1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

spybot blocked, windows redirect, windows and adaware update blocked

Discussion in 'Virus & Other Malware Removal' started by buddy510, Apr 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    A couple of concerns that I have are: unable to update windows... "The page cannot be displayed because server it resides on does not respond", uninstalled Spybot and tried to reinstall without success and received ..."Error sending request. The server name or address could not be resolved", Adaware will not update also..."connection error Check your settings errorcode: -1. Malwarebyte's anti-malware will also not update.

    Google search on internet explorer will redirect to another site when selected.

    HJT log follows...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:23:43 AM, on 4/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Utilities\SYSDOC32.EXE
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\DOCUME~1\Barry\LOCALS~1\Temp\Bfr.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eastlink.ca/index.html?region=NS
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: VPN-OEM Extension - {89044184-F260-4FDD-8FAB-2662814846E5} - C:\WINDOWS\System32\msnwinnet.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: TChkBHO Class - {EF3FA1F1-05F2-4639-92A2-2351228BFB1B} - C:\WINDOWS\SYSTEM32\assjwug.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\Barry\LOCALS~1\Temp\Bfr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/229?7313fd9b99c4d1da9203beb7e3ee65b
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/230?7313fd9b99c4d1da9203beb7e3ee65b
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212612801343
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}: NameServer = 93.188.164.100,93.188.161.155
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.100,93.188.161.155
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.100,93.188.161.155
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.100,93.188.161.155
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

    --
    End of file - 12176 bytes



    Have aliens invaded my computer?
    Thanks for your assistance.

    Buddy
     
  2. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    Also.. found numerous sites that were not visited in the IE history and sites that I did visit were not there???? WTF?

    Buddy
     
  3. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hello there :cool:
    My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


    Please note the following:
    • The fixes are specific to your problem and should only be used on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
    • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.



    Step 1

    Download OTS to your Desktop

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Basic Scans please change the radio button under Registry from Safe List to All.
    • Under Additional Scans check the following:
      • Reg - Desktop Components
      • Reg - Disabled MS Config Items
      • Reg - NetSvcs
      • Reg - Shell Spawning
      • Reg - Uninstall List
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EvtViewer (last 10)
    • Please paste the contents of the following codebox into the Custom Scans box at the bottom
    Code:
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

    Step 2

    [​IMG] GMER Rootkit Scanner
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable your security programs when done.


    If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

    If you continue to have trouble with it, try running it without the "Files" scan checked.
     
  4. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    Code:
    OTS logfile created on: 4/25/2010 10:50:41 PM - Run 1
    OTS by OldTimer - Version 3.1.30.0     Folder = C:\Documents and Settings\Barry\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    767.00 Mb Total Physical Memory | 286.00 Mb Available Physical Memory | 37.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 18.35 Gb Free Space | 49.30% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 931.28 Gb Total Space | 608.52 Gb Free Space | 65.34% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive Z: | 74.52 Gb Total Space | 52.48 Gb Free Space | 70.42% Space Free | Partition Type: NTFS
     
    Computer Name: OFFICE
    Current User Name: Barry
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Barry\Desktop\OTS.exe -> [2010/04/25 22:28:31 | 000,639,488 | ---- | M] (OldTimer Tools)
    bfr.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\Bfr.exe -> [2010/04/04 12:01:58 | 000,173,568 | ---- | M] ()
    aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft)
    aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/02/04 11:52:57 | 000,814,160 | ---- | M] (Lavasoft)
    mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.)
    qttask.exe -> C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe -> [2009/11/02 13:34:10 | 000,413,696 | ---- | M] (Apple Inc.)
    mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/04/17 18:20:30 | 000,797,864 | ---- | M] (McAfee, Inc.)
    mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/04/17 18:20:30 | 000,645,328 | ---- | M] (McAfee, Inc.)
    mcsvrcnt.exe -> C:\Program Files\McAfee\MSC\mcsvrcnt.exe -> [2009/04/17 18:20:30 | 000,262,168 | ---- | M] (McAfee, Inc.)
    mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.)
    mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.)
    mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.)
    realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/02/05 09:03:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.)
    mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.)
    msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe -> [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.)
    mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    wmp54gv4.exe -> C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> [2005/11/16 06:49:44 | 005,238,272 | ---- | M] (Linksys)
    wlservice.exe -> C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS)
    mm_tray.exe -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> [2002/10/31 12:57:56 | 000,090,112 | ---- | M] (MUSICMATCH, Inc.)
    directcd.exe -> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio)
    nopdb.exe -> C:\Program Files\Speed Disk\NOPDB.EXE -> [2002/01/30 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation)
    devldr32.exe -> C:\WINDOWS\SYSTEM32\devldr32.exe -> [2001/08/31 14:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.)
    nprotect.exe -> C:\Program Files\Norton Utilities\NPROTECT.EXE -> [2001/08/10 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation)
    sysdoc32.exe -> C:\Program Files\Norton Utilities\SYSDOC32.EXE -> [2001/08/10 06:00:00 | 000,024,614 | ---- | M] (Symantec Corporation)
    sagent2.exe -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION)
    wkcalrem.exe -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe -> [2001/08/07 18:06:54 | 000,024,633 | ---- | M] (Microsoft® Corporation)
     
    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\Barry\Desktop\OTS.exe -> [2010/04/25 22:28:31 | 000,639,488 | ---- | M] (OldTimer Tools)
     
    [Win32 Services - Safe List]
    (WMP54Gv4SVC) WMP54Gv4SVC [Auto | Running] ->  -> File not found
    (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft)
    (McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.)
    (mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/04/17 18:20:30 | 000,797,864 | ---- | M] (McAfee, Inc.)
    (McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/04/01 14:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.)
    (McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.)
    (McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.)
    (MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.)
    (MBackMonitor) MBackMonitor [On_Demand | Stopped] -> C:\Program Files\McAfee\MBK\MBackMonitor.exe -> [2009/01/09 13:05:26 | 000,068,112 | ---- | M] (McAfee)
    (McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.)
    (MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.)
    (McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.)
    (NMSSvc) Intel(R) NMS [On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\NMSSvc.Exe -> [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation)
    (Speed Disk service) Speed Disk service [Auto | Running] -> C:\Program Files\Speed Disk\NOPDB.EXE -> [2002/01/30 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation)
    (NProtectService) Norton Unerase Protection [Auto | Running] -> C:\Program Files\Norton Utilities\NPROTECT.EXE -> [2001/08/10 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation)
    (EPSONStatusAgent2) EPSON Printer Status Agent2 [Auto | Running] -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION)
     
    [Driver Services - Safe List]
    (Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB)
    (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -> [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.)
    (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -> [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.)
    (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -> [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.)
    (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -> [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.)
    (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -> [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.)
    (MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -> [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.)
    (scsiscan) SCSI Scanner Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\scsiscan.sys -> [2008/04/13 14:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation)
    (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -> [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation)
    (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
    (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
    (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2006/01/31 14:35:34 | 000,123,248 | ---- | M] (Symantec Corporation)
    (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -> [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.)
    (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\bcm42rly.sys -> [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation)
    (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -> [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation)
    (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -> [2002/10/31 13:02:20 | 000,028,164 | ---- | M] (MusicMatch, Inc.)
    (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -> [2002/09/10 21:44:38 | 000,059,440 | ---- | M] (Roxio)
    (Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -> [2002/09/10 21:44:38 | 000,023,724 | ---- | M] (Roxio)
    (dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -> [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio)
    (mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -> [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio)
    (pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -> [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio)
    (cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -> [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio)
    (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -> [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio)
    (NMSCFG) NIC Management Service Configuration Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -> [2002/02/27 10:57:52 | 000,009,868 | ---- | M] (Intel Corporation)
    (NPDriver) Norton Unerase Protection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS -> [2002/02/05 06:03:00 | 000,034,578 | ---- | M] (Symantec Corporation)
    (emu10k) Creative SB Live! Value (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -> [2001/09/13 19:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.)
    (sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -> [2001/08/31 14:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.)
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
    (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic)
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic)
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic)
    (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
    (hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -> [2001/08/17 14:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.)
    (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
    (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
    (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
    (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
    (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
    (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
    (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
    (msgame) Sidewinder HID to Joystick Port Enabler [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\msgame.sys -> [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation)
    (nv4) nv4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -> [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation)
    (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS -> [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation)
    (ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -> [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.)
    (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -> [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation)
    (Eplpdx02) Eplpdx02 [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -> [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.)
    (emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -> [2001/07/11 12:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.)
    (PfModNT) PfModNT [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\PfModNT.sys -> [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.)
    (ONSIO) ONSIO [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\onsio.sys -> [1998/09/14 08:41:14 | 000,285,216 | ---- | M] ()
    (SMPLSCSI) SMPLSCSI [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\drivers\SMPLSCSI.SYS -> [1998/08/01 12:00:44 | 000,060,928 | ---- | M] (OnSpec Electronic, Inc.)
    (ASPI32) ASPI32 [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -> [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec)
     
    [Registry - All]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dellnet.com -> 
    HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dellnet.com -> 
    HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dellnet.com -> 
    HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dellnet.com -> 
    HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: Main\\"Start Page" -> http://home.eastlink.ca/index.html?region=NS -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\SYSTEM32\ieframe.dll [Microsoft Url Search Hook] -> [2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\: "ProxyEnable" -> 0 -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Barry\Application Data\Mozilla\FireFox\Profiles\05zlbu38.default\prefs.js -> 
    browser.startup.homepage -> "https://www.ble.ac.uk/webapps/portal/frameset.jsp" ->
    network.proxy.no_proxies_on -> "*.local" ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/02 12:00:43 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/25 15:34:25 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/04/21 08:32:43 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/20 17:11:11 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/20 17:11:11 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\05zlbu38.default\extensions -> [2009/11/27 10:23:39 | 000,000,000 | ---D | M]
    BitComet Video Downloader   -> C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\05zlbu38.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} -> [2009/10/20 17:11:15 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\05zlbu38.default\extensions\staged-xpis -> [2009/11/27 10:23:39 | 000,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     siteadvisor.xml -> C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\05zlbu38.default\searchplugins\siteadvisor.xml -> [2008/03/18 14:35:01 | 000,002,386 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/13 17:05:07 | 000,000,000 | ---D | M]
    Firefox (default)   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/07/08 10:05:59 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> [2009/05/18 16:48:45 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -> [2008/10/29 15:45:44 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/02/25 15:34:57 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/04/01 10:36:19 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/08/18 10:33:09 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -> [2010/03/13 17:05:08 | 000,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2008/03/31 22:09:27 | 000,000,000 | ---D | M]
    < HOSTS File > ([2001/08/18 08:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS -> 
    Reset Hosts
    127.0.0.1       localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> Reg Error: Key error. [Adobe PDF Reader Link Helper] -> File not found
    {27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 000,246,800 | ---- | M] ()
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [BitComet Helper] -> [2010/01/28 04:55:08 | 000,671,480 | ---- | M] (BitComet)
    {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 11:05:56 | 000,062,784 | ---- | M] (McAfee, Inc.)
    {89044184-F260-4FDD-8FAB-2662814846E5} [HKLM] -> C:\WINDOWS\SYSTEM32\msnwinnet.dll [VPN-OEM Extension] -> [2002/08/29 06:41:00 | 000,794,624 | ---- | M] ()
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll [MSN Search Toolbar Helper] -> [2005/06/15 19:02:08 | 000,577,232 | ---- | M] (Microsoft Corporation)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
    {EF3FA1F1-05F2-4639-92A2-2351228BFB1B} [HKLM] -> C:\WINDOWS\SYSTEM32\assjwug.dll [TChkBHO Class] -> [2001/12/31 20:00:00 | 000,131,072 | ---- | M] ()
    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 06:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
    "{ACB1E670-3217-45C4-A021-6B829A8A27CB}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll [MSN Search Toolbar] -> [2005/06/15 19:02:08 | 000,577,232 | ---- | M] (Microsoft Corporation)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    ShellBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll [MSN Search Toolbar] -> [2005/06/15 19:02:08 | 000,577,232 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\SYSTEM32\browseui.dll [&Address] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\SYSTEM32\shell32.dll [&Links] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll [MSN Search Toolbar] -> [2005/06/15 19:02:08 | 000,577,232 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "AdaptecDirectCD" -> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio)
    "AHQInit" -> C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE [C:\Program Files\Creative\SBLive\Program\AHQInit.exe] -> [2001/03/28 02:00:00 | 000,102,400 | ---- | M] (Creative Technology Ltd)
    "Ink Monitor" -> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe] -> [2001/12/07 05:48:34 | 000,258,118 | ---- | M] (BillP Studios)
    "iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/02/04 14:18:40 | 000,267,048 | ---- | M] (Apple Inc.)
    "KernelFaultCheck" ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
    "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/04/17 18:20:30 | 000,645,328 | ---- | M] (McAfee, Inc.)
    "McENUI" -> C:\Program Files\McAfee\MHN\McENUI.exe [C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> [2009/01/09 14:41:12 | 001,176,808 | ---- | M] (McAfee, Inc.)
    "Microsoft Works Update Detection" -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> [2001/08/16 23:41:58 | 000,028,738 | ---- | M] (Microsoft® Corporation)
    "MMTray" -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe] -> [2002/10/31 12:57:56 | 000,090,112 | ---- | M] (MUSICMATCH, Inc.)
    "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2003/10/06 14:16:00 | 005,058,560 | ---- | M] (NVIDIA Corporation)
    "nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2003/10/06 14:16:00 | 000,741,376 | ---- | M] (NVIDIA Corporation)
    "QuickTime Task" -> C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe ["C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime] -> [2009/11/02 13:34:10 | 000,413,696 | ---- | M] (Apple Inc.)
    "SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
    "TkBellExe" -> C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe ["C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe"  -osboot] -> File not found
    "UpdReg" -> C:\WINDOWS\Updreg.exe [C:\WINDOWS\Updreg.exe] -> [2000/05/11 02:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
    < Run [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "ctfmon.exe" -> C:\WINDOWS\SYSTEM32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2008/04/13 20:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
    "YVIBBBHA8C" -> C:\Documents and Settings\Barry\Local Settings\Temp\Bfr.exe [C:\DOCUME~1\Barry\LOCALS~1\Temp\Bfr.exe] -> [2010/04/04 12:01:58 | 000,173,568 | ---- | M] ()
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk -> C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE -> [2001/08/22 22:09:00 | 000,135,680 | ---- | M] (SEIKO EPSON CORPORATION)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe -> [2001/08/07 18:06:54 | 000,024,633 | ---- | M] (Microsoft® Corporation)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk -> C:\Program Files\Norton Utilities\SYSDOC32.EXE -> [2001/08/10 06:00:00 | 000,024,614 | ---- | M] (Symantec Corporation)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk -> C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe -> [2005/09/20 17:10:04 | 000,238,080 | ---- | M] (Microsoft Corporation)
    < Barry Startup Folder > -> C:\Documents and Settings\Barry\Start Menu\Programs\Startup -> 
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
    < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [227] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    \\"DisableRegistryTools" ->  [0] -> File not found
    \\"HideLegacyLogonScripts" ->  [0] -> File not found
    \\"HideLogoffScripts" ->  [0] -> File not found
    \\"RunLogonScriptSync" ->  [1] -> File not found
    \\"RunStartupScriptSync" ->  [0] -> File not found
    \\"HideStartupScripts" ->  [0] -> File not found
    \\"EnableLUA" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"CDRAutoRun" ->  [0] -> File not found
    \\"NoDriveTypeAutoRun" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"CDRAutoRun" ->  [0] -> File not found
    \\"NoDriveTypeAutoRun" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"" ->  [] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"HideLegacyLogonScripts" ->  [0] -> File not found
    \\"HideLogoffScripts" ->  [0] -> File not found
    \\"HideStartupScripts" ->  [0] -> File not found
    \\"RunLogonScriptSync" ->  [1] -> File not found
    \\"RunStartupScriptSync" ->  [0] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/01/06 10:06:24 | 010,352,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/01/06 10:06:24 | 010,352,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    &MSN Search -> C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll [res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm] -> [2005/06/15 19:02:08 | 000,577,232 | ---- | M] (Microsoft Corporation)
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/01/06 10:06:24 | 010,352,976 | ---- | M] (Microsoft Corporation)
    Open in new background tab -> C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll [res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/229?7313fd9b99c4d1da9203beb7e3ee65b] -> [2005/09/20 18:17:18 | 000,131,072 | ---- | M] (Microsoft Corporation)
    Open in new foreground tab -> C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll [res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/230?7313fd9b99c4d1da9203beb7e3ee65b] -> [2005/09/20 18:17:18 | 000,131,072 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}:{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKLM] -> C:\WINDOWS\SYSTEM32\shdocvw.dll [Button: Real.com] -> [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [Button: BitComet] -> [2010/01/28 04:55:08 | 000,671,480 | ---- | M] (BitComet)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 000,947,472 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> C:\WINDOWS\SYSTEM32\shdocvw.dll [Real.com] -> [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 000,947,472 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> C:\WINDOWS\SYSTEM32\shdocvw.dll [Real.com] -> [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 000,947,472 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> C:\WINDOWS\SYSTEM32\shdocvw.dll [Real.com] -> [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4942 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\] > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {00000075-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB [Reg Error: Key error.] -> 
    {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab [Reg Error: Key error.] -> 
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212612801343 [MUWebControl Class] -> 
    {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37558.4998726852 [Reg Error: Key error.] -> 
    {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
    Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 24.222.0.94 24.222.0.95 -> 
    NameServer -> 93.188.164.100,93.188.161.155 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}\\DhcpNameServer -> 24.222.0.94 24.222.0.95   (Linksys Wireless-G PCI Adapter) -> 
    {ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}\\NameServer -> 93.188.164.100,93.188.161.155   (Linksys Wireless-G PCI Adapter) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\SYSTEM32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
    logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 20:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 20:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 20:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation)
    cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 20:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
    cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 20:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
    dimsntfy -> C:\WINDOWS\SYSTEM32\dimsntfy.dll -> [2008/04/13 20:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
    ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 20:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
    SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2007/02/15 18:00:26 | 000,236,928 | ---- | M] (Microsoft Corporation)
    wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\SYSTEM32\shell32.dll [CDBurn] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    "{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\SYSTEM32\shell32.dll [PostBootReminder] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SYSTEM32\stobject.dll [SysTray] -> [2008/04/13 20:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation)
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\SYSTEM32\webcheck.dll [WebCheck] -> [2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation)
    "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 21:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation)
    < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\SYSTEM32\browseui.dll [Browseui preloader] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\SYSTEM32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 20:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation)
    schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
    digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 20:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation)
    msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 20:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 04:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
    schannel -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 04:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" -> C:\Program Files\BearShare Applications\BearShare\BearShare.exe [C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare] -> [2010/01/12 05:24:32 | 017,758,136 | ---- | M] (MusicLab, LLC)
    "C:\Program Files\BitComet\BitComet.exe" -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe] -> [2010/02/21 06:11:24 | 002,969,336 | ---- | M] (www.BitComet.com)
    "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 15:17:08 | 000,229,376 | ---- | M] (Apple Inc.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/02/04 14:18:34 | 019,926,824 | ---- | M] (Apple Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/09/18 14:50:21 | 000,147,456 | ---- | M] (Lime Wire, LLC)
    "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
    "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE" -> C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE [C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4] -> [2004/04/30 01:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION)
    "C:\WINDOWS\SYSTEM32\spoolsv.exe" -> C:\WINDOWS\System32\spoolsv.exe [C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:spoolsv.exe] -> [2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.001 [] -> C:\AUTOEXEC.001 [ NTFS ] -> [2001/08/31 11:50:52 | 000,000,000 | ---- | M] ()
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/03/30 13:12:32 | 000,000,000 | ---- | M] ()
    Z:\Autograph Virtual Keyboard.exe [MZ | ] -> Z:\Autograph Virtual Keyboard.exe [ NTFS ] -> [2007/10/24 08:50:40 | 000,034,816 | ---- | M] (Eastmond Publishing Ltd.)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \{3d60b472-7e58-11db-b929-0007e90755ca}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d60b472-7e58-11db-b929-0007e90755ca}\Shell
    \{3d60b472-7e58-11db-b929-0007e90755ca}\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d60b472-7e58-11db-b929-0007e90755ca}\Shell\AutoRun
    \{3d60b472-7e58-11db-b929-0007e90755ca}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d60b472-7e58-11db-b929-0007e90755ca}\Shell\AutoRun\command
    \{3d60b472-7e58-11db-b929-0007e90755ca}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe] -> File not found
    \{638ef06e-a019-11db-b937-0007e90755ca}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef06e-a019-11db-b937-0007e90755ca}\Shell
    \{638ef06e-a019-11db-b937-0007e90755ca}\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef06e-a019-11db-b937-0007e90755ca}\Shell\AutoRun
    \{638ef06e-a019-11db-b937-0007e90755ca}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef06e-a019-11db-b937-0007e90755ca}\Shell\AutoRun\command
    \{638ef06e-a019-11db-b937-0007e90755ca}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
    \{638ef070-a019-11db-b937-0007e90755ca}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef070-a019-11db-b937-0007e90755ca}\Shell
    \{638ef070-a019-11db-b937-0007e90755ca}\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef070-a019-11db-b937-0007e90755ca}\Shell\AutoRun
    \{638ef070-a019-11db-b937-0007e90755ca}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{638ef070-a019-11db-b937-0007e90755ca}\Shell\AutoRun\command
    \{638ef070-a019-11db-b937-0007e90755ca}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3646499915-2801439982-1300003180-1006\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> Reg Error: Key error. -> File not found
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
     
    [Registry - Additional Scans - Safe List]
    < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
    0 -> [Key] -> 
    0 -> FriendlyName = My Current Home Page -> 
    0 -> Source = About:Home -> 
    0 -> SubscribedURL = About:Home -> 
    < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
    WallPaper -> C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
    BackupWallPaper -> C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "bootini" -> 0 -> 
    "services" -> 0 -> 
    "startup" -> 0 -> 
    "system.ini" -> 0 -> 
    "win.ini" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    6to4 ->  -> File not found
    Ias -> C:\WINDOWS\SYSTEM32\IAS -> [2002/09/10 21:06:16 | 000,000,000 | ---D | M]
    Iprip ->  -> File not found
    Irmon ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    Wmi -> C:\WINDOWS\SYSTEM32\wmi.dll -> [2008/04/13 20:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
    WmdmPmSp ->  -> File not found
    Ip6FwHlp ->  -> File not found
    *MultiFile Done* -> -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
    htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 20:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {01001202-823E-46CD-A70E-BEE818F97169} -> Microsoft Encarta Encyclopedia Standard 2002
    {01A4AEDE-F219-49A2-B855-16A016EAF9A4} -> Intel(R) PROSet II
    {02DFB3FD-CF52-4183-8BCA-2A127D4888F4} -> iTunes
    {089759B6-8B18-4AE5-9350-E132E0C22C01} -> Simply Accounting by Sage 2007
    {0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger
    {11F1920A-56A2-4642-B6E0-3B31A12C9288} -> Dell Solution Center
    {151C555A-A9E7-4A2E-B6D7-165D04A3C956} -> Dell Picture Studio - Dell Image Expert
    {17A7779A-D23F-11D3-8753-0050BABE1202} -> Microtek ScanWizard
    {1D243F00-1389-4C63-A7E9-B17E967D1901} -> WebEx Record and Playback
    {205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
    {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
    {26A24AE4-039D-4CA4-87B4-2F83216012FF} -> Java(TM) 6 Update 17
    {3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
    {338F08AB-C262-42C7-B000-34DE1A475273} -> Ad-Aware Email Scanner for Outlook
    {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
    {381EA1A3-3C6D-4927-B8ED-10CFD03CCE09} -> Epi Info
    {39B82ED4-D8AE-11D7-A9ED-00B0D0627A8E} -> Simply Accounting 2004 Basic
    {3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
    {415C995A-F745-11D6-A9AD-00B0D0627A8E} -> Simply Accounting 2003 Basic
    {43DCF766-6838-4F9A-8C91-D92DA586DFA7} -> Microsoft Windows Journal Viewer
    {45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
    {47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} -> Bonjour
    {4ADC0BF7-B965-11D8-AA51-00B0D0627A8E} -> Simply Accounting 2005 Basic
    {4DDC3BED-CC68-44AA-B435-D727B620CA5B} -> Linksys Wireless-G PCI Adapter
    {4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} -> Junk Mail filter update
    {51A79BE3-6AF4-4405-AC9A-E5F74FE20299} -> Simply Accounting by Sage 2007
    {609F7AC8-C510-11D4-A788-009027ABA5D0} -> Easy CD Creator 5 Basic
    {625BD732-ACDF-4552-BF22-98EBB413B6F3} -> McAfee Shredder
    {63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
    {63C1109E-D977-49ED-BCE3-D00D0BF187D6} -> Windows Live Mail
    {6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03} -> McAfee Shredder
    {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
    {87642C51-790C-4698-8A5F-40DA19B8738A} -> Epi Info
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
    {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
    {90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
    {90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
    {90D55A3F-1D99-4C94-A77E-46DC14F0BF08} -> Help and Support Customization
    {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
    {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
    {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
    {AC76BA86-7AD7-1033-7B44-A71000000002} -> Adobe Reader 7.1.0
    {AC76BA86-7AD7-5760-0000-705000000001} -> Adobe Reader Japanese Fonts
    {B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update
    {BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
    {BCA47D24-273B-47B6-99CF-C4CFD1F3EFED} -> Stata 9
    {BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387} -> Works Synchronization
    {BFD96B89-B769-4CD6-B11E-E79FFD46F067} -> QuickTime
    {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
    {C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7} -> WebEx Support Manager for Internet Explorer
    {C3A439E4-7303-491F-A678-CEA36A87D517} -> Microsoft Works Suite Add-in for Microsoft Word
    {C6CA8874-5F22-4AF0-9BE3-016BF299C536} -> Windows Live Essentials
    {C769A271-7E1C-48F9-B331-474600DD4C06} -> Microsoft Picture It! Photo 2002
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
    {CD0159C9-17FB-11D6-A76A-00B0D079AF64} -> Java 2 Runtime Environment, SE v1.4.1
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D271DAE0-8D68-4C97-8356-A126D48A1D8C} -> Ulead Photo Explorer 8.0 Trial
    {D6DE02C7-1F47-11D4-9515-00105AE4B89A} -> Paint Shop Pro 7
    {D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} -> Apple Mobile Device Support
    {DC19E750-988B-4005-A355-85EF66055EFE} -> Works Suite OS Pack
    {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
    {F003AEAB-22DD-4E69-B9F3-F7F1063D4618} -> Epi Info
    {F0797160-7E41-4CF2-A47B-497F5DFFC187} -> MSN Search Toolbar
    {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
    {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
    {F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
    {FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Ad-Aware -> Ad-Aware
    Adobe Acrobat 5.0 -> Adobe Acrobat 5.0
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    Amazon MP3 Downloader -> Amazon MP3 Downloader 1.0.3
    BearShare -> BearShare
    BitComet -> BitComet 1.19
    CCleaner -> CCleaner (remove only)
    DivX Codec -> DivX 5.0.3 Pro Bundle
    ebateswebsavings0.xml -> Web Savings from Ebates
    EPSON Printer and Utilities -> EPSON Printer Software
    ES C80 Guide -> ES C80 Guide
    HijackThis -> HijackThis 2.0.2
    IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
    ie7 -> Windows Internet Explorer 7
    Ink Monitor -> Ink Monitor
    Java Web Start -> Java Web Start
    LiveReg -> LiveReg (Symantec Corporation)
    LiveUpdate -> LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    McAfee Uninstall Utility -> McAfee Uninstall Wizard
    Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    Microtek ScanWizard V2.43 -> Microtek ScanWizard V2.43
    Mozilla Firefox (2.0.0.15) -> Mozilla Firefox (2.0.0.15)
    MpcStar -> MpcStar 4.1
    MSC -> McAfee SecurityCenter
    MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
    MSN Music Assistant -> MSN Music Assistant
    MUSICMATCH Jukebox -> MUSICMATCH Jukebox
    NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
    Norton Speed Disk -> Norton Speed Disk 6.0 for Windows NT
    Norton Utilities -> Norton Utilities 2002 for Windows
    NVIDIA -> NVIDIA Windows 2000/XP Display Drivers
    NVIDIA Display Driver -> NVIDIA Display Driver
    PokerStars -> PokerStars
    PROSet -> Intel(R) PRO Network Adapters and Drivers
    RealPlayer 6.0 -> RealPlayer
    Registry Mechanic_is1 -> Registry Mechanic 5.0
    Shockwave -> Shockwave
    Sound Blaster Live! Value -> Sound Blaster Live! Value
    SpywareBlaster_is1 -> SpywareBlaster 4.3
    ToolBook 8.0 Runtime -> ToolBook 8.0 Runtime
    TraxTime -> TraxTime
    ViewpointMediaPlayer -> Viewpoint Media Player (Remove Only)
    WIC -> Windows Imaging Component
    Windows Media Format Runtime -> Windows Media Format 11 runtime
    Windows Media Player -> Windows Media Player 11
    Windows XP Service Pack -> Windows XP Service Pack 3
    WinLiveSuite_Wave3 -> Windows Live Essentials
    WinRAR archiver -> WinRAR archiver
    WMFDist11 -> Windows Media Format 11 runtime
    wmp11 -> Windows Media Player 11
    Works2002Setup -> Microsoft Works 2002 Setup Launcher
    Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
    XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
    Yahoo! Companion -> Yahoo! Toolbar
    yEnc32 -> yEnc32 (remove only)
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/25/2010 9:58:07 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 9:58:07 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 9:58:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 9:58:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 9:59:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 9:59:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 10:01:28 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 10:01:28 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 10:01:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    Application [ Error ] 4/25/2010 10:01:37 PM Computer Name = OFFICE | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
    System [ Error ] 4/18/2010 10:29:56 PM Computer Name = OFFICE | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}.  The backup browser is stopping.
    System [ Error ] 4/19/2010 3:00:08 AM Computer Name = OFFICE | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
    System [ Error ] 4/19/2010 9:13:22 PM Computer Name = OFFICE | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}.  The backup browser is stopping.
    System [ Error ] 4/20/2010 6:40:33 AM Computer Name = OFFICE | Source = DCOM | ID = 10010 -> Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.
    System [ Error ] 4/21/2010 7:51:27 AM Computer Name = OFFICE | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
    System [ Error ] 4/21/2010 8:27:00 AM Computer Name = OFFICE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1053" attempting to start the service iPod Service with arguments ""  in order to run the server:  {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    System [ Error ] 4/23/2010 7:51:28 AM Computer Name = OFFICE | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
    System [ Error ] 4/24/2010 8:21:09 AM Computer Name = OFFICE | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}.  The backup browser is stopping.
    System [ Error ] 4/25/2010 7:51:29 AM Computer Name = OFFICE | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
    System [ Error ] 4/25/2010 7:34:17 PM Computer Name = OFFICE | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{ECA8E80D-29C3-41B9-A9E5-2A8073B3D609}.  The backup browser is stopping.
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Barry\Desktop\OTS.exe -> [2010/04/25 22:28:13 | 000,639,488 | ---- | C] (OldTimer Tools)
     Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2010/04/20 22:28:54 | 000,000,000 | ---D | C]
     F003AEAB22DD4E69B9F3F7F1063D4618.TMP -> C:\WINDOWS\F003AEAB22DD4E69B9F3F7F1063D4618.TMP -> [2010/04/20 21:16:53 | 000,000,000 | ---D | C]
     mfeavfk.sys -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2010/04/19 21:36:46 | 000,079,880 | ---- | C] (McAfee, Inc.)
     mfesmfk.sys -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2010/04/19 21:36:46 | 000,040,552 | ---- | C] (McAfee, Inc.)
     mfebopk.sys -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2010/04/19 21:36:46 | 000,035,272 | ---- | C] (McAfee, Inc.)
     Mpfp.sys -> C:\WINDOWS\System32\drivers\Mpfp.sys -> [2010/04/19 21:36:36 | 000,120,136 | ---- | C] (McAfee, Inc.)
     McAfee -> C:\Program Files\Common Files\McAfee -> [2010/04/19 21:34:59 | 000,000,000 | ---D | C]
     mferkdk.sys -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2010/04/19 21:32:31 | 000,034,216 | ---- | C] (McAfee, Inc.)
     TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/18 23:12:39 | 000,000,000 | ---D | C]
     SpywareBlaster -> C:\Program Files\SpywareBlaster -> [2010/04/18 23:12:32 | 000,000,000 | ---D | C]
     Recent -> C:\Documents and Settings\Barry\Recent -> [2010/04/18 22:59:59 | 000,000,000 | RH-D | C]
     Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2010/04/17 00:03:34 | 000,064,288 | ---- | C] (Lavasoft AB)
     {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/04/16 11:22:22 | 000,000,000 | -H-D | C]
     SxsCaPendDel -> C:\WINDOWS\SxsCaPendDel -> [2010/04/15 10:53:11 | 000,000,000 | ---D | C]
     Simply -> C:\Documents and Settings\Barry\My Documents\Simply -> [2010/04/07 09:19:03 | 000,000,000 | ---D | C]
     a3d.dll -> C:\WINDOWS\System32\a3d.dll -> [2002/09/10 21:36:50 | 000,059,392 | ---- | C] ( )
     5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     User_Feed_Synchronization-{F9A76691-5EEA-444E-84AE-80568A4644A9}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{F9A76691-5EEA-444E-84AE-80568A4644A9}.job -> [2010/04/25 22:55:00 | 000,000,422 | -H-- | M] ()
     Symantec NetDetect.job -> C:\WINDOWS\tasks\Symantec NetDetect.job -> [2010/04/25 22:53:00 | 000,000,412 | ---- | M] ()
     {66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> [2010/04/25 22:39:00 | 000,000,282 | -H-- | M] ()
     OTS.exe -> C:\Documents and Settings\Barry\Desktop\OTS.exe -> [2010/04/25 22:28:31 | 000,639,488 | ---- | M] (OldTimer Tools)
     {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> [2010/04/25 22:25:00 | 000,000,246 | -H-- | M] ()
     WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2010/04/25 20:20:08 | 000,001,170 | ---- | M] ()
     Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2010/04/25 19:30:06 | 000,010,441 | ---- | M] ()
     Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/04/25 19:19:44 | 000,000,472 | ---- | M] ()
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/25 19:15:13 | 000,000,006 | -H-- | M] ()
     BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2010/04/25 19:14:37 | 000,002,048 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/04/25 19:14:28 | 804,114,432 | -HS- | M] ()
     ntuser.dat -> C:\Documents and Settings\Barry\ntuser.dat -> [2010/04/25 19:12:52 | 008,912,896 | ---- | M] ()
     NTUSER.INI -> C:\Documents and Settings\Barry\NTUSER.INI -> [2010/04/25 19:12:52 | 000,000,278 | -HS- | M] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/25 19:01:21 | 000,154,112 | ---- | M] ()
     truro_apr22_2010.doc -> C:\Documents and Settings\Barry\My Documents\truro_apr22_2010.doc -> [2010/04/22 18:02:59 | 000,025,088 | ---- | M] ()
     Microsoft Office Word 2003.lnk -> C:\Documents and Settings\Barry\Desktop\Microsoft Office Word 2003.lnk -> [2010/04/21 10:38:21 | 000,002,497 | ---- | M] ()
     WIN.INI -> C:\WINDOWS\WIN.INI -> [2010/04/21 08:56:08 | 000,000,889 | ---- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/20 11:31:00 | 000,000,284 | ---- | M] ()
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/04/20 07:06:03 | 000,000,664 | ---- | M] ()
     McAfee Security Center.lnk -> C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk -> [2010/04/19 21:48:23 | 000,000,671 | ---- | M] ()
     McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2010/04/19 21:35:29 | 000,000,340 | ---- | M] ()
     McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2010/04/19 21:35:24 | 000,000,332 | ---- | M] ()
     SpywareBlaster.lnk -> C:\Documents and Settings\Barry\Desktop\SpywareBlaster.lnk -> [2010/04/18 23:12:34 | 000,000,690 | ---- | M] ()
     tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [2010/04/18 22:31:54 | 000,003,404 | ---- | M] ()
     dads edit of Mom's_suggestions_to_Research_Paper[1].docx -> C:\Documents and Settings\Barry\My Documents\dads edit of Mom's_suggestions_to_Research_Paper[1].docx -> [2010/04/18 21:02:38 | 000,025,325 | ---- | M] ()
     Ulead32.ini -> C:\WINDOWS\Ulead32.ini -> [2010/04/18 18:44:17 | 000,000,889 | ---- | M] ()
     Shortcut to a1aplaylist.lnk -> C:\Documents and Settings\Barry\Desktop\Shortcut to a1aplaylist.lnk -> [2010/04/17 16:50:59 | 000,000,347 | ---- | M] ()
     Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/04/16 11:22:14 | 000,000,867 | ---- | M] ()
     dilbert2010apr.doc -> C:\Documents and Settings\Barry\My Documents\dilbert2010apr.doc -> [2010/04/07 13:49:45 | 000,612,352 | ---- | M] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/04/07 09:44:55 | 000,001,099 | ---- | M] ()
     truro_apr7_2010.doc -> C:\Documents and Settings\Barry\My Documents\truro_apr7_2010.doc -> [2010/04/07 08:34:19 | 000,025,088 | ---- | M] ()
     Bwidya.exe -> C:\WINDOWS\Bwidya.exe -> [2010/04/04 12:01:53 | 000,179,712 | ---- | M] ()
     Membership Application 2010 (1).xls -> C:\Documents and Settings\Barry\My Documents\Membership Application 2010 (1).xls -> [2010/04/02 14:42:41 | 000,034,816 | ---- | M] ()
     5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     20 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
     
    [Files - No Company Name]
     fw20.vxd -> C:\WINDOWS\fw20.vxd -> [2066/11/26 14:12:24 | 000,079,947 | ---- | C] ()
     truro_apr22_2010.doc -> C:\Documents and Settings\Barry\My Documents\truro_apr22_2010.doc -> [2010/04/22 17:24:05 | 000,025,088 | ---- | C] ()
     Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2010/04/19 21:48:49 | 000,010,441 | ---- | C] ()
     McAfee Security Center.lnk -> C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk -> [2010/04/19 21:48:23 | 000,000,671 | ---- | C] ()
     McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2010/04/19 21:35:25 | 000,000,340 | ---- | C] ()
     McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2010/04/19 21:35:24 | 000,000,332 | ---- | C] ()
     SpywareBlaster.lnk -> C:\Documents and Settings\Barry\Desktop\SpywareBlaster.lnk -> [2010/04/18 23:12:34 | 000,000,690 | ---- | C] ()
     tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [2010/04/18 22:31:53 | 000,003,404 | ---- | C] ()
     dads edit of Mom's_suggestions_to_Research_Paper[1].docx -> C:\Documents and Settings\Barry\My Documents\dads edit of Mom's_suggestions_to_Research_Paper[1].docx -> [2010/04/18 21:02:36 | 000,025,325 | ---- | C] ()
     Shortcut to a1aplaylist.lnk -> C:\Documents and Settings\Barry\Desktop\Shortcut to a1aplaylist.lnk -> [2010/04/17 16:50:59 | 000,000,347 | ---- | C] ()
     lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2010/04/17 04:43:08 | 000,015,880 | ---- | C] ()
     Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/04/16 11:22:14 | 000,000,867 | ---- | C] ()
     dilbert2010apr.doc -> C:\Documents and Settings\Barry\My Documents\dilbert2010apr.doc -> [2010/04/07 13:49:44 | 000,612,352 | ---- | C] ()
     truro_apr7_2010.doc -> C:\Documents and Settings\Barry\My Documents\truro_apr7_2010.doc -> [2010/04/07 08:34:19 | 000,025,088 | ---- | C] ()
     Bwidya.exe -> C:\WINDOWS\Bwidya.exe -> [2010/04/04 12:02:21 | 000,179,712 | ---- | C] ()
     {66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> [2010/04/04 12:02:16 | 000,000,282 | -H-- | C] ()
     {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> [2010/04/04 12:02:00 | 000,000,246 | -H-- | C] ()
     Membership Application 2010 (1).xls -> C:\Documents and Settings\Barry\My Documents\Membership Application 2010 (1).xls -> [2010/04/02 14:40:29 | 000,034,816 | ---- | C] ()
     wininit.ini -> C:\WINDOWS\wininit.ini -> [2008/10/10 21:46:59 | 000,000,300 | ---- | C] ()
     epp.ini -> C:\WINDOWS\epp.ini -> [2008/01/23 20:32:22 | 000,002,253 | ---- | C] ()
     GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2007/05/01 19:54:54 | 000,094,208 | ---- | C] ()
     WLAN.INI -> C:\WINDOWS\System32\WLAN.INI -> [2007/05/01 19:54:28 | 000,000,890 | ---- | C] ()
     openrda.ini -> C:\WINDOWS\openrda.ini -> [2006/11/30 10:14:26 | 000,000,542 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
     atnt40k.sys -> C:\WINDOWS\System32\drivers\atnt40k.sys -> [2006/05/20 13:44:46 | 000,051,392 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
     A5W.INI -> C:\WINDOWS\A5W.INI -> [2005/07/22 12:24:53 | 000,000,035 | ---- | C] ()
     DLXAPI32.DLL -> C:\WINDOWS\System32\DLXAPI32.DLL -> [2005/01/03 10:10:44 | 000,319,488 | ---- | C] ()
     e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2004/06/21 13:22:06 | 000,024,576 | ---- | C] ()
     pex.INI -> C:\WINDOWS\pex.INI -> [2004/03/31 12:02:15 | 000,000,071 | ---- | C] ()
     pixcache.ini -> C:\WINDOWS\pixcache.ini -> [2004/03/30 13:57:21 | 000,001,368 | ---- | C] ()
     Ulead32.ini -> C:\WINDOWS\Ulead32.ini -> [2004/03/30 13:10:50 | 000,000,889 | ---- | C] ()
     SWISNIFE.INI -> C:\WINDOWS\SWISNIFE.INI -> [2004/03/30 13:06:31 | 000,000,207 | ---- | C] ()
     onsio.sys -> C:\WINDOWS\System32\drivers\onsio.sys -> [2004/03/30 13:06:18 | 000,285,216 | ---- | C] ()
     fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/02/27 09:27:38 | 000,001,793 | ---- | C] ()
     EPSC80.ini -> C:\WINDOWS\EPSC80.ini -> [2004/02/25 12:03:11 | 000,000,023 | ---- | C] ()
     Morphexe.INI -> C:\WINDOWS\Morphexe.INI -> [2003/10/31 16:37:32 | 000,000,030 | ---- | C] ()
     nvcod.dll -> C:\WINDOWS\System32\nvcod.dll -> [2003/10/06 14:16:00 | 000,027,136 | ---- | C] ()
     msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2003/06/24 13:37:15 | 000,000,002 | ---- | C] ()
     Morpheus.INI -> C:\WINDOWS\Morpheus.INI -> [2003/04/01 09:57:05 | 000,000,030 | ---- | C] ()
     states.ini -> C:\WINDOWS\states.ini -> [2003/02/05 19:54:03 | 000,000,212 | ---- | C] ()
     zip_var.ini -> C:\WINDOWS\zip_var.ini -> [2003/02/05 19:54:03 | 000,000,069 | ---- | C] ()
     phone_var.ini -> C:\WINDOWS\phone_var.ini -> [2003/02/05 19:54:03 | 000,000,034 | ---- | C] ()
     name_gender.ini -> C:\WINDOWS\name_gender.ini -> [2003/02/05 19:54:02 | 000,051,942 | ---- | C] ()
     name_var.ini -> C:\WINDOWS\name_var.ini -> [2003/02/05 19:54:02 | 000,000,037 | ---- | C] ()
     birth_var.ini -> C:\WINDOWS\birth_var.ini -> [2003/02/05 19:54:01 | 000,000,058 | ---- | C] ()
     addr_var.ini -> C:\WINDOWS\addr_var.ini -> [2003/02/05 19:54:01 | 000,000,016 | ---- | C] ()
     city_var.ini -> C:\WINDOWS\city_var.ini -> [2003/02/05 19:54:01 | 000,000,011 | ---- | C] ()
     cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2003/01/17 14:37:15 | 000,000,963 | ---- | C] ()
     iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2003/01/16 14:15:37 | 000,056,832 | ---- | C] ()
     simply100.ini -> C:\WINDOWS\simply100.ini -> [2003/01/08 10:53:33 | 000,000,120 | ---- | C] ()
     LTFIL60N.DLL -> C:\WINDOWS\System32\LTFIL60N.DLL -> [2003/01/08 10:39:18 | 000,043,008 | ---- | C] ()
     Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [2003/01/08 10:39:18 | 000,017,920 | ---- | C] ()
     OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
     MusicCitydll2.dll -> C:\WINDOWS\System32\MusicCitydll2.dll -> [2002/11/26 18:43:25 | 000,479,232 | ---- | C] ()
     UNWISE.INI -> C:\WINDOWS\System32\UNWISE.INI -> [2002/11/26 18:39:42 | 000,005,834 | ---- | C] ()
     smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2002/09/10 21:46:16 | 000,000,061 | ---- | C] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2002/09/10 21:39:17 | 000,001,099 | ---- | C] ()
     ac3api.ini -> C:\WINDOWS\ac3api.ini -> [2002/09/10 21:36:29 | 000,000,231 | ---- | C] ()
     SBWIN.INI -> C:\WINDOWS\SBWIN.INI -> [2002/09/10 21:35:59 | 000,000,184 | ---- | C] ()
     orun32.ini -> C:\WINDOWS\orun32.ini -> [2002/09/10 21:32:07 | 000,000,780 | ---- | C] ()
     OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2002/09/10 21:08:56 | 000,000,550 | ---- | C] ()
     NMSInst.dll -> C:\WINDOWS\System32\NMSInst.dll -> [2002/02/06 09:04:14 | 000,065,536 | ---- | C] ()
     PROInst.dll -> C:\WINDOWS\System32\PROInst.dll -> [2002/01/21 16:17:18 | 000,065,536 | ---- | C] ()
     assjwug.dll -> C:\WINDOWS\System32\assjwug.dll -> [2001/12/31 20:00:00 | 000,131,072 | ---- | C] ()
     msnwinnet.dll -> C:\WINDOWS\System32\msnwinnet.dll -> [2001/08/18 08:00:00 | 000,794,624 | ---- | C] ()
     abfrnex.dll -> C:\WINDOWS\System32\abfrnex.dll -> [2001/08/18 08:00:00 | 000,106,496 | ---- | C] ()
     tudmdxiufrm.drv -> C:\WINDOWS\System32\tudmdxiufrm.drv -> [2001/08/18 08:00:00 | 000,041,149 | ---- | C] ()
     Ter32.DLL -> C:\WINDOWS\System32\Ter32.DLL -> [1997/07/17 11:53:08 | 000,804,864 | ---- | C] ()
     Declw.dll -> C:\WINDOWS\System32\Declw.dll -> [1996/02/23 16:34:48 | 000,014,629 | ---- | C] ()
     Decln.dll -> C:\WINDOWS\System32\Decln.dll -> [1996/02/22 14:09:20 | 000,032,256 | ---- | C] ()
     
    [File - Lop Check]
     1A0 -> C:\Documents and Settings\All Users\Application Data\1A0 -> [2009/02/05 09:49:26 | 000,000,000 | ---D | M]
     1F128 -> C:\Documents and Settings\All Users\Application Data\1F128 -> [2009/01/27 13:41:31 | 000,000,000 | ---D | M]
     20290 -> C:\Documents and Settings\All Users\Application Data\20290 -> [2009/01/29 08:41:32 | 000,000,000 | ---D | M]
     236D -> C:\Documents and Settings\All Users\Application Data\236D -> [2008/11/20 09:51:35 | 000,000,000 | ---D | M]
     24203 -> C:\Documents and Settings\All Users\Application Data\24203 -> [2009/09/07 13:25:36 | 000,000,000 | ---D | M]
     26138 -> C:\Documents and Settings\All Users\Application Data\26138 -> [2008/12/16 23:46:38 | 000,000,000 | ---D | M]
     272BF -> C:\Documents and Settings\All Users\Application Data\272BF -> [2008/11/22 13:10:39 | 000,000,000 | ---D | M]
     282FD -> C:\Documents and Settings\All Users\Application Data\282FD -> [2009/10/05 11:29:40 | 000,000,000 | ---D | M]
     297D -> C:\Documents and Settings\All Users\Application Data\297D -> [2009/02/13 08:29:41 | 000,000,000 | ---D | M]
     2C6D -> C:\Documents and Settings\All Users\Application Data\2C6D -> [2009/02/04 15:05:44 | 000,000,000 | ---D | M]
     392CE -> C:\Documents and Settings\All Users\Application Data\392CE -> [2009/02/05 08:39:57 | 000,000,000 | ---D | M]
     91E4 -> C:\Documents and Settings\All Users\Application Data\91E4 -> [2009/06/11 16:29:09 | 000,000,000 | ---D | M]
     Linksys -> C:\Documents and Settings\All Users\Application Data\Linksys -> [2009/05/18 16:58:12 | 000,000,000 | ---D | M]
     MCA57.tmp -> C:\Documents and Settings\All Users\Application Data\MCA57.tmp -> [2006/06/24 18:27:54 | 000,000,000 | ---D | M]
     MSN Search Toolbar -> C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar -> [2005/09/13 14:50:44 | 000,000,000 | ---D | M]
     Sage Software -> C:\Documents and Settings\All Users\Application Data\Sage Software -> [2007/02/01 13:11:37 | 000,000,000 | ---D | M]
     TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/19 20:32:12 | 000,000,000 | ---D | M]
     Ulead Systems -> C:\Documents and Settings\All Users\Application Data\Ulead Systems -> [2004/05/04 10:47:42 | 000,000,000 | ---D | M]
     {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/04/16 11:22:44 | 000,000,000 | -H-D | M]
     Amazon -> C:\Documents and Settings\Barry\Application Data\Amazon -> [2008/10/30 10:34:28 | 000,000,000 | ---D | M]
     InterTrust -> C:\Documents and Settings\Barry\Application Data\InterTrust -> [2002/10/31 10:16:40 | 000,000,000 | ---D | M]
     LimeWire -> C:\Documents and Settings\Barry\Application Data\LimeWire -> [2008/10/30 10:11:11 | 000,000,000 | ---D | M]
     MSN Search Toolbar -> C:\Documents and Settings\Barry\Application Data\MSN Search Toolbar -> [2005/09/13 15:18:23 | 000,000,000 | ---D | M]
     MSNInstaller -> C:\Documents and Settings\Barry\Application Data\MSNInstaller -> [2006/03/21 16:30:36 | 000,000,000 | ---D | M]
     PGP -> C:\Documents and Settings\Barry\Application Data\PGP -> [2003/01/11 16:30:33 | 000,000,000 | ---D | M]
     TigerPlayer -> C:\Documents and Settings\Barry\Application Data\TigerPlayer -> [2009/11/02 13:48:35 | 000,000,000 | ---D | M]
     Ulead Systems -> C:\Documents and Settings\Barry\Application Data\Ulead Systems -> [2004/03/31 10:53:10 | 000,000,000 | ---D | M]
     PGP -> C:\Documents and Settings\LocalService\Application Data\PGP -> [2003/05/28 13:20:26 | 000,000,000 | ---D | M]
     SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2010/04/21 07:39:12 | 000,000,000 | ---D | M]
     Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/04/25 19:19:44 | 000,000,472 | ---- | M] ()
     ISP signup reminder 3.job -> C:\WINDOWS\Tasks\ISP signup reminder 3.job -> [2002/09/19 18:45:01 | 000,000,258 | ---- | M] ()
     McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2010/04/19 21:35:29 | 000,000,340 | ---- | M] ()
     McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2010/04/19 21:35:24 | 000,000,332 | ---- | M] ()
     User_Feed_Synchronization-{F9A76691-5EEA-444E-84AE-80568A4644A9}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9A76691-5EEA-444E-84AE-80568A4644A9}.job -> [2010/04/25 22:55:00 | 000,000,422 | -H-- | M] ()
     {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> [2010/04/25 22:25:00 | 000,000,246 | -H-- | M] ()
     {66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> [2010/04/25 22:39:00 | 000,000,282 | -H-- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.exe >
    < MD5 Scans Start>
    < %systemdrive%\AGP440.SYS  /md5 /s >
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys -> [2004/09/20 13:21:18 | 022,245,337 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys -> [2008/09/04 10:28:59 | 023,852,652 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/09/20 13:21:18 | 022,245,337 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/09/04 10:28:59 | 023,852,652 | ---- | M] ()
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
     agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
     AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\AGP440.SYS -> [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
     AGP440.SYS : MD5=65880045C51AA36184841CEE915A61DF -> C:\I386\AGP440.SYS -> [2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation)
     AGP440.SYS : MD5=65880045C51AA36184841CEE915A61DF -> C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS -> [2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\ATAPI.SYS  /md5 /s >
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys -> [2002/10/29 16:12:41 | 012,091,533 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys -> [2004/09/20 13:21:18 | 022,245,337 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys -> [2008/09/04 10:28:59 | 023,852,652 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys -> [2002/10/29 16:12:41 | 012,091,533 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/09/20 13:21:18 | 022,245,337 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/09/04 10:28:59 | 023,852,652 | ---- | M] ()
     atapi.sys : MD5=48BC2767CEEC6E8B0E15B0289F18232E -> C:\I386\atapi.sys -> [2002/01/30 15:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=A64013E98426E1877CB653685C5C0009 -> C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys -> [2001/08/17 14:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation)
     atapi.sys : Unable to obtain MD5  -> C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\EVENTLOG.DLL  /md5 /s >
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\SYSTEM32\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation)
     EVENTLOG.DLL : MD5=A510B91253544D56B5712D66BE8371E9 -> C:\I386\EVENTLOG.DLL -> [2001/08/18 08:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\NETLOGON.DLL  /md5 /s >
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\SYSTEM32\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation)
     NETLOGON.DLL : MD5=F41C1602DC79AB72035F2388FCA0255F -> C:\I386\NETLOGON.DLL -> [2001/08/18 08:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\SCECLI.DLL  /md5 /s >
     scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation)
     SCECLI.DLL : MD5=73968C834C316ADC7A2F07DC4B5F3665 -> C:\I386\SCECLI.DLL -> [2001/08/18 08:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\SYSTEM32\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
    < MD5 Scans End>
    < %systemroot%\*. /mp /s >
    Restore point Set: OTS Restore Point (0)
    < %systemroot%\system32\*.dll /lockedfiles >
     1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    < %systemroot%\System32\config\*.sav >
     DEFAULT.SAV -> C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV -> [2001/08/31 11:38:54 | 000,090,112 | ---- | M] ()
     SOFTWARE.SAV -> C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV -> [2001/08/31 11:38:54 | 000,606,208 | ---- | M] ()
     SYSTEM.SAV -> C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV -> [2001/08/31 11:38:54 | 000,380,928 | ---- | M] ()
     
    [Alternate Data Streams]
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    < End of report >
    
     
  5. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Please attach long results using the instructions I gave you so that we don't have to scroll so far down the page.

    Let me know if you have trouble with GMER.
     
  6. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    Thanks NeonFx. The Ots txt file is attached now as requested.
    GMER to follow shortly.

    Thanks
    Buddy
     

    Attached Files:

    • OTS.Txt
      File size:
      215.8 KB
      Views:
      2
  7. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    Please find the gmer scan test file attached.
    Thank you
    Buddy
     

    Attached Files:

  8. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Good, I can see it now. Let's do this:


    NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop



    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
    • Double click on ComboFix.exe & follow the prompts.

      Note: Combofix will run without the Recovery Console installed.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    See attached combofix log.
    Thank you
     

    Attached Files:

    • log.txt
      File size:
      18.1 KB
      Views:
      2
  10. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    I deleted a reply of mine, please diregard it if you got a copy of it in your email.

    Do this for me:

    Download TDSSKiller and save it to your Desktop.

    • Extract the file and run it.
    • Once completed it will create a log in the root directory (usually C:\).
    • Please post the contents of that log in your next reply.
     
  11. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    See attached file
     

    Attached Files:

  12. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Great :) Let's see if that worked. Please run ComboFix again to confirm. Attach C:\ComboFix.txt to your next reply for me.
     
  13. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    See attached file.
    Thank you
     

    Attached Files:

  14. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    It seems that problem is taken care of :) Please do the following:

    Go to Start > Run and type in CMD and press Enter.

    Copy the following text and then right click in the black and white menu that came up and select "Paste" to paste it.



    rmdir /s \\?\C:\RECYCLER\NPROTECT



    press Enter to execute the command.

    then type exit and press Enter to close the window.

    Please run ComboFix again for me after doing that and attach C:\ComboFix.txt to your next reply.
     
  15. buddy510

    buddy510 Thread Starter

    Joined:
    Oct 12, 2003
    Messages:
    30
    rmdir /s \\?\C:\RECYCLER\NPROTECT
    Attempted to run this but got message: The process cannot access the file because it is being used by another process.

    Thanks
    Buddy
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - spybot blocked windows
  1. somemelvin
    Replies:
    0
    Views:
    340
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918258

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice