jusched.exe always crashes

Every time i try to post it says page is unavailable. This only happen when i try to post my log files in. Any ideas?

I am getting this error, when using firefox, or similar when using chrome. It will let me post some things, but not others, any ideas?


The connection was reset




The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

I Am only able to post this after sending it to another computer and posting it.

This seems like a great informative website. This is my first time on it and i think i have a lot of issues. But, it might be nothing for you guys.

Anyway, to begin my computer starts super slow anymore, and runs super slow, and a lot of things just take forever, or never open.

Every time the computer is on, i get this pop-up window, for a "Just-In-Time Debugging" When i close it, it just come back.

I have a "windows Security Center" Icon in the bottom right hand corner and i don't know if it is legit, or some kind of fake malware. It is a red shield with a white cross.

Anytime i am searching the internet and click a google link, it just takes me to some random site like buy this car or local businesses or anything. I am always redirected away from the page i want to go to.

Random websites also just pop up in additional tabs or windows.

I Also get this thing that resembles Symantec Antivirus, but it is called "Auto-Protect Results"

When i use flash drives and my digital it always come up with this recycler error, and there is a hidden recycler file on my flash drives and digital camera. It wont allow me access to the things in the flash memory or digital camera.

Additionally, i am getting alot of messages saying webpage no longer available or webpage cannot be displayed. for instance windowsupdate and for the GeekPolice when i tried to post this issue

Also, just realized i have a ton of transparent icons covering my desktop now

Thank you for the help in advance guys. Since i didn't know which log you wanted posted specifically ill post both.





OTL logfile created on: 5/1/2011 8:27:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\RT\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 30.00% Memory free
911.00 Mb Paging File | 314.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 18.66 Gb Free Space | 33.39% Space Free | Partition Type: NTFS
Drive D: | 74.47 Gb Total Space | 27.52 Gb Free Space | 36.96% Space Free | Partition Type: NTFS

Computer Name: SCHOOL_TIME | User Name: RT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 20:26:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RT\My Documents\Downloads\OTL.com
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/25 10:05:52 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/17 12:30:32 | 000,018,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/10/08 11:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 20:26:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RT\My Documents\Downloads\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/02 15:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/29 14:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 19:40:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45FAD0EA-CEF5-4981-B79E-08AAD7A4455B}\MpKsl0287ba36.sys -- (MpKsl0287ba36)
DRV - [2011/05/01 18:20:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45FAD0EA-CEF5-4981-B79E-08AAD7A4455B}\MpKsl6e9f19ce.sys -- (MpKsl6e9f19ce)
DRV - [2011/05/01 11:06:03 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45FAD0EA-CEF5-4981-B79E-08AAD7A4455B}\MpKsl9322362d.sys -- (MpKsl9322362d)
DRV - [2011/04/30 13:37:26 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45FAD0EA-CEF5-4981-B79E-08AAD7A4455B}\MpKslc2bee067.sys -- (MpKslc2bee067)
DRV - [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/03/28 19:53:26 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/08/02 15:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/31 05:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 05:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/05/16 19:46:15 | 000,347,648 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/12/19 04:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/07/01 02:41:00 | 000,107,648 | R--- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnetusbl.sys -- (USBNET)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/05/14 20:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/25 10:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 01:10:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 20:19:05 | 000,000,000 | ---D | M]

[2008/11/16 14:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RT\Application Data\Mozilla\Extensions
[2011/04/30 09:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RT\Application Data\Mozilla\Firefox\Profiles\oqyoymet.default\extensions
[2009/09/09 17:09:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\RT\Application Data\Mozilla\Firefox\Profiles\oqyoymet.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/23 21:53:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\RT\Application Data\Mozilla\Firefox\Profiles\oqyoymet.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/02/25 05:23:28 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\RT\Application Data\Mozilla\Firefox\Profiles\oqyoymet.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/02/25 05:41:35 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\Mozilla\Firefox\Profiles\oqyoymet.default\searchplugins\aolsearch.xml
[2011/05/01 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 17:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2006/07/07 00:22:00 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npActiveGS.dll
[2011/05/01 17:14:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2003/01/15 19:39:16 | 000,036,864 | ---- | M] (WildTangent) -- C:\Program Files\Mozilla Firefox\plugins\npWTHost.dll
[2011/02/27 17:55:07 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4_optin/vet_install_popup.pl?3&6&04.00.10.1&unknown&unknown&http://www.viewpoint.com/pub/products/vmp.html (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://www.passalong.com/Music/install/network/install.exe (InstallShield Setup Player 2K2)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125440442918 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125441230293 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave.com/content/luxor/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab (ACNPlayer2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/05 13:16:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/04 18:57:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f354704e-62eb-11e0-ab92-0060b3ec0a2f}\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: DIAGENT - hkey= - key= - C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: LogitechSoftwareUpdate - hkey= - key= - C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechVideoRepair - hkey= - key= - C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechVideoTray - hkey= - key= - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: aux2 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 18:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/05/01 17:15:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/01 17:15:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 17:15:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 17:15:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/29 23:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RT\Start Menu\Programs\Google Chrome
[2011/04/23 19:20:59 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/04/23 19:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/21 18:56:04 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\RT\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/21 18:55:53 | 001,780,900 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\RT\Desktop\mseinstall.exe
[2011/04/18 14:46:53 | 000,688,120 | ---- | C] (VaxSoft [www.vaxvoip.com]) -- C:\VaxSIPUserAgentOCX.ocx
[2011/04/18 14:46:51 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\MSWINSCK.OCX
[2008/02/20 22:32:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\RT\Application Data\pcouffin.sys
[2007/09/03 17:49:10 | 000,347,648 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[2005/09/03 11:27:22 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2005/09/02 18:21:44 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[59 C:\Documents and Settings\RT\Desktop\*.tmp files -> C:\Documents and Settings\RT\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\RT\Application Data\*.tmp files -> C:\Documents and Settings\RT\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 20:33:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 20:31:09 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-602609370-725345543-1007UA.job
[2011/05/01 20:19:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2011/05/01 19:45:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/01 19:03:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/01 18:59:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 18:59:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 18:00:31 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for RT.job
[2011/05/01 17:14:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 17:14:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 17:14:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/01 17:14:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/01 17:14:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/30 23:31:07 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-602609370-725345543-1007Core.job
[2011/04/30 11:13:27 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\RT\Desktop\WindowsDefender.msi
[2011/04/30 11:08:52 | 001,780,900 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\RT\Desktop\mseinstall.exe
[2011/04/30 10:05:34 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\RT\Desktop\Google Chrome.lnk
[2011/04/30 10:05:34 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/29 22:57:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy.job
[2011/04/26 21:20:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/24 00:09:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/23 23:49:12 | 000,000,002 | ---- | M] () -- C:\d43skj.dll
[2011/04/23 19:14:34 | 000,831,162 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 19:14:34 | 000,224,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 19:13:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/21 18:45:04 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\RT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 17:40:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 14:46:56 | 000,688,120 | ---- | M] (VaxSoft [www.vaxvoip.com]) -- C:\VaxSIPUserAgentOCX.ocx
[2011/04/18 14:46:52 | 000,108,336 | ---- | M] (Microsoft Corporation) -- C:\MSWINSCK.OCX
[2011/04/17 10:46:02 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/14 10:14:02 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\RT\Desktop\mbam-setup-1.50.1.1100.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[59 C:\Documents and Settings\RT\Desktop\*.tmp files -> C:\Documents and Settings\RT\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\RT\Application Data\*.tmp files -> C:\Documents and Settings\RT\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 20:19:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2011/05/01 20:19:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/30 11:22:33 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\RT\Desktop\WindowsDefender.msi
[2011/04/30 10:05:34 | 000,002,239 | ---- | C] () -- C:\Documents and Settings\RT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 10:05:33 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\RT\Desktop\Google Chrome.lnk
[2011/04/24 00:09:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/23 19:18:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/23 19:13:33 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/23 19:12:46 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/21 08:14:37 | 000,000,002 | ---- | C] () -- C:\d43skj.dll
[2011/04/17 10:46:02 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/17 10:46:02 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/03/12 12:36:01 | 000,011,548 | -HS- | C] () -- C:\Documents and Settings\RT\Local Settings\Application Data\2248756156
[2011/03/12 12:36:01 | 000,011,548 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\2248756156
[2011/03/12 09:03:19 | 000,011,536 | -HS- | C] () -- C:\Documents and Settings\RT\Local Settings\Application Data\2874366441
[2011/03/11 09:14:06 | 000,011,536 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\2874366441
[2011/02/05 17:13:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/26 05:35:15 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/09 01:18:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/09 20:25:17 | 000,084,316 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/24 02:44:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/20 22:32:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\RT\Application Data\inst.exe
[2008/02/20 22:32:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\RT\Application Data\pcouffin.cat
[2008/02/20 22:32:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\RT\Application Data\pcouffin.inf
[2008/02/20 18:46:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/19 18:00:55 | 000,035,327 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2007/12/04 15:06:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2007/10/02 19:46:08 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\RT\Local Settings\Application Data\fusioncache.dat
[2007/10/02 19:18:11 | 000,187,392 | ---- | C] () -- C:\Documents and Settings\RT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/07 14:32:09 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/07 13:54:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2007/09/07 13:54:04 | 000,000,248 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/09/05 17:37:24 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2007/09/05 17:37:24 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2007/09/05 17:37:23 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMANT.DLL
[2007/09/04 20:54:44 | 000,001,734 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/30 15:01:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UninstallBeetle.exe
[2006/07/03 18:37:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/05/07 23:28:36 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2005/11/28 18:23:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 18:16:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/12 20:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/10 23:21:20 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2005/10/23 13:28:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2005/09/24 13:08:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/09/03 02:38:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/09/02 18:50:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/02 18:18:30 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2005/09/02 18:18:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2005/09/02 18:11:49 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/02 18:04:18 | 000,031,743 | ---- | C] () -- C:\WINDOWS\System32\fxcode.dat
[2005/08/30 18:29:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/30 16:05:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 16:00:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/30 08:48:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 08:47:42 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/02 15:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/02/28 14:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/12/19 04:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/04/04 13:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,831,162 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,224,790 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/09/02 23:10:48 | 000,008,628 | -H-- | C] () -- C:\Program Files\AppleWin.GID
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/30 16:02:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[1999/09/02 23:10:48 | 000,008,628 | -H-- | M] () -- C:\Program Files\AppleWin.GID

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/19 16:48:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/09/04 20:18:23 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\RT\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/09/04 20:18:23 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/01/10 17:48:17 | 013,312,568 | ---- | M] (Fengtao Software Inc. ) -- C:\Documents and Settings\RT\Desktop\DVDFab6218.exe
[2010/05/23 10:09:00 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\RT\Desktop\FixBlast.exe
[2008/06/02 04:49:40 | 000,904,912 | ---- | M] () -- C:\Documents and Settings\RT\Desktop\Google Updater.exe
[2011/04/14 10:14:02 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\RT\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 11:08:52 | 001,780,900 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\RT\Desktop\mseinstall.exe
[59 C:\Documents and Settings\RT\Desktop\*.tmp files -> C:\Documents and Settings\RT\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 16:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/07/22 01:10:27 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/07/22 01:10:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/07/22 01:10:30 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/07/22 01:10:31 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/04 20:18:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\RT\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/05 19:34:11 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/11/05 19:34:11 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 08:46:56 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 08:46:56 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 08:46:56 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/23 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/11 13:15:08 | 000,009,919 | ---- | M] (AOpen Inc.) -- C:\WINDOWS\system32\AONMDI.SYS
[2003/12/19 04:00:00 | 000,013,387 | ---- | M] () -- C:\WINDOWS\system32\CinemSup.sys
[2001/08/23 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/23 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/23 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 00:46:54 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/23 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/23 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/23 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/23 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/23 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PfModNT.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2005/08/05 13:16:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/20 23:00:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/08/05 13:16:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/23 23:49:12 | 000,000,002 | ---- | M] () -- C:\d43skj.dll
[2008/02/22 02:37:23 | 000,000,051 | ---- | M] () -- C:\DVDPATH.TXT
[2011/04/23 12:12:04 | 000,000,538 | ---- | M] () -- C:\gggg.txt
[2005/08/05 13:16:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/29 00:18:42 | 000,002,144 | -H-- | M] () -- C:\IPH.PH
[2011/05/01 18:11:39 | 000,022,132 | ---- | M] () -- C:\JavaRa.log
[2007/09/07 14:27:04 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2005/08/05 13:16:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/18 14:46:52 | 000,108,336 | ---- | M] (Microsoft Corporation) -- C:\MSWINSCK.OCX
[2005/08/31 18:58:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/19 16:34:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/01 20:33:05 | 549,453,824 | -HS- | M] () -- C:\pagefile.sys
[2009/02/23 21:06:01 | 000,001,042 | ---- | M] () -- C:\players.txt
[2011/04/23 12:16:16 | 000,000,000 | ---- | M] () -- C:\ResUser.txt
[2010/03/20 14:14:02 | 000,000,365 | ---- | M] () -- C:\rkill.log
[2008/09/09 14:44:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/09 14:46:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/09/09 14:47:20 | 000,000,292 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/09/09 14:49:57 | 000,000,304 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/09/09 14:53:03 | 000,000,292 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/11/20 03:13:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/11/20 03:13:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/28 23:21:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/09/09 14:44:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/09/09 14:46:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/09/09 14:47:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/09/09 14:49:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/09/09 14:53:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/11/20 03:13:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/11/20 03:13:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/28 23:21:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/18 14:46:56 | 000,688,120 | ---- | M] (VaxSoft [www.vaxvoip.com]) -- C:\VaxSIPUserAgentOCX.ocx
[2011/04/23 12:12:04 | 000,000,000 | ---- | M] () -- C:\y.txt
[2007/09/05 01:05:32 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2011/05/01 20:15:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/01/25 22:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/02/24 19:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2005/11/28 18:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2005/09/03 02:28:01 | 000,000,000 | ---D | M] -- C:\Program Files\AOpen
[2007/09/04 22:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\apple
[2008/11/20 04:01:54 | 000,000,000 | ---D | M] -- C:\Program Files\BitZipper
[2010/02/11 04:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/11/02 11:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/05 13:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/09/02 18:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/09/02 16:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/09/02 18:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/02/27 17:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Drop Down Deals
[2008/02/20 19:54:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2008/02/20 15:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/01/10 17:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab 6
[2010/08/14 20:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab 7
[2009/12/26 06:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/09/03 14:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/12/26 06:04:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/11/12 20:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/12/16 22:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/11/27 19:19:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/01/18 19:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/05/01 18:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/26 06:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/04/24 10:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/19 17:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/01/05 02:52:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2005/09/02 18:49:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/05/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2007/09/09 03:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/08/05 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/02 18:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/23 19:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2005/09/02 18:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/11/21 17:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/09/02 18:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 03:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/03/08 19:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 03:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/08/05 13:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/05 13:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/10/10 20:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearchWB
[2008/11/19 16:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/05/01 18:00:18 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2005/09/02 18:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2010/12/16 22:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/04/10 21:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\PassAlong
[2007/09/03 17:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2006/01/18 19:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/06/25 10:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/15 03:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/09/05 02:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2005/09/03 11:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2005/09/02 18:27:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Imaging
[2009/12/26 17:06:13 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/11/02 11:33:21 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2007/09/03 18:24:37 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/19 14:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2005/09/24 12:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/05/01 19:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/10/01 01:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2006/01/14 22:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Trymedia
[2005/08/05 13:21:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/11 04:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2010/01/05 02:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/05 02:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/09/07 00:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/24 02:44:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/19 16:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/30 17:22:18 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/02/23 19:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2010/07/19 12:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2005/08/05 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/01/21 00:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/08/30 08:48:13 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\RT\Application Data\desktop.ini
[2011/03/27 21:27:38 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\RT\Application Data\e70gffJ4.txBf6I14A1bfFH.txt
[2010/01/10 17:52:20 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\inst.exe
[2011/04/02 11:03:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\RT\Application Data\Jbi8JgF1.txFe28f1gff1eg.txt
[2010/01/10 17:52:20 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\pcouffin.cat
[2010/01/10 17:52:20 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\pcouffin.inf
[2010/01/10 17:52:31 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\RT\Application Data\pcouffin.log
[2010/01/10 17:52:20 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\RT\Application Data\pcouffin.sys
[2011/03/27 13:38:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\RT\Application Data\sE6Eff10.txef28K1segE0G.txt
[2 C:\Documents and Settings\RT\Application Data\*.tmp files -> C:\Documents and Settings\RT\Application Data\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2005/08/31 18:54:50 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/11/19 16:24:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-17 03:34:52

< End of report >













Extras.Txt



OTL Extras logfile created on: 5/1/2011 8:27:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\RT\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 30.00% Memory free
911.00 Mb Paging File | 314.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 18.66 Gb Free Space | 33.39% Space Free | Partition Type: NTFS
Drive D: | 74.47 Gb Total Space | 27.52 Gb Free Space | 36.96% Space Free | Partition Type: NTFS

Computer Name: SCHOOL_TIME | User Name: RT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Disabled:Warcraft 3
"6112:UDP" = 6112:UDP:*:Disabled:Warcraft 3 Also
"6113:TCP" = 6113:TCP:*:Disabled:WAR Port 6113

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOpen\Multimedia Utilities\LIVEUPD.EXE" = C:\Program Files\AOpen\Multimedia Utilities\LIVEUPD.EXE:*:Enabled:AOpen Display Driver LiveUpdate Wizard -- (AOpen Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1133220209\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133220209\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1133220209\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1133220209\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\Speed\Speed.exe" = C:\Program Files\Speed\Speed.exe:*:Enabled:Speed
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Atari-Infogrames\Monopoly Tycoon\mc.exe" = C:\Program Files\Atari-Infogrames\Monopoly Tycoon\mc.exe:*:Enabled:Monopoly Tycoon
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Yahoo! Games\Tradewinds\tradewinds.exe" = C:\Program Files\Yahoo! Games\Tradewinds\tradewinds.exe:*:Enabled:tradewinds
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\XBC\XBC_NS.exe" = C:\Program Files\XBC\XBC_NS.exe:*:Enabled:XBConnect
"C:\Program Files\XBC\AppUpdater.exe" = C:\Program Files\XBC\AppUpdater.exe:*:Enabled:XBC 5.1
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\War3.exe" = C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Documents and Settings\RT\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\RT\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"BitZipper_is1" = BitZipper 5.1
"CCleaner" = CCleaner
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft" = Starcraft
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2011 9:55:12 AM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2011 10:46:13 AM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 5/1/2011 5:31:26 PM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 5/1/2011 5:31:29 PM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 5/1/2011 8:05:14 PM | Computer Name = SCHOOL_TIME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/1/2011 8:06:49 PM | Computer Name = SCHOOL_TIME | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.4.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 5/1/2011 8:14:56 PM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 5/1/2011 8:14:58 PM | Computer Name = SCHOOL_TIME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2011 8:31:23 PM | Computer Name = SCHOOL_TIME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/1/2011 8:51:26 PM | Computer Name = SCHOOL_TIME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 5/1/2011 6:33:13 AM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 5/1/2011 7:22:59 AM | Computer Name = SCHOOL_TIME | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: Unknown Action: %%808 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.103.780.0, AS: 1.103.780.0, NIS: 0.0.0.0

Engine
Version: AM: 1.1.6802.0, NIS: 0.0.0.0

Error - 5/1/2011 11:33:17 AM | Computer Name = SCHOOL_TIME | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 5/1/2011 11:33:20 AM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 5/1/2011 11:33:20 AM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 5/1/2011 8:02:10 PM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 5/1/2011 8:02:11 PM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 5/1/2011 8:02:46 PM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 5/1/2011 8:03:04 PM | Computer Name = SCHOOL_TIME | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 5/1/2011 8:51:09 PM | Computer Name = SCHOOL_TIME | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.780.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

Hi there funlovinguy2424 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!

====================

The main problem for your computer slowness is having two antivirus programs installed (Symantec Antivirus and Microsoft Security Essentials). They just get in each others ways. You should make your choice, keep one and uninstall the other one ASAP (I would keep the MSE and uninstall Symantec, but keeping Symantec and uninstalling MSE is fine as well).

====================

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:files
C:\d43skj.dll
C:\Documents and Settings\RT\Local Settings\Application Data\2248756156
C:\Documents and Settings\All Users.WINDOWS\Application Data\2248756156
C:\Documents and Settings\RT\Local Settings\Application Data\2874366441
C:\Documents and Settings\All Users.WINDOWS\Application Data\2874366441
C:\Documents and Settings\RT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\RT\Application Data\sE6Eff10.txef28K1segE0G.txt
C:\Documents and Settings\RT\Application Data\e70gffJ4.txBf6I14A1bfFH.txt

:commands
[reboot]

• Then click the Run Fix button at the top.
  
• Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  
• If it asks to reboot the computer, allow it to reboot.
  
• If the program freezes, and the computer fails to reboot - let me know.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

First, try disabling the security software you are running (antivirus, firewall). Please check out this to find out how to temporarily disable any security software.

====================

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

• Double click the file to run the tool. It may take a while to load.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  
• In the right panel, you will see several boxes that have been checked
  
• Make sure this is unchecked: Show All
  
• Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  
• Click Scan to start the scan
  
• When it has finished, click Save and save the log as gmer.txt on your desktop
  
• If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  
• Click OK and quit the GMER program.
  
• Please post the contents of gmer.txt in your next reply.

I think this is the right thing to post.

Also ive noticed jusched.exe always crashes



========== FILES ==========
C:\d43skj.dll moved successfully.
C:\Documents and Settings\RT\Local Settings\Application Data\2248756156 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\2248756156 moved successfully.
C:\Documents and Settings\RT\Local Settings\Application Data\2874366441 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\2874366441 moved successfully.
C:\Documents and Settings\RT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\RT\Application Data\sE6Eff10.txef28K1segE0G.txt moved successfully.
C:\Documents and Settings\RT\Application Data\e70gffJ4.txBf6I14A1bfFH.txt moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05022011_191601







GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-03 00:48:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD600BB-75CAA0 rev.16.06V16
Running: t9r3n8qw.exe; Driver: C:\DOCUME~1\RT\LOCALS~1\Temp\uwlorpog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0092000C
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F0000A
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00F1000A
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E1000A
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[2832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[2832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[2832] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2412] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3524] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8575339B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8575339B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8575339B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-18 8575339B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-20 8575339B
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AF0EBD20
Device AF103631

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD600BB-75CAA0______________________16.06V16#4457572d414d4638353135383231_034_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

You have a severe infection in your MBR.

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan
  
• If all goes well, it should find a TDL4 infection.
  
• Click the Fix button
  
• Reboot your computer
  
• Repeat the scan with aswMBR and after the scan click Save log
  
• Post the contents of that log in your next reply, please.

What is my MBR?

Always i notice explorer.exe crashes too

Also should i be doing all of this on my d drive as well? I notice it has the hidden recycler file in it as well



aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-03 01:30:11
-----------------------------
01:30:11.437 OS Version: Windows 5.1.2600 Service Pack 3
01:30:11.453 Number of processors: 1 586 0x207
01:30:11.453 ComputerName: SCHOOL_TIME UserName: RT
01:30:11.906 Initialize success
01:30:16.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:30:16.859 Disk 0 Vendor: WDC_WD600BB-75CAA0 16.06V16 Size: 57220MB BusType: 3
01:30:16.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
01:30:16.859 Disk 1 Vendor: WDC_WD800BB-75CAA0 16.06V16 Size: 76293MB BusType: 3
01:30:18.906 Disk 0 MBR read successfully
01:30:18.906 Disk 0 MBR scan
01:30:18.906 Disk 0 Windows XP default MBR code
01:30:20.906 Disk 0 scanning sectors +117162045
01:30:20.921 Disk 0 scanning C:\WINDOWS\system32\drivers
01:30:32.375 Service scanning
01:30:33.734 Disk 0 trace - called modules:
01:30:33.750 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
01:30:33.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8577aab8]
01:30:33.750 3 CLASSPNP.SYS[f74edfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x857dc700]
01:30:34.281 Scan finished successfully
01:30:41.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\RT\Desktop\MBR.dat"
01:30:41.078 The log file has been saved successfully to "C:\Documents and Settings\RT\Desktop\aswMBR.txt"

MBR= Master Boot Record

A vital part of your harddisk, providing the very first actions your computer should execute when it boots. In this case, the computer was executing bad stuffs, but it seems that we have repaired it.

We don´t need to repair your D, because only your system disk has a relevant MBR.

OK, we appear to have killed a serious infection, please repeat the GMER scan (t9r3n8qw.exe) and post the log.

====================

jusched.exe is a part of Java.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them

After doing this, you can go to java.com, click on Free Java Download and proceed from there to re-install the latest version of Java (currently Version 6 Update 25).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

So what should I do with my D drive? It does store a lot of stuff on it, or at least some stuff.....




GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-03 08:33:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600BB-75CAA0 rev.16.06V16
Running: t9r3n8qw.exe; Driver: C:\DOCUME~1\RT\LOCALS~1\Temp\uwlorpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\RT\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\RT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3936] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device EBFBFD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I don´t think you need to worry about your D:

Malware typically attacks your system disk only.



I see you have malwarebytes installed. Can you run it, update it, run a quick scan and post the log?



How is your computer running now? We killed a serious infection and if you uninstalled one of your two antivirus, you should be a whole lot better now.

It does seem to be running better.

But what about the recycler, for my flash drives and digi cam, and

the windows security alerts, is that a legit program?





Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/3/2011 7:37:43 PM
mbam-log-2011-05-03 (19-37-43).txt

Scan type: Quick scan
Objects scanned: 214334
Time elapsed: 38 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Well, that looks pretty clean!

The recycler directory is a hidden system directory.
If you worry about your removable drives (USB flash drives, digital camaras etc) you can immunize them.

====================

Please download Flash_Disinfector by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run the tool
  
• When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  
• Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  
• Click OK to start the disinfection process
  
• Repeat running Flash_Disinfector.exe for every flash drive you wish to immunize.
  
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================

The windows security alert is probably legal. Can you post screenshot? What is it saying?

Will the flash disenfector fix the problem, or only prevent something further from happening?

I have also noticed that if i walk away from my computer, when i come back most of the time it is frozen and i have to restart it. What could cause this?

Any recommendations on start processes to turn off as well?

Here is the screenshot


https://i.servimg.com/u/f25/16/45/58/50/window11.jpg

The danger of removable drives is a file named autorun.inf. This is automatically executed upon inserting of the drive. This is an easy way of distributing malware (worms, especially).

Flash disinfector will configure your computer to not automatically execute autorun.inf instructions.

Also it will create a hidden read-only folder with the name autorun.inf on your removable drives, so if malware tries to save a malicious autorun.inf to that drive, it will likely fail and the flash drive is not infected.

Frozen computers can be caused by many things, maybe the malware has damaged a system file or two.

start processes: I would recommend to just start you computer, use task manager to see what processes are running, use google to find out if they are useful and use google again to find out how to disable them in case they are not.

The warning message is legit. You have automatic updates turned off, which is a bad idea.

====================

You have some outdated Java on your computer, which is a security risk.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 25

After this, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You do not have the latest version of Mozilla Firefox installed. Browsers are the prime target of malware writers. Having Firefox updated is important, because it will have less security holes than any previous version. I recommend you upgrade to version 4.0.1 which can be downloaded here.

====================

Anything else I can do for you?

I deleted the java before like you said, the only one showing up in my control panel for add/remove programs is the java (tm) 6 update 25

I updated mozilla to the most recent version, perhaps i have other things in my control panel, add/remove programs that are causing a problem?

For the windows security update it is not allowing me to turn on the automatic updates. It says it cannot turn them on and directs me to the control panel > system to change the settings. When i go here i cannot change them either.

When i try to goto the website for windows updates i get [Error number: 0x80070424]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.


Also i still have all these transparent files all over my computer, do i dlete them or?

About the windows update error problem: google the error message and you will find a host of information, for example:
http://support.microsoft.com/kb/968002
See if that works out for you.

These transparent files are hidden files that were hidden by the rogue we just killed. Possibly also your start menu is empty now. Fortunately, we have a tool for everything

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
  
• If this tool doesn´t fix the problem, please let me know.

Well now i have a ton of files that seem to be some kind of weird duplicate of files i already have in folders throughout my computer, but the files have like $ signs or ~ in place of the first letter.

I am very confused what these are, are they duplicates? or did my files get split?

When i try to open, or sometimes close these files now it says

Word cannot start the converter mswrd632.wpc.

This message can appear if:
The converter was not properly registered.
The converter was inadvertently deleted without removing the registry information.
The converter support files are corrupt.
The converter installation was removed and the uninstall tool did not finish clearing the registry settings.
The hard disk is damaged where the converter files were stored.
Usually, reinstalling the converter will overcome this problem. If the converter reports that it is already installed, first uninstall it so the setup program can remove the files and registry settings.
If removing and reinstalling the converter is not successful, there may be a conflict for a resource on the computer (for example an executable file that is needed to properly register the converters on the computer has failed or stopped running). In this case, it is best to turn off the computer and start over.
More information about this error message online.




Here is what is popping up for the windows security alerts

https://i.servimg.com/u/f25/16/45/58/50/sec_ce10.jpg

https://i.servimg.com/u/f25/16/45/58/50/sec_ce11.jpg

Alot of these files with the ~$ that share the rest of the other files name appear to be much smaller than the original file.

I dont know if its ok to delete them, or if they are linked somehow

All those files that are small and have weird names are temporary files. They can be deleted.

On the windows update problem, try the following.

Open Notepad and create a file with the following contents:

@echo off
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuwebv.dll
regsvr32 /s wucltux.dll
regsvr32 /s wudriver.dll

• Save it as "fix.bat" (include the quotes) on your desktop.
  
• Double click it to run. A black DOS windows will open and close - this is normal.
  
• If this went well, delete fix.bat and restart your computer.

Hopefully this makes a difference.

That worked gabethebabe! Thank you so much! you have been of great help!

Any other recommendations for me?

Jay we rock

My recommendations:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

So do you reccommend i get these firewalls and antiviruss over the windows security essentials and what i already have?

Well things were working well, until just recently My computer got incredible slow, and so did my browsers...google chrome. Everything is just so super slow even upon immediate startup

Please download OTL by OldTimer from here and save it to your desktop.

• Close all windows and double click OTL.exe.
  
• The Extra Registry setting should be Use Safelist
  
• Copy and paste the following text into the Custom Scans/Fixes box:

• Click the Run Scan button and allow it to run.
  
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  
• You may need multiple posts to get it all.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.