Desktop Icons Visible - Programs Don't Run

Hi Folks,

My Dell Inspiron B130 laptop has been a faithful sidekick for the last 5 years. Lately though, when I restart, she'll hang up on the black Dell Bios page with the white status bar at about 95%. A second power off / power on results in a successful Windows Desktop, but then none of the programs work.

This occurs in 5 out of 6 restarts, the 6th one resulting in a normal operating session with all programs functional.

I ran the scans suggested and have provided the .txt logs below. Any help you can give will be Hugely appreciated!!

OTL logfile created on: 10/22/2011 12:48:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mark Henderson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.30% Memory free
2.58 Gb Paging File | 2.11 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 17.62 Gb Free Space | 51.52% Space Free | Partition Type: NTFS

Computer Name: MARK | User Name: Mark Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 12:44:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Henderson\Desktop\OTL.com
PRC - [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/30 04:37:27 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/30 04:37:05 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/22 11:47:34 | 001,600,512 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102201\algo.dll
MOD - [2011/10/22 10:55:41 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/22 03:47:09 | 001,600,512 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102200\algo.dll
MOD - [2011/10/21 09:48:06 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102201\aswRep.dll
MOD - [2011/10/21 09:48:06 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102200\aswRep.dll
MOD - [2011/09/29 20:46:23 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005/12/19 16:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2002/05/03 17:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WRConsumerService)
SRV - File not found [Auto | Stopped] -- -- (NICCONFIGSVC)
SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto | Stopped] -- -- (ioloSystemService)
SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Auto | Stopped] -- -- (AVP)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/30 04:37:27 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2003/10/22 12:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/30 04:38:14 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/06/30 04:38:13 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/06/30 04:38:12 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/05 12:43:32 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/09/05 12:43:20 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/09/05 12:42:40 | 000,014,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2006/09/05 12:41:50 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/07/26 02:37:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 20:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/05 04:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Mark Henderson\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Mark Henderson\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 20:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 10:52:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 21:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Mark Henderson\Application Data\NetAssistant\ [2011/04/16 18:31:19 | 000,000,000 | ---D | M]

[2008/08/27 19:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Extensions
[2011/10/22 06:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Firefox\Profiles\elwlpl4k.default\extensions
[2011/10/22 06:31:55 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Firefox\Profiles\elwlpl4k.default\extensions\firefox@ghostery.com
[2011/03/24 18:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Firefox\Profiles\elwlpl4k.default\extensions\nostmp
[2011/09/22 20:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 07:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/24 07:53:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 18:42:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/30 10:37:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/03 06:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/22 07:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/29 20:46:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/07 19:23:51 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/04/07 19:24:01 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/04/16 22:02:04 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/04/16 22:02:20 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/12/08 22:42:53 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2010/04/22 12:07:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E36488E-140B-413A-8CE3-56C6DDF42159}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E36488E-140B-413A-8CE3-56C6DDF42159}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9181B0C8-8D63-4137-983D-0D9526DF2359}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark Henderson\Application Data\Mozilla\Firefox\Desktop Background.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{78b03bec-aea1-11df-823f-0015c5641a10}\Shell - "" = AutoRun
O33 - MountPoints2\{78b03bec-aea1-11df-823f-0015c5641a10}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78b03bec-aea1-11df-823f-0015c5641a10}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d7940c12-0411-11dc-8981-0015c5641a10}\Shell - "" = AutoRun
O33 - MountPoints2\{d7940c12-0411-11dc-8981-0015c5641a10}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d7940c12-0411-11dc-8981-0015c5641a10}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe "\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat,)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MskService"
MsConfig - Services: "MpfService"
MsConfig - Services: "mcupdmgr.exe"
MsConfig - Services: "McTskshd.exe"
MsConfig - Services: "McShield"
MsConfig - Services: "McDetect.exe"
MsConfig - Services: "AOL ACS"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WRConsumerService - File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: WRConsumerService - File not found
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 12:44:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark Henderson\Desktop\OTL.com
[2011/10/22 11:28:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark Henderson\Recent
[2011/10/13 09:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/10/13 09:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/09/22 20:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Henderson\Application Data\Search Settings
[2011/09/22 20:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/09/22 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2008/07/30 06:48:15 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2007/12/26 09:40:29 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[9 C:\Documents and Settings\Mark Henderson\Desktop\*.tmp files -> C:\Documents and Settings\Mark Henderson\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/22 12:54:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark Henderson\Desktop\aswMBR.exe
[2011/10/22 12:44:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Henderson\Desktop\OTL.com
[2011/10/22 12:20:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 12:15:21 | 000,511,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/22 12:15:21 | 000,099,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/22 12:11:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/22 12:11:14 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 12:10:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/22 12:10:56 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 11:33:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/22 10:55:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/19 09:05:53 | 000,002,178 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111019_090548.reg
[2011/10/10 09:31:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111010_093133.reg
[2011/10/07 07:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/06 19:51:51 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\g2mdlhlpx.exe
[2011/10/04 17:08:04 | 000,002,898 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111004_170758.reg
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[9 C:\Documents and Settings\Mark Henderson\Desktop\*.tmp files -> C:\Documents and Settings\Mark Henderson\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 12:53:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Desktop\aswMBR.exe
[2011/10/22 12:53:23 | 001,106,072 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Desktop\aswMBR.exe.part
[2011/10/19 09:05:50 | 000,002,178 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111019_090548.reg
[2011/10/10 09:31:35 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111010_093133.reg
[2011/10/04 17:08:00 | 000,002,898 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\My Documents\cc_20111004_170758.reg
[2011/07/04 10:01:11 | 000,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bqeojehc.wbx
[2011/01/08 13:34:58 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/09/12 10:34:55 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/22 09:08:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/06/09 08:21:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Local Settings\Application Data\prvlcl.dat
[2010/04/01 20:07:18 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Application Data\SharedSettings.ccs
[2010/03/08 21:56:58 | 000,038,487 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Application Data\Comma Separated Values (Windows).ADR
[2009/12/16 21:56:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/13 13:09:17 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/06/10 20:44:00 | 000,069,916 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/03 22:16:33 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Application Data\PFP120JPR.{PB
[2008/11/03 22:16:33 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Application Data\PFP120JCM.{PB
[2008/10/23 11:22:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/09/10 19:55:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\qt3wrap.dll
[2008/09/10 19:55:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/08/16 15:41:29 | 000,000,677 | ---- | C] () -- C:\WINDOWS\WorldTimeClock.ini
[2008/07/30 06:48:50 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2008/07/30 06:48:20 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/07/30 06:48:19 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/07/30 06:48:16 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/07/10 14:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/05/01 20:31:30 | 000,439,656 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/05/01 20:31:30 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/05/01 20:31:30 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/05/01 20:26:05 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/02/14 21:08:29 | 000,000,134 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/02/14 21:08:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/12/16 09:33:43 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Mark Henderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/01 11:08:09 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/07/26 19:43:52 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/26 19:43:52 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\1D08D4CCA5.sys
[2007/05/22 20:57:35 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2007/05/22 20:57:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2007/05/22 20:53:51 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2007/05/22 20:53:27 | 000,013,438 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2007/05/22 20:53:27 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2007/05/22 20:53:21 | 000,000,750 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/05/22 20:53:09 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2007/05/22 20:53:09 | 000,000,412 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2007/05/22 20:52:17 | 000,012,330 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2007/05/12 22:54:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/12 22:21:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2007/05/12 22:13:43 | 000,001,366 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/05/12 21:21:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/26 02:54:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 02:43:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/07/26 02:37:55 | 000,000,189 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 02:36:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 02:32:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/26 02:08:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/26 02:08:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/07/26 02:08:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/07/26 02:08:12 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/07/26 02:08:04 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,511,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,099,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/26 08:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002/05/03 17:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2008/08/23 07:06:41 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Mark Henderson\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/10/22 12:54:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark Henderson\Desktop\aswMBR.exe
[9 C:\Documents and Settings\Mark Henderson\Desktop\*.tmp files -> C:\Documents and Settings\Mark Henderson\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/10/06 19:51:51 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\g2mdlhlpx.exe
[2009/11/02 21:02:03 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Mark Henderson\GoToAssistDownloadHelper.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/29 20:46:24 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/29 20:46:21 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/29 20:46:21 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/10/17 12:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/07/22 19:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2008/10/28 19:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\ACT
[2011/08/22 07:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/05/05 21:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/02/08 22:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/22 20:30:31 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2011/10/13 10:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2009/11/10 23:27:50 | 000,000,000 | ---D | M] -- C:\Program Files\AusLogics Disk Defrag
[2010/06/05 21:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2006/07/26 02:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2010/07/28 20:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2010/04/22 18:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\BitRoll
[2010/07/23 06:05:52 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/04/22 20:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2008/05/01 21:18:04 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/07/22 19:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\CoffeeCup Software
[2011/10/22 11:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/01/23 21:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2004/08/10 14:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/26 07:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2006/07/26 02:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/07/26 02:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2011/01/08 13:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/01/08 13:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/10/22 11:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/05/12 21:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2006/07/26 02:33:13 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/04/22 22:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/11/15 21:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2011/04/16 18:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2011/06/18 16:15:15 | 000,000,000 | ---D | M] -- C:\Program Files\Freecorder
[2011/01/08 13:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\FreeRIP3
[2011/05/22 19:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/05/22 21:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/05/22 20:54:00 | 000,000,000 | ---D | M] -- C:\Program Files\hp
[2011/01/08 13:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\ICEOWS
[2011/01/08 13:43:57 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/10 23:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/06/15 19:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/22 07:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/11/29 12:06:29 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2011/07/16 09:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\LibreOffice 3
[2009/11/28 11:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/07/16 13:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/03/29 06:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ATS
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/07/16 13:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/18 12:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2011/07/16 13:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/07/26 02:32:58 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/08/11 11:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/29 20:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/10/03 07:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/08/23 13:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/06/26 12:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/10 14:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 14:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/13 00:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/10/30 18:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/03/30 12:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/08/18 21:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/10 14:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/04/09 13:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/17 20:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/22 19:47:54 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Bookmarks
[2011/08/06 09:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2011/09/22 20:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\pdfforge Toolbar
[2011/06/18 11:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\PeaZip
[2008/09/11 20:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2011/08/05 18:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/22 09:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\RamBooster 2.0
[2007/12/26 09:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/23 13:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/06/25 22:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2006/07/26 02:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\SearchAssist
[2010/08/04 09:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2007/07/30 09:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Startup Optimizer
[2006/07/26 02:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/05/22 09:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\tinySpell
[2011/06/18 12:59:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/22 19:49:08 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2006/07/26 02:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/12/13 13:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2006/07/26 02:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/10/12 13:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/10/12 13:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/18 21:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 14:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/24 10:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinWay
[2010/08/04 09:17:34 | 000,000,000 | ---D | M] -- C:\Program Files\WinWay Resume
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/05/22 20:58:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2010/11/11 22:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarm_Security
[2007/12/26 09:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\_ArcadeDownloadFolder


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 21:14:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 21:14:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/18 21:14:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-17 14:19:46

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 20:46:21 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 20:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >

OTL Extras logfile created on: 10/22/2011 12:48:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mark Henderson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.30% Memory free
2.58 Gb Paging File | 2.11 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 17.62 Gb Free Space | 51.52% Space Free | Partition Type: NTFS

Computer Name: MARK | User Name: Mark Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.8
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 5.0.0.799
"NetAssistant" = NetAssistant for Firefox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2011 6:56:27 AM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 7/15/2011 8:08:45 PM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 7/16/2011 9:36:11 AM | Computer Name = MARK | Source = MsiInstaller | ID = 11935
Description = Product: LibreOffice 3.3 -- Error 1935.An error occurred during the
installation of assembly 'cli_ure,publicKeyToken="ce2cb7e279207b9e",version="1.0.21.0",culture="neutral",processorArchitecture="MSIL"'.
Please refer to Help and Support for more information. HRESULT: 0x80070020. assembly
interface: IAssemblyCacheItem, function: Commit, component: {076F3A60-74CB-B9A3-A89A-3AFFDDC42C2F}

Error - 7/16/2011 1:16:49 PM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 7/17/2011 1:03:43 PM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 7/20/2011 10:25:48 PM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 8/7/2011 1:44:24 PM | Computer Name = MARK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8169.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/7/2011 1:45:08 PM | Computer Name = MARK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8169.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/7/2011 2:06:40 PM | Computer Name = MARK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 10/16/2011 9:27:23 PM | Computer Name = MARK | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module
msvcr90.dll, version 9.0.30729.6161, fault address 0x00025bc3.

[ System Events ]
Error - 10/22/2011 11:52:20 AM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Internet Security service failed to start due to the
following error: %%3

Error - 10/22/2011 11:52:20 AM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%3

Error - 10/22/2011 11:52:20 AM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The iolo System Service service failed to start due to the following
error: %%3

Error - 10/22/2011 11:52:20 AM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The NICCONFIGSVC service failed to start due to the following error:
%%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The Webroot Client Service service failed to start due to the following
error: %%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Internet Security service failed to start due to the
following error: %%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The iolo System Service service failed to start due to the following
error: %%3

Error - 10/22/2011 12:11:15 PM | Computer Name = MARK | Source = Service Control Manager | ID = 7000
Description = The NICCONFIGSVC service failed to start due to the following error:
%%3


< End of report >

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-22 13:01:51
-----------------------------
13:01:51.187 OS Version: Windows 5.1.2600 Service Pack 3
13:01:51.187 Number of processors: 1 586 0xD08
13:01:51.187 ComputerName: MARK UserName:
13:01:53.093 Initialize success
13:01:53.218 AVAST engine defs: 11102201
13:01:57.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:01:57.109 Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
13:01:59.125 Disk 0 MBR read successfully
13:01:59.125 Disk 0 MBR scan
13:01:59.125 Disk 0 unknown MBR code
13:01:59.125 Disk 0 scanning sectors +78124095
13:01:59.218 Disk 0 scanning C:\WINDOWS\system32\drivers
13:02:09.687 Service scanning
13:02:10.968 Modules scanning
13:02:16.640 Disk 0 trace - called modules:
13:02:16.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:02:16.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a789ab8]
13:02:16.671 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a78c940]
13:02:17.609 AVAST engine scan C:\WINDOWS
13:02:21.031 AVAST engine scan C:\WINDOWS\system32
13:03:52.609 AVAST engine scan C:\WINDOWS\system32\drivers
13:04:07.250 AVAST engine scan C:\Documents and Settings\Mark Henderson
13:07:46.812 AVAST engine scan C:\Documents and Settings\All Users
13:08:50.734 Scan finished successfully
13:13:35.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark Henderson\Desktop\MBR.dat"
13:13:35.015 The log file has been saved successfully to "C:\Documents and Settings\Mark Henderson\Desktop\aswMBR.txt"


Thanks for any help you can offer!

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click Belahzur.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Thanks for the help!
Here is the Combofix log file...

ComboFix 11-10-23.03 - Mark Henderson 10/23/2011 20:52:04.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1497 [GMT -4:00]
Running from: c:\documents and settings\Mark Henderson\Desktop\Belahzur.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark Henderson\Application Data\ErrorSmart
c:\documents and settings\Mark Henderson\Application Data\ErrorSmart\Log\2008 Jun 29 - 06_33_06 AM_968.log
c:\documents and settings\Mark Henderson\g2mdlhlpx.exe
c:\documents and settings\Mark Henderson\GoToAssistDownloadHelper.exe
c:\program files\BitRoll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-22 21:16 . 2011-10-22 21:16 -------- d-----w- c:\program files\Mobipocket.com
2011-10-22 21:16 . 2011-10-22 21:16 -------- d-----w- c:\program files\Common Files\Mobipocket Shared
2011-10-13 13:58 . 2011-10-13 14:07 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 14:55 . 2011-06-04 15:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2007-12-26 13:40 . 2007-12-26 13:40 774144 -c--a-w- c:\program files\RngInterstitial.dll
2011-04-07 23:23 . 2009-04-17 02:01 113976 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-04-07 23:24 . 2009-04-17 02:01 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-17 02:02 . 2009-04-17 02:02 46408 -c--a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-04-17 02:02 . 2009-04-17 02:02 99216 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-09-30 00:46 . 2011-03-24 22:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/13/2011 6:58 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/30/2010 1:44 PM 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 29400]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/30/2010 1:44 PM 19544]
S3 klim5;Kaspersky Anti-Virus NDIS Filter; [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:44]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{6E36488E-140B-413A-8CE3-56C6DDF42159}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{9181B0C8-8D63-4137-983D-0D9526DF2359}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Mark Henderson\Application Data\Mozilla\Firefox\Profiles\elwlpl4k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 21:04
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\guard32.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\guard32.dll
.
Completion time: 2011-10-23 21:10:45
ComboFix-quarantined-files.txt 2011-10-24 01:10
.
Pre-Run: 20,298,407,936 bytes free
Post-Run: 20,306,739,200 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 898ABDF78B5FD512013839C66C1E6D58

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Online Scan complete. Log file is here....

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=53a3e907effb7947aa833e29028b29a5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-10-25 12:54:07
# local_time=2011-10-24 08:54:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 0 95289843 0 0
# compatibility_mode=1024 16777215 100 0 42791398 42791398 0 0
# compatibility_mode=3073 16777213 80 71 0 570391 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49014
# found=15
# cleaned=15
# scan_time=2487
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) DF7F37F2A23BD1B3A6721B328355DC91 C
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00ED8DBE21DCA52C62AE769D7E5D78B9 C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 94F4CC711F0F07B3D35903B1136AE90E C
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 0494889FAC74669140AAE4349A403199 C
C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 42C62A8CDB10DE179747F917070EFBEA C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1039\A0173495.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) DA40D166282A6D3D78CE182E3E2F9B71 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1039\A0173500.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 808CA0E4D7B62E5B3B2D5AC278D3BF8E C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1039\A0173501.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 2C6DEF132CC6CF5A9DEF7B7EB35A7756 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1041\A0173747.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 0494889FAC74669140AAE4349A403199 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1047\A0174329.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 28A4F9242ACDE80F2CE39FBD115B3DBD C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1051\A0175313.old a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 6D9D0EF59B962FB7AC957D8C5F829C23 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1054\A0176582.exe a variant of Win32/Adware.iBryte.A application (cleaned by deleting - quarantined) 9B90D0B91C070ADFC726DF9A70B2DA5E C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1060\A0180232.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) DF7F37F2A23BD1B3A6721B328355DC91 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1060\A0180233.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00ED8DBE21DCA52C62AE769D7E5D78B9 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1060\A0180234.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 42C62A8CDB10DE179747F917070EFBEA C


Eset found, quarantined and removed 16 threats, problem still remains. Let me know if there's anything else I can try, short of a service visit.
Thanks again for the help.

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :commands
  [emptytemp]
  [emptyflash]
  [clearallrestorepoints]
  [reboot]
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Thanks again for your help.

Unfortunately, things seem to be getting worse.

My initial reboot resulted in a locked system with a blinking curser upper left corner. Numerous additional reboots would bring up a Windows desktop, yet nothing would work - I couldn't even save the notepad file generated by OTL.exe.

Finally, after 2 hours and at least 10 shutdown/restarts, I have enough functionality to launch Firefox and reply to this thread...

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: Mark Henderson
->Temp folder emptied: 1024 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Mark Henderson
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_200144

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temp\~DF5FAD.tmp not found!
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temp\~DFC63.tmp not found!
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temp\~DF5FAD.tmp not found!
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temp\~DFC63.tmp not found!
File\Folder C:\Documents and Settings\Mark Henderson\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat not found!

Registry entries deleted on Reboot...

Is the machine still performing badly?

It only performs badly if I have to restart it. Then it will load Windows, but same symptoms occur - no programs will work.

So I shutdown and restart, usually repeating the cycle for at least 9-10 times before programs start working normally.

Thanks again for your efforts.

Hello.
I think there is still an infection hiding.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

Here's the report from MBRCheck...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9ED5000 WudfPf.sys
0xB9E48000 Ntfs.sys
0xB9E32000 inspect.sys
0xB9E05000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB9DEB000 Mup.sys
0xBA298000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA560000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C53000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9C3F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9C17000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9BF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB9B8B000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9B5C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9B39000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA6C2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA568000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9AFA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9AE9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA118000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA418000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA128000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB992C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA574000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA138000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA975C000 \SystemRoot\system32\drivers\sthda.sys
0xA9738000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xA9666000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA9569000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA94B9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA430000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA59C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA941B000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xB9DAA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA787000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA450000 \SystemRoot\System32\drivers\vga.sys
0xBA5D6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DA2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA93E8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA938F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA468000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xBA198000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA933F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA470000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA931D000 \SystemRoot\System32\drivers\afd.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA92F2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9282000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA859C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9B21000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9B19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8527000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA84B7000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xBA488000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA228000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA849F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9377000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA4A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA72E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF15A000 \SystemRoot\System32\ATMFD.DLL
0xA83BB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA82EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA80C6000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7E19000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA660000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xBA662000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA96C8000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xA849B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7D71000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7858000 \SystemRoot\System32\Drivers\HTTP.sys
0xA73C4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA7020000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7CF1000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
800 C:\WINDOWS\system32\smss.exe
848 csrss.exe
876 C:\WINDOWS\system32\winlogon.exe
920 C:\WINDOWS\system32\services.exe
932 C:\WINDOWS\system32\lsass.exe
1104 C:\WINDOWS\system32\svchost.exe
1168 svchost.exe
1204 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1236 C:\WINDOWS\system32\svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1508 svchost.exe
1688 svchost.exe
1696 C:\WINDOWS\explorer.exe
1888 C:\WINDOWS\system32\WLTRYSVC.EXE
1912 C:\WINDOWS\system32\BCMWLTRY.EXE
196 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
208 C:\WINDOWS\system32\ctfmon.exe
1296 C:\WINDOWS\system32\spoolsv.exe
1432 svchost.exe
1536 C:\Program Files\Java\jre6\bin\jqs.exe
1016 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1656 sqlbrowser.exe
1904 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
364 C:\WINDOWS\system32\svchost.exe
2652 alg.exe
3540 C:\WINDOWS\system32\svchost.exe
2208 C:\Program Files\RescueTime\RescueTime.exe
2748 C:\Program Files\Mozilla Firefox\firefox.exe
2076 C:\Documents and Settings\Mark Henderson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541040G9AT00, Rev: MB2OA61A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Hello.
Please reboot your machine.

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.

fixmbr

exit

After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run MBRCheck, then post the new log.

I didn't complete this last step, as you suggested.

To be honest, I thought I'd just be fighting another 2-hour reboot/shutdown session, so I took it into a repair shop.

Funny thing is, they couldn't find anything wrong, and when I brought it home, it restarted and behaved like normal. No hung programs, no startup delays, zip.

So...I think the problem is gone, at least for the time being (until I get a MAC). So I own you a tremendous debt of gratitude, for you've licked the problem. And I purchased your ebook as a very small measure of my thanks and appreciation.

You've been very patient and generous with your time on my behalf and I want to thank you again for all you've done.

Warm Regards,

Mark Henderson