 - Hosts: 89.149.210.60 www.google.pt
O1 - Hosts: 89.149.210.60 search.yahoo.com
O1 - Hosts: 89.149.210.60 us.search.yahoo.com
O1 - Hosts: 89.149.210.60 uk.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ESInetConnect] "C:\EagleSoft\Shared Files\esinetconnect.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotFax Tray.lnk = C:\Program Files\HotFax MessageCenter\Tray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ESCameraService - Unknown owner - C:\EagleSoft\Shared Files\ESCameraService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8952 bytes

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\drivers\etc\hosts

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Avenger txt file (although i didn't see a black command window after reboot)
thank you

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\drivers\etc\hosts" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
The Google re-direct will be gone now, along with the certificate error.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL Extras logfile created on: 3/6/2010 10:59:21 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 51.30 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNARD1
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"135:TCP" = 135:TCP:*:Enabled:DCOM
"135:UDP" = 135:UDP:*:Enabled:DCOM2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"D:\AOLSETUP.EXE" = D:\AOLSETUP.EXE:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1202069749\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1202069749\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1202069749\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1202069749\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- File not found
"C:\EagleSoft\Shared Files\esinetconnect.exe" = C:\EagleSoft\Shared Files\esinetconnect.exe:*:Enabled:Patterson EagleSoft Internet Connection -- (Patterson Dental Supply, Inc.)
"C:\EagleSoft\Shared Files\ESTechUtil.exe" = C:\EagleSoft\Shared Files\ESTechUtil.exe:*:Enabled:Patterson EagleSoft Technical Utility -- (Patterson Dental Supply, Inc.)
"C:\EagleSoft\Shared Files\EagleSoft.exe" = C:\EagleSoft\Shared Files\EagleSoft.exe:*:Enabled:Patterson EagleSoft -- (Patterson Dental Supply, Inc.)
"C:\EagleSoft\Shared Files\techaid.exe" = C:\EagleSoft\Shared Files\techaid.exe:*:Enabled:Patterson EagleSoft Technical Reference -- ()
"C:\EagleSoft\Shared Files\ESMessenger.exe" = C:\EagleSoft\Shared Files\ESMessenger.exe:*:Enabled:Patterson EagleSoft Messenger Client -- (Patterson Dental Supply, Inc.)
"C:\EagleSoft\Shared Files\dbeng7.exe" = C:\EagleSoft\Shared Files\dbeng7.exe:*:Enabled:Patterson EagleSoft ODBC Client -- (Sybase, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DBBD27DA-E9A5-480F-92DB-A459AEF1A078}" = Patterson EagleSoft
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HotFax MessageCenter" = HotFax MessageCenter
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Dell Touchpad
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2010 2:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 3:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 4:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 5:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 6:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/2/2010 4:45:05 AM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/3/2010 8:45:05 AM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/3/2010 2:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 2:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 3:45:05 PM | Computer Name = BERNARD1 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/4/2010 7:18:30 PM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7024
Description = The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific
error 0 (0x0).

Error - 3/4/2010 7:41:19 PM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%126

Error - 3/4/2010 7:41:19 PM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 3/4/2010 7:41:19 PM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%126

Error - 3/6/2010 2:28:58 AM | Computer Name = BERNARD1 | Source = Dhcp | ID = 1002
Description = The IP address lease 98.209.120.184 for the Network Card with network
address 001C2395DCED has been denied by the DHCP server 68.87.77.13 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 11:17:57 AM | Computer Name = BERNARD1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/6/2010 11:19:25 AM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 3/6/2010 11:19:25 AM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%126

Error - 3/6/2010 11:19:25 AM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%126

Error - 3/6/2010 11:19:25 AM | Computer Name = BERNARD1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor


< End of report >

OTL logfile created on: 3/6/2010 10:59:21 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 51.30 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNARD1
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/06 22:57:57 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/07 10:11:10 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1202069749\EE\aolsoftware.exe
PRC - [2006/05/05 12:28:00 | 000,073,728 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\ppwebcap.exe
PRC - [2006/05/05 12:18:54 | 000,036,864 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/07/25 16:30:55 | 000,037,464 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe
PRC - [2005/07/25 16:30:54 | 000,054,872 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\shellmon.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/18 10:10:12 | 000,065,536 | ---- | M] () -- C:\Program Files\HotFax MessageCenter\Tray.exe
PRC - [2004/10/18 10:08:42 | 000,397,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\HotFax MessageCenter\HFMC.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/06 22:57:57 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (navapsvc)
SRV - [2008/09/05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/09/07 16:27:49 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/02/12 15:53:48 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\EagleSoft\Shared Files\ESCameraService.exe -- (ESCameraService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2009/05/04 15:57:18 | 000,148,096 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/03/31 14:45:42 | 000,190,080 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2008/06/02 15:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/03 15:17:35 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/09 14:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/11/01 07:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2005/11/01 07:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2005/11/01 07:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2005/11/01 07:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2005/11/01 07:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2005/11/01 07:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2005/11/01 07:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2005/11/01 07:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2005/11/01 07:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2005/11/01 07:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2005/11/01 07:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2005/11/01 07:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2005/11/01 07:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2005/11/01 07:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2005/11/01 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 13:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ESInetConnect] C:\EagleSoft\Shared Files\esinetconnect.exe (Patterson Dental Supply, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\America Online 9.0\AOL.EXE (America Online, Inc.)
O4 - HKCU..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\ppwebcap.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\1\Start Menu\Programs\Startup\HotFax Tray.lnk = C:\Program Files\HotFax MessageCenter\Tray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ac4e490-f628-11dc-82ad-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5ac4e490-f628-11dc-82ad-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ac4e490-f628-11dc-82ad-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5ac4e491-f628-11dc-82ad-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e7e9c822-e8f2-11de-80cc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e9c822-e8f2-11de-80cc-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7e9c822-e8f2-11de-80cc-00038a000015}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 22:57:57 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/03/06 10:17:28 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\jacked
[2010/03/04 18:42:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\1\IECompatCache
[2010/03/04 18:41:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\1\PrivacIE
[2010/03/04 18:39:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\1\IETldCache
[2010/03/04 18:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/04 18:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/04 18:33:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/04 18:29:10 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/04 18:29:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/04 18:29:09 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/04 18:29:06 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/04 18:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/04 16:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\Downloads
[2010/03/04 16:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Mozilla
[2010/03/01 20:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\proposal-dr_page002
[2010/02/14 14:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Temp
[2010/01/30 06:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/30 06:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/14 16:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2009/12/14 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2009/02/01 12:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/29 02:03:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/12/15 12:03:40 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/06 22:59:01 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/06 22:57:57 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/03/06 22:54:44 | 000,000,160 | ---- | M] () -- C:\WINDOWS\bi_group.ini
[2010/03/06 22:54:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/06 22:54:11 | 000,156,665 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/06 14:45:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/06 14:41:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/06 10:35:33 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\1\NTUSER.DAT
[2010/03/06 10:22:34 | 000,475,906 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/06 10:22:34 | 000,404,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/06 10:22:34 | 000,064,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/06 10:18:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/06 10:18:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/06 10:17:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/06 10:17:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 18:37:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/04 18:20:35 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/04 18:17:41 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/04 18:14:45 | 000,002,282 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/03/01 06:15:30 | 000,156,665 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/14 21:02:02 | 005,247,990 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Document(32).pdf
[2010/02/14 17:52:56 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Nature of the Universe.url
[2010/02/12 16:34:06 | 000,037,910 | ---- | M] () -- C:\Documents and Settings\1\Application Data\wklnhst.dat
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 18:14:45 | 000,002,282 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/03/04 18:10:58 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/14 21:01:43 | 005,247,990 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Document(32).pdf
[2010/02/14 17:52:47 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Nature of the Universe.url
[2009/02/03 06:03:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/03 22:39:16 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/02/08 17:35:23 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SMDebug.ini
[2008/02/08 17:35:21 | 000,000,191 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2008/02/08 17:35:06 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2008/02/07 10:40:18 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 12:59:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/04 20:25:09 | 000,000,160 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2008/02/04 20:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vtpwra.INI
[2008/02/04 19:36:57 | 000,037,910 | ---- | C] () -- C:\Documents and Settings\1\Application Data\wklnhst.dat
[2008/02/04 19:08:24 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2008/02/04 19:08:22 | 000,030,846 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/02/03 15:02:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/02/03 15:00:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/02/03 01:00:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\fusioncache.dat
[2008/02/03 00:12:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/03 00:02:03 | 000,005,271 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/07 16:36:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/07 16:25:59 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/07 16:21:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/07 16:21:30 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/07 15:58:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/07 15:58:35 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/07 15:58:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/07 15:58:34 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/07 15:58:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/07 15:56:59 | 000,001,026 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/07 12:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 12:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 7.0.8
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
LiveUpdate (Symantec Corporation)
Viewpoint Media Playe

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.

OTL by OldTimer - Version 3.1.34.0 log created on 03152010_143655

Hello.

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 18.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.