Clueless in austin

Well hopefully I'm doing this all right. My problems come when using mozilla browser however safari does not seem to have the same problems. They are mainly just annoying
continual pop-up windows saying "9.temp has encountered an error" or "f.temp has encountered a problem."
Installing programs fail , nothing wants to update w\o failing ie widows defender or new virus definitions.
We don't get blue screens of death or anything major other than just general slowness.
We do get alot of redirection to other than websites clicked on.
I was using avg free for anti-virus and spyware protection.
I have since uninstalled avg and ran kerpesky virus removal tool and malwarebytes anti-malware. I couldn't get c cleaner to install. So far the names i have gotten are "trojan.tracur.s" netman32.exe and avmeter32.exe.
Thank you in advance for any help provided.
OTL Extras logfile created on: 7/10/2011 4:29:11 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\owner\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.47% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.37 Gb Total Space | 126.52 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OWNER-BAF37C0F8 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1:TCP" = 1:TCP:*:Enabled:bsp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\keymgrwow.exe" = C:\WINDOWS\keymgrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iologmsgwow.exe" = C:\WINDOWS\iologmsgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ufatwow.exe" = C:\WINDOWS\ufatwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mqperfwow.exe" = C:\WINDOWS\mqperfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mscorieswow.exe" = C:\WINDOWS\mscorieswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eventclswow.exe" = C:\WINDOWS\eventclswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\licwmiwow.exe" = C:\WINDOWS\licwmiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\tapisrvwow.exe" = C:\WINDOWS\tapisrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\vgawow.exe" = C:\WINDOWS\vgawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nwapi16wow.exe" = C:\WINDOWS\nwapi16wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\odbcintwow.exe" = C:\WINDOWS\odbcintwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\slbcspwow.exe" = C:\WINDOWS\slbcspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\midimapwow.exe" = C:\WINDOWS\midimapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrshuwow.exe" = C:\WINDOWS\nvwrshuwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\w32toplwow.exe" = C:\WINDOWS\w32toplwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdcanwow.exe" = C:\WINDOWS\kbdcanwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\PortableDeviceClassExtensionwow.exe" = C:\WINDOWS\PortableDeviceClassExtensionwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mspmspwow.exe" = C:\WINDOWS\mspmspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\84B.tmp" = C:\WINDOWS\system32\84B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\wuauservwow.exe" = C:\WINDOWS\wuauservwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\RA32SIPRwow.exe" = C:\WINDOWS\RA32SIPRwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\unrarwow.exe" = C:\WINDOWS\unrarwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvrsjawow.exe" = C:\WINDOWS\nvrsjawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\1A2E.tmp" = C:\WINDOWS\system32\1A2E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\sccbasewow.exe" = C:\WINDOWS\sccbasewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\btpanuiwow.exe" = C:\WINDOWS\btpanuiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipxmontrwow.exe" = C:\WINDOWS\ipxmontrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdlvwow.exe" = C:\WINDOWS\kbdlvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\57A.tmp" = C:\WINDOWS\system32\57A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\odbcconfwow.exe" = C:\WINDOWS\odbcconfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsoundwow.exe" = C:\WINDOWS\dsoundwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\compatUIwow.exe" = C:\WINDOWS\compatUIwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\1FBE.tmp" = C:\WINDOWS\Temp\1FBE.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\icardiewow.exe" = C:\WINDOWS\icardiewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\B5E.tmp" = C:\WINDOWS\system32\B5E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dmstylewow.exe" = C:\WINDOWS\dmstylewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pngfiltwow.exe" = C:\WINDOWS\pngfiltwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\2292.tmp" = C:\WINDOWS\system32\2292.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\mll_qicwow.exe" = C:\WINDOWS\mll_qicwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\2695.tmp" = C:\WINDOWS\system32\2695.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\34BE.tmp" = C:\WINDOWS\system32\34BE.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\shimengwow.exe" = C:\WINDOWS\shimengwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\45AB.tmp" = C:\WINDOWS\system32\45AB.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\4DAD.tmp" = C:\WINDOWS\system32\4DAD.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\B5C.tmp" = C:\WINDOWS\system32\B5C.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\5DAB.tmp" = C:\WINDOWS\system32\5DAB.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\untfswow.exe" = C:\WINDOWS\untfswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\davclntwow.exe" = C:\WINDOWS\davclntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\quartzwow.exe" = C:\WINDOWS\quartzwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\oleaut32wow.exe" = C:\WINDOWS\oleaut32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pstorecwow.exe" = C:\WINDOWS\pstorecwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipxpromnwow.exe" = C:\WINDOWS\ipxpromnwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipv6monwow.exe" = C:\WINDOWS\ipv6monwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrsnlwow.exe" = C:\WINDOWS\nvwrsnlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dxtmsftwow.exe" = C:\WINDOWS\dxtmsftwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\twextwow.exe" = C:\WINDOWS\twextwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iepeerswow.exe" = C:\WINDOWS\iepeerswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ir32_32wow.exe" = C:\WINDOWS\ir32_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\5DA9.tmp" = C:\WINDOWS\system32\5DA9.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\objselwow.exe" = C:\WINDOWS\objselwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mfc40uwow.exe" = C:\WINDOWS\mfc40uwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\20E.tmp" = C:\WINDOWS\system32\20E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\210.tmp" = C:\WINDOWS\system32\210.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\20F.tmp" = C:\WINDOWS\system32\20F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvrsskwow.exe" = C:\WINDOWS\nvrsskwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ftsrchwow.exe" = C:\WINDOWS\ftsrchwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msoeacctwow.exe" = C:\WINDOWS\msoeacctwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eapp3hstwow.exe" = C:\WINDOWS\eapp3hstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3gpclntwow.exe" = C:\WINDOWS\dot3gpclntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3.tmp" = C:\WINDOWS\system32\3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B4C.tmp" = C:\WINDOWS\system32\B4C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\netrapwow.exe" = C:\WINDOWS\netrapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\isrdbg32wow.exe" = C:\WINDOWS\isrdbg32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsprpreswow.exe" = C:\WINDOWS\dsprpreswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fltlibwow.exe" = C:\WINDOWS\fltlibwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\qt-dx331wow.exe" = C:\WINDOWS\qt-dx331wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\10AD.tmp" = C:\WINDOWS\Temp\10AD.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\DE7.tmp" = C:\WINDOWS\system32\DE7.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdbewow.exe" = C:\WINDOWS\kbdbewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsound3dwow.exe" = C:\WINDOWS\dsound3dwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\17.tmp" = C:\WINDOWS\system32\17.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdpowow.exe" = C:\WINDOWS\kbdpowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mqadwow.exe" = C:\WINDOWS\mqadwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pnrpnspwow.exe" = C:\WINDOWS\pnrpnspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdgr1wow.exe" = C:\WINDOWS\kbdgr1wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\capesnpnwow.exe" = C:\WINDOWS\capesnpnwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iyuv_32wow.exe" = C:\WINDOWS\iyuv_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\6B.tmp" = C:\WINDOWS\system32\6B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ddrawexwow.exe" = C:\WINDOWS\ddrawexwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrsthwow.exe" = C:\WINDOWS\nvwrsthwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\213.tmp" = C:\WINDOWS\system32\213.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msimsgwow.exe" = C:\WINDOWS\msimsgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\serwvdrvwow.exe" = C:\WINDOWS\serwvdrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\4B.tmp" = C:\WINDOWS\Temp\4B.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\dpnlobbywow.exe" = C:\WINDOWS\dpnlobbywow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\7D.tmp" = C:\WINDOWS\system32\7D.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\system32\B4B.tmp" = C:\WINDOWS\system32\B4B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mqsecwow.exe" = C:\WINDOWS\mqsecwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\356.tmp" = C:\WINDOWS\system32\356.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\system32\399.tmp" = C:\WINDOWS\system32\399.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\nvrsdawow.exe" = C:\WINDOWS\nvrsdawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dmdlgswow.exe" = C:\WINDOWS\dmdlgswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3uiwow.exe" = C:\WINDOWS\dot3uiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3B8.tmp" = C:\WINDOWS\system32\3B8.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvwrscswow.exe" = C:\WINDOWS\nvwrscswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\516.tmp" = C:\WINDOWS\system32\516.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvrsesmwow.exe" = C:\WINDOWS\nvrsesmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\srsvcwow.exe" = C:\WINDOWS\srsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\comsnapwow.exe" = C:\WINDOWS\comsnapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\11D.tmp" = C:\WINDOWS\system32\11D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dmbandwow.exe" = C:\WINDOWS\dmbandwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\odexl32wow.exe" = C:\WINDOWS\odexl32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\22A.tmp" = C:\WINDOWS\system32\22A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\acctreswow.exe" = C:\WINDOWS\acctreswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\39F.tmp" = C:\WINDOWS\system32\39F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ippromonwow.exe" = C:\WINDOWS\ippromonwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\unimdmatwow.exe" = C:\WINDOWS\unimdmatwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msrd2x40wow.exe" = C:\WINDOWS\msrd2x40wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3C4B.tmp" = C:\WINDOWS\system32\3C4B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ksuserwow.exe" = C:\WINDOWS\ksuserwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wzcsvcwow.exe" = C:\WINDOWS\wzcsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\sensapiwow.exe" = C:\WINDOWS\sensapiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\resutilswow.exe" = C:\WINDOWS\resutilswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\cardswow.exe" = C:\WINDOWS\cardswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\92F.tmp" = C:\WINDOWS\Temp\92F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\usrvoicawow.exe" = C:\WINDOWS\usrvoicawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\944.tmp" = C:\WINDOWS\Temp\944.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\309.tmp" = C:\WINDOWS\system32\309.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\397.tmp" = C:\WINDOWS\system32\397.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\iasradwow.exe" = C:\WINDOWS\iasradwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\cfgbkendwow.exe" = C:\WINDOWS\cfgbkendwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\B84.tmp" = C:\WINDOWS\Temp\B84.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B9C.tmp" = C:\WINDOWS\system32\B9C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\B9B.tmp" = C:\WINDOWS\TEMP\B9B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\safrdmwow.exe" = C:\WINDOWS\safrdmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\1.tmp" = C:\WINDOWS\TEMP\1.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\2.tmp" = C:\WINDOWS\Temp\2.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\6D.tmp" = C:\WINDOWS\system32\6D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\xmlprovwow.exe" = C:\WINDOWS\xmlprovwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\3.tmp" = C:\WINDOWS\Temp\3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\5.tmp" = C:\WINDOWS\TEMP\5.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\adsntwow.exe" = C:\WINDOWS\adsntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9D.tmp" = C:\WINDOWS\Temp\9D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvrsfiwow.exe" = C:\WINDOWS\nvrsfiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\1FD.tmp" = C:\WINDOWS\Temp\1FD.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\77F.tmp" = C:\WINDOWS\Temp\77F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\PortableDeviceTypeswow.exe" = C:\WINDOWS\PortableDeviceTypeswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\B3.tmp" = C:\WINDOWS\system32\B3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdbhcwow.exe" = C:\WINDOWS\kbdbhcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\6.tmp" = C:\WINDOWS\Temp\6.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\7.tmp" = C:\WINDOWS\TEMP\7.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\winnlswow.exe" = C:\WINDOWS\winnlswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\483.tmp" = C:\WINDOWS\Temp\483.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\C6.tmp" = C:\WINDOWS\system32\C6.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\4.tmp" = C:\WINDOWS\system32\4.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\9.tmp" = C:\WINDOWS\TEMP\9.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mslbuiwow.exe" = C:\WINDOWS\mslbuiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\MSCTFwow.exe" = C:\WINDOWS\MSCTFwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\A.tmp" = C:\WINDOWS\TEMP\A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\8B.tmp" = C:\WINDOWS\system32\8B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\GdiPluswow.exe" = C:\WINDOWS\GdiPluswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9B.tmp" = C:\WINDOWS\Temp\9B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msvbvm50wow.exe" = C:\WINDOWS\msvbvm50wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9E.tmp" = C:\WINDOWS\Temp\9E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mobsyncwow.exe" = C:\WINDOWS\mobsyncwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\8.tmp" = C:\WINDOWS\Temp\8.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\B.tmp" = C:\WINDOWS\TEMP\B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\shdocvwwow.exe" = C:\WINDOWS\shdocvwwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\C.tmp" = C:\WINDOWS\Temp\C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\D.tmp" = C:\WINDOWS\Temp\D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\11.tmp" = C:\WINDOWS\system32\11.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\igmpagntwow.exe" = C:\WINDOWS\igmpagntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\12.tmp" = C:\WINDOWS\Temp\12.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\E.tmp" = C:\WINDOWS\Temp\E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dnsrslvrwow.exe" = C:\WINDOWS\dnsrslvrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\F.tmp" = C:\WINDOWS\TEMP\F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mshtmlerwow.exe" = C:\WINDOWS\mshtmlerwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\31.tmp" = C:\WINDOWS\system32\31.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\149.tmp" = C:\WINDOWS\Temp\149.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\duserwow.exe" = C:\WINDOWS\duserwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\avmeter32.exe" = C:\WINDOWS\system32\avmeter32.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\odbcp32rwow.exe" = C:\WINDOWS\odbcp32rwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B9A.tmp" = C:\WINDOWS\system32\B9A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\33.tmp" = C:\WINDOWS\system32\33.tmp:*:Enabled:Windows Update Service -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\FrostWire\FrostWire.exe" = E:\FrostWire\FrostWire.exe:*:Enabled:FrostWire 4.21.1
"C:\WINDOWS\keymgrwow.exe" = C:\WINDOWS\keymgrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iologmsgwow.exe" = C:\WINDOWS\iologmsgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ufatwow.exe" = C:\WINDOWS\ufatwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mqperfwow.exe" = C:\WINDOWS\mqperfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mscorieswow.exe" = C:\WINDOWS\mscorieswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eventclswow.exe" = C:\WINDOWS\eventclswow.exe:*:Enabled:Windows Update Service
"C:\Program Files\LuckyWire\LuckyWire.exe" = C:\Program Files\LuckyWire\LuckyWire.exe:*:Enabled:Luckywire
"C:\WINDOWS\licwmiwow.exe" = C:\WINDOWS\licwmiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\tapisrvwow.exe" = C:\WINDOWS\tapisrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\vgawow.exe" = C:\WINDOWS\vgawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nwapi16wow.exe" = C:\WINDOWS\nwapi16wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\odbcintwow.exe" = C:\WINDOWS\odbcintwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\slbcspwow.exe" = C:\WINDOWS\slbcspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\midimapwow.exe" = C:\WINDOWS\midimapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrshuwow.exe" = C:\WINDOWS\nvwrshuwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\w32toplwow.exe" = C:\WINDOWS\w32toplwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdcanwow.exe" = C:\WINDOWS\kbdcanwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\PortableDeviceClassExtensionwow.exe" = C:\WINDOWS\PortableDeviceClassExtensionwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mspmspwow.exe" = C:\WINDOWS\mspmspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\84B.tmp" = C:\WINDOWS\system32\84B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\wuauservwow.exe" = C:\WINDOWS\wuauservwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\RA32SIPRwow.exe" = C:\WINDOWS\RA32SIPRwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\unrarwow.exe" = C:\WINDOWS\unrarwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvrsjawow.exe" = C:\WINDOWS\nvrsjawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\1A2E.tmp" = C:\WINDOWS\system32\1A2E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\sccbasewow.exe" = C:\WINDOWS\sccbasewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\btpanuiwow.exe" = C:\WINDOWS\btpanuiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipxmontrwow.exe" = C:\WINDOWS\ipxmontrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdlvwow.exe" = C:\WINDOWS\kbdlvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\57A.tmp" = C:\WINDOWS\system32\57A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\odbcconfwow.exe" = C:\WINDOWS\odbcconfwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsoundwow.exe" = C:\WINDOWS\dsoundwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\compatUIwow.exe" = C:\WINDOWS\compatUIwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\1FBE.tmp" = C:\WINDOWS\Temp\1FBE.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\icardiewow.exe" = C:\WINDOWS\icardiewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\B5E.tmp" = C:\WINDOWS\system32\B5E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dmstylewow.exe" = C:\WINDOWS\dmstylewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pngfiltwow.exe" = C:\WINDOWS\pngfiltwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\2292.tmp" = C:\WINDOWS\system32\2292.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\mll_qicwow.exe" = C:\WINDOWS\mll_qicwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\2695.tmp" = C:\WINDOWS\system32\2695.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\34BE.tmp" = C:\WINDOWS\system32\34BE.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\shimengwow.exe" = C:\WINDOWS\shimengwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\45AB.tmp" = C:\WINDOWS\system32\45AB.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\4DAD.tmp" = C:\WINDOWS\system32\4DAD.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\B5C.tmp" = C:\WINDOWS\system32\B5C.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\system32\5DAB.tmp" = C:\WINDOWS\system32\5DAB.tmp:*:Enabled:Windows Update Service -- (opx.bit)
"C:\WINDOWS\untfswow.exe" = C:\WINDOWS\untfswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\davclntwow.exe" = C:\WINDOWS\davclntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\quartzwow.exe" = C:\WINDOWS\quartzwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\oleaut32wow.exe" = C:\WINDOWS\oleaut32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pstorecwow.exe" = C:\WINDOWS\pstorecwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipxpromnwow.exe" = C:\WINDOWS\ipxpromnwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipv6monwow.exe" = C:\WINDOWS\ipv6monwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrsnlwow.exe" = C:\WINDOWS\nvwrsnlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dxtmsftwow.exe" = C:\WINDOWS\dxtmsftwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\twextwow.exe" = C:\WINDOWS\twextwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iepeerswow.exe" = C:\WINDOWS\iepeerswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ir32_32wow.exe" = C:\WINDOWS\ir32_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\5DA9.tmp" = C:\WINDOWS\system32\5DA9.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\objselwow.exe" = C:\WINDOWS\objselwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mfc40uwow.exe" = C:\WINDOWS\mfc40uwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\20E.tmp" = C:\WINDOWS\system32\20E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\210.tmp" = C:\WINDOWS\system32\210.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\20F.tmp" = C:\WINDOWS\system32\20F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvrsskwow.exe" = C:\WINDOWS\nvrsskwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ftsrchwow.exe" = C:\WINDOWS\ftsrchwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msoeacctwow.exe" = C:\WINDOWS\msoeacctwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eapp3hstwow.exe" = C:\WINDOWS\eapp3hstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3gpclntwow.exe" = C:\WINDOWS\dot3gpclntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3.tmp" = C:\WINDOWS\system32\3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B4C.tmp" = C:\WINDOWS\system32\B4C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\netrapwow.exe" = C:\WINDOWS\netrapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\isrdbg32wow.exe" = C:\WINDOWS\isrdbg32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsprpreswow.exe" = C:\WINDOWS\dsprpreswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fltlibwow.exe" = C:\WINDOWS\fltlibwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\qt-dx331wow.exe" = C:\WINDOWS\qt-dx331wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\10AD.tmp" = C:\WINDOWS\Temp\10AD.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\DE7.tmp" = C:\WINDOWS\system32\DE7.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdbewow.exe" = C:\WINDOWS\kbdbewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dsound3dwow.exe" = C:\WINDOWS\dsound3dwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\17.tmp" = C:\WINDOWS\system32\17.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdpowow.exe" = C:\WINDOWS\kbdpowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mqadwow.exe" = C:\WINDOWS\mqadwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pnrpnspwow.exe" = C:\WINDOWS\pnrpnspwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdgr1wow.exe" = C:\WINDOWS\kbdgr1wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\capesnpnwow.exe" = C:\WINDOWS\capesnpnwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iyuv_32wow.exe" = C:\WINDOWS\iyuv_32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\6B.tmp" = C:\WINDOWS\system32\6B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ddrawexwow.exe" = C:\WINDOWS\ddrawexwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvwrsthwow.exe" = C:\WINDOWS\nvwrsthwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\213.tmp" = C:\WINDOWS\system32\213.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msimsgwow.exe" = C:\WINDOWS\msimsgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\serwvdrvwow.exe" = C:\WINDOWS\serwvdrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\4B.tmp" = C:\WINDOWS\Temp\4B.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\dpnlobbywow.exe" = C:\WINDOWS\dpnlobbywow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\7D.tmp" = C:\WINDOWS\system32\7D.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\system32\B4B.tmp" = C:\WINDOWS\system32\B4B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mqsecwow.exe" = C:\WINDOWS\mqsecwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\356.tmp" = C:\WINDOWS\system32\356.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\system32\399.tmp" = C:\WINDOWS\system32\399.tmp:*:Enabled:Windows Update Service -- (RAL Asistencia Informática.)
"C:\WINDOWS\nvrsdawow.exe" = C:\WINDOWS\nvrsdawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dmdlgswow.exe" = C:\WINDOWS\dmdlgswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3uiwow.exe" = C:\WINDOWS\dot3uiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3B8.tmp" = C:\WINDOWS\system32\3B8.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvwrscswow.exe" = C:\WINDOWS\nvwrscswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\516.tmp" = C:\WINDOWS\system32\516.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\nvrsesmwow.exe" = C:\WINDOWS\nvrsesmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\srsvcwow.exe" = C:\WINDOWS\srsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\comsnapwow.exe" = C:\WINDOWS\comsnapwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\11D.tmp" = C:\WINDOWS\system32\11D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dmbandwow.exe" = C:\WINDOWS\dmbandwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\odexl32wow.exe" = C:\WINDOWS\odexl32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\22A.tmp" = C:\WINDOWS\system32\22A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\acctreswow.exe" = C:\WINDOWS\acctreswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\39F.tmp" = C:\WINDOWS\system32\39F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ippromonwow.exe" = C:\WINDOWS\ippromonwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\unimdmatwow.exe" = C:\WINDOWS\unimdmatwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msrd2x40wow.exe" = C:\WINDOWS\msrd2x40wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\3C4B.tmp" = C:\WINDOWS\system32\3C4B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ksuserwow.exe" = C:\WINDOWS\ksuserwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wzcsvcwow.exe" = C:\WINDOWS\wzcsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\sensapiwow.exe" = C:\WINDOWS\sensapiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\resutilswow.exe" = C:\WINDOWS\resutilswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\92F.tmp" = C:\WINDOWS\Temp\92F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\cardswow.exe" = C:\WINDOWS\cardswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\944.tmp" = C:\WINDOWS\Temp\944.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\usrvoicawow.exe" = C:\WINDOWS\usrvoicawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\309.tmp" = C:\WINDOWS\system32\309.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\397.tmp" = C:\WINDOWS\system32\397.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\iasradwow.exe" = C:\WINDOWS\iasradwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\cfgbkendwow.exe" = C:\WINDOWS\cfgbkendwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\B84.tmp" = C:\WINDOWS\Temp\B84.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B9C.tmp" = C:\WINDOWS\system32\B9C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\B9B.tmp" = C:\WINDOWS\TEMP\B9B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\safrdmwow.exe" = C:\WINDOWS\safrdmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\1.tmp" = C:\WINDOWS\TEMP\1.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\2.tmp" = C:\WINDOWS\Temp\2.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\6D.tmp" = C:\WINDOWS\system32\6D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\xmlprovwow.exe" = C:\WINDOWS\xmlprovwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\3.tmp" = C:\WINDOWS\Temp\3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\5.tmp" = C:\WINDOWS\TEMP\5.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\9D.tmp" = C:\WINDOWS\Temp\9D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\adsntwow.exe" = C:\WINDOWS\adsntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvrsfiwow.exe" = C:\WINDOWS\nvrsfiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\1FD.tmp" = C:\WINDOWS\Temp\1FD.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\77F.tmp" = C:\WINDOWS\Temp\77F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\PortableDeviceTypeswow.exe" = C:\WINDOWS\PortableDeviceTypeswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\B3.tmp" = C:\WINDOWS\system32\B3.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\kbdbhcwow.exe" = C:\WINDOWS\kbdbhcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\6.tmp" = C:\WINDOWS\Temp\6.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\7.tmp" = C:\WINDOWS\TEMP\7.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\483.tmp" = C:\WINDOWS\Temp\483.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\winnlswow.exe" = C:\WINDOWS\winnlswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\C6.tmp" = C:\WINDOWS\system32\C6.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\4.tmp" = C:\WINDOWS\system32\4.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\9.tmp" = C:\WINDOWS\TEMP\9.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mslbuiwow.exe" = C:\WINDOWS\mslbuiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\MSCTFwow.exe" = C:\WINDOWS\MSCTFwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\A.tmp" = C:\WINDOWS\TEMP\A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\8B.tmp" = C:\WINDOWS\system32\8B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\GdiPluswow.exe" = C:\WINDOWS\GdiPluswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9B.tmp" = C:\WINDOWS\Temp\9B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\msvbvm50wow.exe" = C:\WINDOWS\msvbvm50wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9E.tmp" = C:\WINDOWS\Temp\9E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mobsyncwow.exe" = C:\WINDOWS\mobsyncwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\8.tmp" = C:\WINDOWS\Temp\8.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\TEMP\B.tmp" = C:\WINDOWS\TEMP\B.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\shdocvwwow.exe" = C:\WINDOWS\shdocvwwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\C.tmp" = C:\WINDOWS\Temp\C.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\D.tmp" = C:\WINDOWS\Temp\D.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\11.tmp" = C:\WINDOWS\system32\11.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\igmpagntwow.exe" = C:\WINDOWS\igmpagntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\12.tmp" = C:\WINDOWS\Temp\12.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\E.tmp" = C:\WINDOWS\Temp\E.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\dnsrslvrwow.exe" = C:\WINDOWS\dnsrslvrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\TEMP\F.tmp" = C:\WINDOWS\TEMP\F.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mshtmlerwow.exe" = C:\WINDOWS\mshtmlerwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\31.tmp" = C:\WINDOWS\system32\31.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\Temp\149.tmp" = C:\WINDOWS\Temp\149.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\duserwow.exe" = C:\WINDOWS\duserwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\avmeter32.exe" = C:\WINDOWS\system32\avmeter32.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\odbcp32rwow.exe" = C:\WINDOWS\odbcp32rwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\B9A.tmp" = C:\WINDOWS\system32\B9A.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\system32\33.tmp" = C:\WINDOWS\system32\33.tmp:*:Enabled:Windows Update Service -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
"{27113CA3-36B8-48AB-A419-79CF1FC0ECED}" = Ulead VideoStudio 5.0 DV
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV TS
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E69CE0-45FD-11D4-AA4A-00C0580802FD}" = eUSB SCSI Adapter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E5BD1F9C-8BBA-410E-837D-94D523269F8F}" = ArcSoft MediaConverter
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E6CF5B58-E775-46C0-BFF2-F39A0014FE4A}" = muvee autoProducer 4.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.06
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Bejeweled 3" = Bejeweled 3
"Defraggler" = Defraggler
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Studio_is1" = Free Studio version 4.9.13
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.5
"USB File Transfer 1.13A" = USB File Transfer 1.13A
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/4/2011 6:46:20 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 6:52:31 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 6:58:41 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:04:51 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:11:02 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:17:13 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:23:23 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:29:36 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:35:46 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

Error - 7/4/2011 7:41:57 AM | Computer Name = OWNER-BAF37C0F8 | Source = Application Error | ID = 1000
Description = Faulting application B9A.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00019af2.

[ System Events ]
Error - 7/9/2011 12:28:37 AM | Computer Name = OWNER-BAF37C0F8 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ACER-D37F251F21 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{FC558FD0-A94. The master browser is stopping or an election is being
forced.

Error - 7/9/2011 4:53:45 PM | Computer Name = OWNER-BAF37C0F8 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.107.1308.0).

Error - 7/9/2011 5:15:50 PM | Computer Name = OWNER-BAF37C0F8 | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).

Error - 7/9/2011 5:15:59 PM | Computer Name = OWNER-BAF37C0F8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/9/2011 9:55:02 PM | Computer Name = OWNER-BAF37C0F8 | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 7/9/2011 10:52:21 PM | Computer Name = OWNER-BAF37C0F8 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.107.1308.0).

Error - 7/10/2011 12:14:58 AM | Computer Name = OWNER-BAF37C0F8 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.107.1308.0).

Error - 7/10/2011 12:04:08 PM | Computer Name = OWNER-BAF37C0F8 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.107.1308.0).

Error - 7/10/2011 3:24:47 PM | Computer Name = OWNER-BAF37C0F8 | Source = Service Control Manager | ID = 7034
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s).

Error - 7/10/2011 5:26:59 PM | Computer Name = OWNER-BAF37C0F8 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >
aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-10 18:14:10
-----------------------------
18:14:10.812 OS Version: Windows 5.1.2600 Service Pack 3
18:14:10.812 Number of processors: 2 586 0xF0D
18:14:10.812 ComputerName: OWNER-BAF37C0F8 UserName: owner
18:14:13.578 Initialize success
18:14:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:14:46.859 Disk 0 Vendor: HDS722516VLAT80 V34OA60A Size: 157066MB BusType: 3
18:14:46.875 Disk 0 MBR read successfully
18:14:46.875 Disk 0 MBR scan
18:14:46.875 Disk 0 Windows XP default MBR code
18:14:46.890 Disk 0 scanning sectors +321637365
18:14:46.953 Disk 0 scanning C:\WINDOWS\system32\drivers
18:15:04.781 Service scanning
18:15:07.484 Disk 0 trace - called modules:
18:15:07.484 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:15:07.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b9bab8]
18:15:07.484 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x89bdf820]
18:15:07.484 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ba0940]
18:15:07.484 Scan finished successfully
18:17:00.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner\Desktop\MBR.dat"
18:17:00.593 The log file has been saved successfully to "C:\Documents and Settings\owner\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Ok I downloaded from the links when it ran I got this message,
"This machine does not have MS windows recovery console installed. alternately, an existing installation of the recovery console may be present but requires updating. without it combofix shall not attempt some serious infections. click "yes" to have combofix download/install it.
I'm going to click yes and will post results.

ComboFix 11-07-10.05 - owner 07/10/2011 21:12:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1349 [GMT -5:00]
Running from: c:\documents and settings\owner\My Documents\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\02000000a8eb6a061224C.manifest
c:\documents and settings\LocalService\Application Data\02000000a8eb6a061224O.manifest
c:\documents and settings\LocalService\Application Data\02000000a8eb6a061224P.manifest
c:\documents and settings\LocalService\Application Data\02000000a8eb6a061224S.manifest
c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}
c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}\chrome.manifest
c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}\chrome\xulcache.jar
c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}\defaults\preferences\xulcache.js
c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}\install.rdf
c:\documents and settings\owner\Application Data\syswin
c:\windows\rasmanswow.exe
c:\windows\system32\1513997607
c:\windows\system32\1513997607\new.i0.kwd
c:\windows\system32\1513997607\new.i1.kwd
c:\windows\system32\1513997607\new.i10.kwd
c:\windows\system32\1513997607\new.i11.kwd
c:\windows\system32\1513997607\new.i12.kwd
c:\windows\system32\1513997607\new.i13.kwd
c:\windows\system32\1513997607\new.i14.kwd
c:\windows\system32\1513997607\new.i15.kwd
c:\windows\system32\1513997607\new.i2.kwd
c:\windows\system32\1513997607\new.i3.kwd
c:\windows\system32\1513997607\new.i4.kwd
c:\windows\system32\1513997607\new.i5.kwd
c:\windows\system32\1513997607\new.i6.kwd
c:\windows\system32\1513997607\new.i7.kwd
c:\windows\system32\1513997607\new.i8.kwd
c:\windows\system32\1513997607\new.i9.kwd
c:\windows\system32\2007513055
c:\windows\system32\2007513055\frt0.rar
c:\windows\system32\2007513055\frt0.rar.ver
c:\windows\system32\2007513055\frt1.rar
c:\windows\system32\2007513055\frt1.rar.ver
c:\windows\system32\2007513055\frt10.rar
c:\windows\system32\2007513055\frt10.rar.ver
c:\windows\system32\2007513055\frt11.rar
c:\windows\system32\2007513055\frt11.rar.ver
c:\windows\system32\2007513055\frt12.rar
c:\windows\system32\2007513055\frt12.rar.ver
c:\windows\system32\2007513055\frt13.rar
c:\windows\system32\2007513055\frt13.rar.ver
c:\windows\system32\2007513055\frt14.rar
c:\windows\system32\2007513055\frt14.rar.ver
c:\windows\system32\2007513055\frt15.rar
c:\windows\system32\2007513055\frt15.rar.ver
c:\windows\system32\2007513055\frt2.rar
c:\windows\system32\2007513055\frt2.rar.ver
c:\windows\system32\2007513055\frt3.rar
c:\windows\system32\2007513055\frt3.rar.ver
c:\windows\system32\2007513055\frt4.rar
c:\windows\system32\2007513055\frt4.rar.ver
c:\windows\system32\2007513055\frt5.rar
c:\windows\system32\2007513055\frt5.rar.ver
c:\windows\system32\2007513055\frt6.rar
c:\windows\system32\2007513055\frt6.rar.ver
c:\windows\system32\2007513055\frt7.rar
c:\windows\system32\2007513055\frt7.rar.ver
c:\windows\system32\2007513055\frt8.rar
c:\windows\system32\2007513055\frt8.rar.ver
c:\windows\system32\2007513055\frt9.rar
c:\windows\system32\2007513055\frt9.rar.ver
c:\windows\system32\2292.tmp
c:\windows\system32\2695.tmp
c:\windows\system32\34BE.tmp
c:\windows\system32\45AB.tmp
c:\windows\system32\4DAD.tmp
c:\windows\system32\511279459
c:\windows\system32\5DAB.tmp
c:\windows\system32\avmeter32.dll
c:\windows\system32\B5C.tmp
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u844494874v0
c:\windows\system32\SysWoW32\@u844494874v1
c:\windows\system32\SysWoW32\@u844494874v10
c:\windows\system32\SysWoW32\@u844494874v11
c:\windows\system32\SysWoW32\@u844494874v2
c:\windows\system32\SysWoW32\@u844494874v3
c:\windows\system32\SysWoW32\@u844494874v8
c:\windows\system32\SysWoW32\@u844494874v9
c:\windows\system32\SysWoW32\_u844494874v0
c:\windows\system32\SysWoW32\_u844494874v1
c:\windows\system32\SysWoW32\_u844494874v10
c:\windows\system32\SysWoW32\_u844494874v11
c:\windows\system32\SysWoW32\_u844494874v2
c:\windows\system32\SysWoW32\_u844494874v3
c:\windows\system32\SysWoW32\_u844494874v8
c:\windows\system32\SysWoW32\_u844494874v9
c:\windows\system32\SysWoW32\mu844494874v12
c:\windows\system32\SysWoW32\mu844494874v12.kwd
c:\windows\system32\SysWoW32\mu844494874v13
c:\windows\system32\SysWoW32\mu844494874v13.kwd
c:\windows\system32\SysWoW32\mu844494874v14
c:\windows\system32\SysWoW32\mu844494874v14.kwd
c:\windows\system32\SysWoW32\mu844494874v15
c:\windows\system32\SysWoW32\mu844494874v15.kwd
c:\windows\system32\SysWoW32\mu844494874v4
c:\windows\system32\SysWoW32\mu844494874v4.kwd
c:\windows\system32\SysWoW32\mu844494874v5
c:\windows\system32\SysWoW32\mu844494874v5.kwd
c:\windows\system32\SysWoW32\mu844494874v6
c:\windows\system32\SysWoW32\mu844494874v6.kwd
c:\windows\system32\SysWoW32\mu844494874v7
c:\windows\system32\SysWoW32\mu844494874v7.kwd
c:\windows\system32\SysWoW32\wu844494874v0
c:\windows\system32\SysWoW32\wu844494874v0.kwd
c:\windows\system32\SysWoW32\wu844494874v1
c:\windows\system32\SysWoW32\wu844494874v1.kwd
c:\windows\system32\SysWoW32\wu844494874v10
c:\windows\system32\SysWoW32\wu844494874v10.kwd
c:\windows\system32\SysWoW32\wu844494874v11
c:\windows\system32\SysWoW32\wu844494874v11.kwd
c:\windows\system32\SysWoW32\wu844494874v2
c:\windows\system32\SysWoW32\wu844494874v2.kwd
c:\windows\system32\SysWoW32\wu844494874v3
c:\windows\system32\SysWoW32\wu844494874v3.kwd
c:\windows\system32\SysWoW32\wu844494874v8
c:\windows\system32\SysWoW32\wu844494874v8.kwd
c:\windows\system32\SysWoW32\wu844494874v9
c:\windows\system32\SysWoW32\wu844494874v9.kwd
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 01:34 . 2011-07-11 01:34 -------- d-----w- c:\program files\WonderFox Soft
2011-07-10 21:02 . 2011-07-10 21:02 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2011-07-10 21:02 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 21:02 . 2011-07-10 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-10 21:02 . 2011-07-10 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-10 21:02 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 19:25 . 2011-07-10 19:25 509952 --sh--w- c:\windows\odbcp32rwow.exe
2011-07-10 19:24 . 2011-07-10 19:24 1127424 --sha-w- c:\windows\system32\B9A.tmp
2011-07-10 19:24 . 2011-03-31 01:16 1416192 ------w- c:\windows\system32\avmeter32.exe
2011-07-10 18:48 . 2011-07-10 18:48 509952 --sh--w- c:\windows\duserwow.exe
2011-07-10 12:47 . 2011-07-10 17:47 1127424 --sha-w- c:\windows\system32\33.tmp
2011-07-10 07:47 . 2011-07-10 07:47 1127424 --sha-w- c:\windows\system32\31.tmp
2011-07-10 02:58 . 2011-07-10 02:59 -------- d-----w- c:\windows\LastGood
2011-07-10 02:58 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\69691582.sys
2011-07-10 02:58 . 2009-10-10 04:31 315408 ----a-w- c:\windows\system32\drivers\6969158.sys
2011-07-10 02:58 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\69691581.sys
2011-07-10 02:48 . 2011-07-10 02:48 509952 --sh--w- c:\windows\mshtmlerwow.exe
2011-07-09 08:27 . 2011-07-09 18:27 1127424 --sha-w- c:\windows\system32\11.tmp
2011-07-08 18:22 . 2011-07-08 23:22 1127424 --sha-w- c:\windows\system32\8B.tmp
2011-07-08 02:22 . 2011-07-10 02:43 -------- d-----w- c:\documents and settings\Administrator
2011-07-07 12:33 . 2011-07-07 22:33 1127424 --sha-w- c:\windows\system32\4.tmp
2011-07-07 12:33 . 2011-07-07 12:33 0 ----a-w- c:\windows\system32\2.tmp
2011-07-07 07:21 . 2011-07-07 07:21 0 ----a-w- c:\windows\system32\669.tmp
2011-07-07 07:20 . 2011-07-07 07:20 0 ----a-w- c:\windows\system32\668.tmp
2011-07-06 11:20 . 2011-07-07 02:20 1118208 --sha-w- c:\windows\system32\C6.tmp
2011-07-05 08:13 . 2011-07-06 04:13 1118208 --sha-w- c:\windows\system32\B3.tmp
2011-07-05 03:26 . 2011-07-05 03:27 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-04 05:56 . 2011-07-04 15:56 1118208 --sha-w- c:\windows\system32\6D.tmp
2011-07-03 13:58 . 2011-07-03 23:58 1118208 --sha-w- c:\windows\system32\B9C.tmp
2011-06-30 04:21 . 2011-07-02 16:21 1119744 --sha-w- c:\windows\system32\309.tmp
2011-06-28 16:04 . 2011-06-28 16:04 1133056 --sha-w- c:\windows\system32\3C4B.tmp
2011-06-20 18:14 . 2011-06-24 02:14 1136128 --sha-w- c:\windows\system32\39F.tmp
2011-06-20 18:13 . 2011-06-20 18:13 0 ----a-w- c:\windows\system32\39E.tmp
2011-06-19 20:28 . 2011-06-19 20:28 1171968 --sha-w- c:\windows\system32\22A.tmp
2011-06-16 20:16 . 2011-06-16 20:16 1181696 --sha-w- c:\windows\system32\11D.tmp
2011-06-13 17:54 . 2011-06-14 13:54 1177600 --sha-w- c:\windows\system32\516.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 10:18 . 2011-05-24 02:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 10:00 . 2011-06-09 02:01 1184768 --sha-w- c:\windows\system32\3B8.tmp
2011-06-09 02:00 . 2011-06-09 02:00 0 ----a-w- c:\windows\system32\3B7.tmp
2011-06-08 06:00 . 2011-06-07 10:00 1124864 --sha-w- c:\windows\system32\399.tmp
2011-06-06 21:59 . 2011-06-06 21:59 1135616 --sha-w- c:\windows\system32\356.tmp
2011-06-05 10:58 . 2011-06-03 18:58 1132032 --sha-w- c:\windows\system32\7D.tmp
2011-06-01 14:32 . 2011-05-31 18:32 1129472 --sha-w- c:\windows\system32\213.tmp
2011-05-30 22:31 . 2011-05-18 10:19 1123328 --sha-w- c:\windows\system32\B4B.tmp
2011-05-29 12:54 . 2011-05-27 20:54 1123328 --sha-w- c:\windows\system32\6B.tmp
2011-05-26 14:09 . 2011-05-24 22:09 1123328 --sha-w- c:\windows\system32\17.tmp
2011-05-25 00:14 . 2010-10-26 17:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 20:45 . 2011-05-21 08:45 1118720 --sha-w- c:\windows\system32\DE7.tmp
2011-05-18 10:19 . 2011-05-18 10:19 1122816 --sha-w- c:\windows\system32\B4C.tmp
2011-05-18 10:17 . 2011-05-17 14:17 1107968 --sha-w- c:\windows\system32\3.tmp
2011-05-14 06:47 . 2011-05-13 10:47 1124352 --sha-w- c:\windows\system32\210.tmp
2011-05-13 10:47 . 2011-05-13 10:47 1124352 --sha-w- c:\windows\system32\20F.tmp
2011-05-13 10:45 . 2011-05-13 10:45 1117696 --sha-w- c:\windows\system32\20E.tmp
2011-05-12 10:52 . 2011-05-04 22:29 1117696 --sha-w- c:\windows\system32\5DA9.tmp
2011-05-02 15:31 . 2010-10-25 23:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 10:42 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 05:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2008-04-14 10:42 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2008-04-14 10:42 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2008-04-14 10:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2008-04-14 10:41 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2008-04-14 05:07 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 05:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-18 04:45 . 2011-04-15 16:45 1046528 --sha-w- c:\windows\system32\B5E.tmp
2011-04-15 00:42 . 2011-04-14 04:42 1083392 --sha-w- c:\windows\system32\57A.tmp
2011-04-12 21:15 . 2011-04-12 01:06 1066496 --sha-w- c:\windows\system32\1A2E.tmp
2011-04-14 16:26 . 2011-05-12 14:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-11 10:25 1067008 --sha-w- c:\windows\system32\84B.tmp
2011-03-31 01:17 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-31 01:17 203776 --sh--w- c:\windows\system32\5020F9D192DE5A42A3C1DEC1C9896003\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeMem Pro"="c:\documents and settings\owner\Desktop\fmempro.exe" [1999-02-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-26 16377344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANAA4ADMANAAyADcANgA1ADUALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA&prod=90&ver=9.0.894" [?]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\owner\Start Menu\Programs\Startup\
setup_9.0.0.722_03.04.2011_16-26.lnk - c:\documents and settings\owner\Desktop\Virus Removal Tool\setup_9.0.0.722_03.04.2011_16-26\startup.exe [2011-7-9 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\msr2c32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\84B.tmp"=
"c:\\WINDOWS\\system32\\1A2E.tmp"=
"c:\\WINDOWS\\system32\\57A.tmp"=
"c:\\WINDOWS\\system32\\B5E.tmp"=
"c:\\WINDOWS\\system32\\5DA9.tmp"=
"c:\\WINDOWS\\system32\\20E.tmp"=
"c:\\WINDOWS\\system32\\210.tmp"=
"c:\\WINDOWS\\system32\\20F.tmp"=
"c:\\WINDOWS\\system32\\3.tmp"=
"c:\\WINDOWS\\system32\\B4C.tmp"=
"c:\\WINDOWS\\system32\\DE7.tmp"=
"c:\\WINDOWS\\system32\\17.tmp"=
"c:\\WINDOWS\\system32\\6B.tmp"=
"c:\\WINDOWS\\system32\\213.tmp"=
"c:\\WINDOWS\\system32\\7D.tmp"=
"c:\\WINDOWS\\system32\\B4B.tmp"=
"c:\\WINDOWS\\system32\\356.tmp"=
"c:\\WINDOWS\\system32\\399.tmp"=
"c:\\WINDOWS\\system32\\3B8.tmp"=
"c:\\WINDOWS\\system32\\516.tmp"=
"c:\\WINDOWS\\system32\\11D.tmp"=
"c:\\WINDOWS\\system32\\22A.tmp"=
"c:\\WINDOWS\\system32\\39F.tmp"=
"c:\\WINDOWS\\system32\\3C4B.tmp"=
"c:\\WINDOWS\\system32\\309.tmp"=
"c:\\WINDOWS\\system32\\B9C.tmp"=
"c:\\WINDOWS\\system32\\6D.tmp"=
"c:\\WINDOWS\\system32\\B3.tmp"=
"c:\\WINDOWS\\system32\\C6.tmp"=
"c:\\WINDOWS\\system32\\4.tmp"=
"c:\\WINDOWS\\system32\\8B.tmp"=
"c:\\WINDOWS\\system32\\11.tmp"=
"c:\\WINDOWS\\mshtmlerwow.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\31.tmp"=
"c:\\WINDOWS\\duserwow.exe"=
"c:\\WINDOWS\\system32\\avmeter32.exe"=
"c:\\WINDOWS\\odbcp32rwow.exe"=
"c:\\WINDOWS\\system32\\B9A.tmp"=
"c:\\WINDOWS\\system32\\33.tmp"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1:TCP"= 1:TCP:bsp
.
R0 69691582;69691582 Boot Guard Driver;c:\windows\system32\drivers\69691582.sys [7/9/2011 9:58 PM 37392]
R1 69691581;69691581;c:\windows\system32\drivers\69691581.sys [7/9/2011 9:58 PM 128016]
R1 setup_9.0.0.722_03.04.2011_16-26drv;setup_9.0.0.722_03.04.2011_16-26drv;c:\windows\system32\drivers\6969158.sys [7/9/2011 9:58 PM 315408]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 1:28 PM 30864]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 9:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2011 4:02 PM 22712]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/10/2011 4:02 PM 39984]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2011 4:02 PM 366640]
S2 Netlogon32;Net Logon ;c:\windows\system32\avmeter32.exe [7/10/2011 2:24 PM 1416192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [9/2/2010 3:18 PM 227232]
S3 ute0otez;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute0otez.sys --> c:\windows\system32\Drivers\ute0otez.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69691581
*NewlyCreated* - 69691582
*NewlyCreated* - ASWMBR
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NETLOGON32
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: Free YouTube Download - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {14E95046-BEC7-46D2-B9E3-74B1AD14AC65} - hxxp://dell.bspmarketing.com/sales/msi/cab/sport.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1485B11C-3821-4849-8FB4-5FCB306D55D4} - c:\windows\system32\avifile32.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-10 21:27:03
ComboFix-quarantined-files.txt 2011-07-11 02:27
.
Pre-Run: 135,944,736,768 bytes free
Post-Run: 138,467,524,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 29CCFF226298D06632A1EB2FB8AAC44F

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7118

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/13/2011 7:20:55 PM
mbam-log-2011-07-13 (19-20-55).txt

Scan type: Quick scan
Objects scanned: 161729
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\WINDOWS\system32\msr2c32.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\msr2c32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\avmeter32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\owner\my documents\downloads\quicktime_update_kb639212.exe (Malware.Tracur.PGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\11.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\11D.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\DE7.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sens32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B3.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B4B.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B4C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B9A.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B9C.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\netman32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\C6.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\17.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\20E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\20F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\210.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\213.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\22A.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\309.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\31.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\33.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\356.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\399.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\39F.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\3B8.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\3C4B.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\4.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\516.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5DA9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6B.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6D.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\7D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

Ok so after the computer restarted for giggles i ran kaspersky virus removal tool. During the search at 36% it found trojan.win.32.searches.us.
Just above where is says trojan program it says
object: C:\Qoobox\Quarantine\C\WINDOWS\system32\avmeter32.dll.vir
Hopefully i didn't jump the gun and goof anything up worse. Right now kaspersky has a window up asking which i would like to do , 1. delete(recommended) object will be deleted
2.skip(do not perform any action)
I will wait for further directions from you before I do anything else.

Thank you again and again for your help on this issue I am having.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

SETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8e8a076a7a04364ea97350711f98d56c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-16 03:26:52
# local_time=2011-07-15 10:26:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 21743359 21743359 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79315
# found=22
# cleaned=22
# scan_time=7712
C:\Documents and Settings\owner\Desktop\everythingelse\Mozilla Firefox\repairsetup.exe Win32/Adware.ErrorRepairPro application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\owner\My Documents\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AU application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ty8qlaj8.default\extensions\{b99b8399-7fe7-458b-893c-a61cdd9c329d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\2292.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\2695.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\34BE.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\45AB.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\4DAD.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\5DAB.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\avmeter32.dll.vir a variant of Win32/Kryptik.OXW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\B5C.tmp.vir a variant of Win32/Kryptik.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP16\A0000446.exe Win32/Adware.ErrorRepairPro application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP2\A0000025.exe a variant of Win32/Kryptik.PVN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP2\A0000026.exe a variant of Win32/Kryptik.PVN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP4\A0000114.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP5\A0000124.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP9\A0000177.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{69C0EE24-FC88-4779-8FA5-A69639A2E8FC}\RP9\A0000195.dll a variant of Win32/Kryptik.OXW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\57A.tmp a variant of Win32/Kryptik.MRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\84B.tmp a variant of Win32/Kryptik.MRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\5020F9D192DE5A42A3C1DEC1C9896003\b\binm1 a variant of Win32/Kryptik.PVN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\5020F9D192DE5A42A3C1DEC1C9896003\b\bint1 a variant of Win32/Kryptik.PVN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

sorry it took so long to get back had a family emergency

How is your computer running at this point?

Well I believe you mark me down as another success story. I haven't heard any complaints from the kids at the computer. I ran the malware bytes and anti virus again and no infections have been found and no more slow running or silly pop-up error messages.

Thank you again so much for your time and help.
I will spread your praises as far across Texas as humanly possible.

Mike Williams

You're welcome, and thanks!