[code]
OTScanIt logfile created on: 6/17/2008 2:59:33 PM
OTScanIt by OldTimer - Version 1.0.15.15     Folder = C:\Documents and Settings\USER\Desktop\aloahgrades_files\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.23 Mb Total Physical Memory | 231.45 Mb Available Physical Memory | 45.27% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.20 Gb Free Space | 70.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.95 Gb Total Space | 1.80 Gb Free Space | 92.02% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-737A973129
Current User Name: USER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 389120 bytes | Modified Date = 11/11/2005 1:43:12 AM | Attr =    ]
s24evmon.exe -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 7, 1, 4, 4 | Size = 421955 bytes | Modified Date = 7/5/2005 4:28:34 AM | Attr =    ]
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 18944 bytes | Modified Date = 12/19/2005 12:08:42 PM | Attr =    ]
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 12:08:40 PM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/19/2008 8:08:15 PM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/19/2008 8:08:35 PM | Attr =    ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/20/2008 9:13:09 PM | Attr =    ]
lxdccoms.exe -> %SystemRoot%\system32\lxdccoms.exe ->   [Ver = 1.62.33.0 | Size = 537520 bytes | Modified Date = 2/12/2007 7:56:38 PM | Attr =    ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 5:57:54 PM | Attr =    ]
regsrvc.exe -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 7, 1, 4, 4 | Size = 122880 bytes | Modified Date = 7/5/2005 4:26:00 AM | Attr =    ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 389120 bytes | Modified Date = 11/11/2005 1:43:12 AM | Attr =    ]
lxdcamon.exe -> %ProgramFiles%\Lexmark 1300 Series\lxdcamon.exe -> Lexmark [Ver = 1.0.2580.10573 | Size = 20480 bytes | Modified Date = 2/5/2007 7:32:16 PM | Attr =    ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 4:49:00 PM | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/23/2008 9:03:33 AM | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 6/16/2008 12:26:06 PM | Attr =    ]
quickdcf2.exe -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJIFILM Corporation [Ver = 1, 1, 1, 0 | Size = 303104 bytes | Modified Date = 1/30/2007 12:02:00 PM | Attr =    ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =    ]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 425984 bytes | Modified Date = 11/4/2004 8:36:46 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\aloahgrades_files\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 389120 bytes | Modified Date = 11/11/2005 1:43:12 AM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/19/2008 8:08:15 PM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/19/2008 8:08:35 PM | Attr =    ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/20/2008 9:13:09 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =    ]
(lxdc_device) lxdc_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxdccoms.exe ->   [Ver = 1.62.33.0 | Size = 537520 bytes | Modified Date = 2/12/2007 7:56:38 PM | Attr =    ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.1.301.0 | Size = 139264 bytes | Modified Date = 4/29/2003 5:29:54 PM | Attr =    ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 5:57:54 PM | Attr =    ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 7, 1, 4, 4 | Size = 122880 bytes | Modified Date = 7/5/2005 4:26:00 AM | Attr =    ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 7, 1, 4, 4 | Size = 421955 bytes | Modified Date = 7/5/2005 4:28:34 AM | Attr =    ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/23/2008 9:03:33 AM | Attr =    ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe ["C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"] -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 4:49:00 PM | Attr =    ]
lxdcamon -> %ProgramFiles%\Lexmark 1300 Series\lxdcamon.exe ["C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"] -> Lexmark [Ver = 1.0.2580.10573 | Size = 20480 bytes | Modified Date = 2/5/2007 7:32:16 PM | Attr =    ]
LXDCCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxdctime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16] -> Lexmark International, Inc. [Ver = 1.42.0.8 | Size = 102400 bytes | Modified Date = 1/22/2007 6:05:56 PM | Attr =    ]
lxdcmon.exe -> %ProgramFiles%\Lexmark 1300 Series\lxdcmon.exe ["C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"] -> File not found
PCTVOICE -> %SystemRoot%\system32\pctspk.exe [pctspk.exe] ->  [Ver = 1, 0, 0, 1 | Size = 163840 bytes | Modified Date = 2/24/2003 6:35:12 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr =    ]
zzzHPSETUP ->  [D:\Setup.exe \RESET] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 6/16/2008 12:26:06 PM | Attr =    ]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/19/2008 8:08:34 PM | Attr =    ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/19/2008 8:08:34 PM | Attr =    ]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/19/2008 8:08:34 PM | Attr =    ]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 2/19/2008 8:08:34 PM | Attr =    ]
< Run [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 6/16/2008 12:26:06 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ExifLauncher2.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJIFILM Corporation [Ver = 1, 1, 1, 0 | Size = 303104 bytes | Modified Date = 1/30/2007 12:02:00 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 8:50:52 PM | Attr =    ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< kids Startup Folder > -> C:\Documents and Settings\kids\Start Menu\Programs\Startup -> 
< USER Startup Folder > -> C:\Documents and Settings\USER\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
  ->  -> File not found
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 6/16/2008 12:25:56 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 6/16/2008 12:26:11 PM | Attr =    ]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 47616 bytes | Modified Date = 11/11/2005 1:44:14 AM | Attr =    ]
Sebring -> %SystemRoot%\system32\LgNotify.dll -> Intel Corporation [Ver = 7, 1, 4, 4 | Size = 188482 bytes | Modified Date = 7/5/2005 4:33:24 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\svchost -> %SystemRoot%\svchost.exe [C:\WINDOWS\svchost.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CDRW/DVD_CRX830E___________________KDK3____\5&18c802ac&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/12/2005 6:01:54 AM | Attr =    ]
Autorun.inf [[autorun] | open = LinksysConnectPC.exe | ACTION = Wireless Network Setup Wizard | ICON = LinksysConnectPC.ICO | ] -> E:\Autorun.inf [ FAT ] ->  [Ver =  | Size = 109 bytes | Modified Date = 1/21/2008 5:33:16 PM | Attr =    ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [ICQ Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: Main\\Start Page -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: SearchURL\\ -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [ICQ Toolbar] -> File not found
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{055FD26D-3A88-4e15-963D-DC8493744B1D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [XTTBPos00 Class] -> File not found
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 10:37:44 PM | Attr = R  ]
{28D8912D-C0B5-42DE-B42C-5FE22D6A2332} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\d3dram.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 7/26/2006 7:17:55 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 10:37:44 PM | Attr = R  ]
{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [ICQ Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 10:37:44 PM | Attr = R  ]
WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [ICQ Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 10:37:44 PM | Attr = R  ]
WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ICQTOO~1\toolbaru.dll [ICQ Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\] > -> HKEY_USERS\S-1-5-21-299502267-152049171-1343024091-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0B529950-9E1B-43C7-8B70-695738AB26CA} ->    (Xircom CardBus Ethernet II 10/100) -> 
{24F19191-0BD2-47E1-A129-82D48B35700B} ->    (Dell TrueMobile 1300 WLAN Mini-PCI Card) -> 
{2F7C5955-DE7D-4C06-AEAD-FFC7B21378D0} ->    (Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card) -> 
{4B8B60F3-CAB3-436F-A24B-1ECA799D792F} ->    (Broadcom 570x Gigabit Integrated Controller) -> 
{65CA17C4-3FB4-407D-AE47-644593A5CA23} ->    (Broadcom 570x Gigabit Integrated Controller) -> 
{A7852E57-F724-4D19-BD7F-973EE9332C12} ->    (Dell TrueMobile 1150 Series Wireless LAN Mini PCI Card) -> 
{BB864885-3B4B-42AF-8229-7ED515F7C40A} ->    (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter) -> 
{C1F868DF-6B77-4BFC-B719-CBD86C1BD6E0} ->    (Dell Wireless 1450 Dual Band WLAN Mini-PCI Card) -> 
{F4A72FAB-1441-4A05-B06D-B994461CF165} ->    (Broadcom 570x Gigabit Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1A26F07F-0D60-4835-91CF-1E1766A0EC56}[HKEY_LOCAL_MACHINE] -> http://scanner2.malware-scan.com/setup/webinst.cab[WebInstall Class] -> 
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}[HKEY_LOCAL_MACHINE] -> http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab[Verizon Wireless Media Upload] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/USDR6_9999_N18M1603NetInstaller.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/USDR6_9999_N18M1603NetInstaller.exe\\.Owner -> {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/USDR6_9999_N18M1603NetInstaller.exe\\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/webinst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/webinst.dll\\.Owner -> {343CE214-9998-4B21-A151-FFE970167297} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/webinst.dll\\{343CE214-9998-4B21-A151-FFE970167297} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UDC6_0001_D19M1908NetInstaller.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UDC6_0001_D19M1908NetInstaller.exe\\.Owner -> {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UDC6_0001_D19M1908NetInstaller.exe\\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\.Owner -> {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webinst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webinst.dll\\.Owner -> {1A26F07F-0D60-4835-91CF-1E1766A0EC56} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/webinst.dll\\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 



[Files/Folders - Created Within 90 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/17/2008 2:42:26 PM | Attr =    ]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 211 bytes | Created Date = 6/17/2008 9:53:39 AM | Attr =    ]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 6/17/2008 9:53:24 AM | Attr =    ]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 6/17/2008 9:53:32 AM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 6/17/2008 9:36:03 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 6/17/2008 8:32:54 AM | Attr =    ]
FFRAFLIB.DLL -> %SystemRoot%\System32\FFRAFLIB.DLL -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 1, 2, 7 | Size = 155648 bytes | Created Date = 6/8/2008 12:41:55 PM | Attr =    ]
FFRafShellEx.dll -> %SystemRoot%\System32\FFRafShellEx.dll -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 5 | Size = 208896 bytes | Created Date = 6/8/2008 12:41:55 PM | Attr =    ]
FFTIFF16.dll -> %SystemRoot%\System32\FFTIFF16.dll -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 2 | Size = 274432 bytes | Created Date = 6/8/2008 12:41:55 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1278 bytes | Created Date = 6/16/2008 3:09:52 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 6/17/2008 9:52:10 AM | Attr =    ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 6/17/2008 1:46:20 PM | Attr =    ]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 6/17/2008 9:51:39 AM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 5/30/2008 1:08:01 AM | Attr =    ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 6/8/2008 12:50:31 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 6/12/2008 9:20:56 AM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 6/13/2008 6:32:26 PM | Attr =    ]
FUJIFILM -> %AppData%\FUJIFILM ->  [Folder | Created Date = 5/30/2008 1:03:51 AM | Attr =    ]
InstallShield -> %AppData%\InstallShield ->  [Folder | Created Date = 6/8/2008 12:38:45 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 6/13/2008 2:08:58 PM | Attr =    ]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 6/8/2008 12:50:47 PM | Attr =    ]
cloning.odt -> %UserProfile%\My Documents\cloning.odt ->  [Ver =  | Size = 12204 bytes | Created Date = 5/12/2008 9:11:09 PM | Attr =    ]
FinePixViewer.lnk -> %AllUsersProfile%\Desktop\FinePixViewer.lnk ->  [Ver =  | Size = 1628 bytes | Created Date = 6/8/2008 12:43:08 PM | Attr =    ]
Introduction of Picture The Future.lnk -> %AllUsersProfile%\Desktop\Introduction of Picture The Future.lnk ->  [Ver =  | Size = 1927 bytes | Created Date = 6/8/2008 12:45:14 PM | Attr =    ]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 6/8/2008 12:54:36 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 6/13/2008 6:32:14 PM | Attr =    ]
User's Guide.lnk -> %AllUsersProfile%\Desktop\User's Guide.lnk ->  [Ver =  | Size = 1978 bytes | Created Date = 6/8/2008 12:45:09 PM | Attr =    ]
Adolf Hitler.odt -> %UserProfile%\Desktop\Adolf Hitler.odt ->  [Ver =  | Size = 12913 bytes | Created Date = 5/11/2008 10:08:24 PM | Attr =    ]
aloahgrades.htm -> %UserProfile%\Desktop\aloahgrades.htm ->  [Ver =  | Size = 14488 bytes | Created Date = 3/21/2008 5:55:51 PM | Attr =    ]
aloahgrades_files -> %UserProfile%\Desktop\aloahgrades_files ->  [Folder | Created Date = 3/21/2008 5:55:51 PM | Attr =    ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1842547 bytes | Created Date = 6/17/2008 9:50:53 AM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 6/16/2008 3:15:03 PM | Attr =    ]
Internet Security Suite.url -> %UserProfile%\Desktop\Internet Security Suite.url ->  [Ver =  | Size = 223 bytes | Created Date = 5/23/2008 4:05:08 PM | Attr =    ]
me and ave on boat.jpg -> %UserProfile%\Desktop\me and ave on boat.jpg ->  [Ver =  | Size = 46098 bytes | Created Date = 3/25/2008 10:48:38 PM | Attr =    ]
onna pics -> %UserProfile%\Desktop\onna pics ->  [Folder | Created Date = 5/5/2008 9:19:23 PM | Attr =    ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 6/12/2008 9:21:10 AM | Attr =    ]
ExifLauncher2.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ExifLauncher2.lnk ->  [Ver =  | Size = 1612 bytes | Created Date = 6/8/2008 12:43:09 PM | Attr =    ]
Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 5/30/2008 1:07:41 AM | Attr =    ]
FinePixViewer -> %ProgramFiles%\FinePixViewer ->  [Folder | Created Date = 5/30/2008 1:01:42 AM | Attr =    ]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 6/12/2008 9:20:56 AM | Attr =    ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 6/13/2008 2:08:58 PM | Attr =    ]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 6/13/2008 4:24:57 PM | Attr =    ]

[Files/Folders - Modified Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 6/16/2008 3:23:39 PM | Attr = RH ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/17/2008 2:44:16 PM | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 281 bytes | Modified Date = 6/17/2008 9:53:39 AM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 6/17/2008 9:53:38 AM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 6/14/2008 2:13:53 PM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 6/14/2008 2:12:18 PM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 6/17/2008 9:54:07 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 6/17/2008 1:41:45 PM | Attr =    ]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 6/17/2008 9:54:07 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 6/17/2008 2:56:32 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 6/17/2008 8:32:54 AM | Attr =    ]
msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 6/17/2008 10:05:09 AM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 6/17/2008 10:05:09 AM | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 6/13/2008 11:25:27 PM | Attr =    ]
9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/17/2008 1:45:04 PM | Attr =    ]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 6/17/2008 10:00:53 AM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 6/16/2008 11:44:42 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/17/2008 2:42:26 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 107808 bytes | Modified Date = 6/13/2008 6:26:52 PM | Attr =    ]
msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 82476 bytes | Modified Date = 4/14/2008 3:09:43 AM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 487148 bytes | Modified Date = 4/14/2008 3:09:43 AM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 557872 bytes | Modified Date = 4/14/2008 3:09:43 AM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1278 bytes | Modified Date = 6/16/2008 3:09:52 PM | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 6/13/2008 6:24:12 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 6/17/2008 2:44:16 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 6/16/2008 11:42:34 AM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 4/14/2008 3:25:25 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/17/2008 2:43:45 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/17/2008 9:54:06 AM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 6/17/2008 9:59:35 AM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 6/14/2008 3:04:21 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/16/2008 11:45:18 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/14/2008 2:13:53 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 4/14/2008 3:25:29 AM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 6/13/2008 5:32:14 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/17/2008 2:57:28 PM | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 6/13/2008 6:24:08 PM | Attr =    ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 6/11/2008 11:17:58 AM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 6/17/2008 1:44:05 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/17/2008 2:42:26 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 6/13/2008 5:55:36 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 6/17/2008 2:44:38 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1547 bytes | Modified Date = 6/14/2008 10:39:27 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 4/14/2008 3:09:08 AM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 6/11/2008 7:02:06 PM | Attr =    ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 6/17/2008 1:39:01 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/17/2008 2:43:50 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 1/18/2007 1:34:54 PM | Attr =    ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1306 bytes | Modified Date = 1/18/2007 1:34:54 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 6/17/2008 10:03:50 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 6/17/2008 12:26:17 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 6/17/2008 12:26:17 PM | Attr =    ]
C:\Documents and Settings\USER\Local Settings\Temp\ -> C:\Documents and Settings\USER\Local Settings\Temp ->  [Folder | Modified Date = 6/17/2008 2:46:06 PM | Attr =    ]
SSUPDATE.EXE -> C:\Documents and Settings\USER\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 6/16/2008 12:26:22 PM | Attr =    ]
2 C:\Documents and Settings\USER\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\USER\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\USER\Local Settings\Temp\Temporary Directory 1 for avenger.zip\ -> C:\Documents and Settings\USER\Local Settings\Temp\Temporary Directory 1 for avenger.zip\ ->  [Folder | Modified Date = 6/17/2008 2:28:06 PM | Attr =  H ]
avenger.exe -> C:\Documents and Settings\USER\Local Settings\Temp\Temporary Directory 1 for avenger.zip\avenger.exe ->  [Ver =  | Size = 731136 bytes | Modified Date = 5/30/2008 11:09:46 PM | Attr =    ]
C:\Documents and Settings\USER\Local Settings\Temp\ -> C:\Documents and Settings\USER\Local Settings\Temp ->  [Folder | Modified Date = 6/17/2008 2:46:06 PM | Attr =    ]
mxkrxyza.dat -> C:\Documents and Settings\USER\Local Settings\Temp\mxkrxyza.dat ->  [Ver =  | Size = 4736 bytes | Modified Date = 2/5/2008 11:02:33 PM | Attr =    ]
2 C:\Documents and Settings\USER\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\USER\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 6/8/2008 12:50:31 PM | Attr =    ]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 6/8/2008 12:53:30 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 6/12/2008 9:30:59 AM | Attr =    ]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 6/13/2008 6:32:26 PM | Attr =    ]
AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 6/17/2008 2:45:18 PM | Attr =    ]
FUJIFILM -> %AppData%\FUJIFILM ->  [Folder | Modified Date = 6/13/2008 1:38:34 PM | Attr =    ]
InstallShield -> %AppData%\InstallShield ->  [Folder | Modified Date = 6/8/2008 12:38:45 PM | Attr =    ]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 6/10/2008 4:17:00 PM | Attr =    ]
OpenOffice.org2 -> %AppData%\OpenOffice.org2 ->  [Folder | Modified Date = 6/17/2008 2:13:36 PM | Attr =    ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 6/13/2008 2:08:58 PM | Attr =    ]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 6/8/2008 12:50:47 PM | Attr =    ]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 6/17/2008 2:45:49 PM | Attr =    ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 15320 bytes | Modified Date = 6/13/2008 6:30:10 PM | Attr =    ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 8769302 bytes | Modified Date = 6/13/2008 11:14:58 PM | Attr =  H ]
cloning.odt -> %UserProfile%\My Documents\cloning.odt ->  [Ver =  | Size = 12204 bytes | Modified Date = 5/12/2008 9:11:18 PM | Attr =    ]
My Albums -> %UserProfile%\My Documents\My Albums ->  [Folder | Modified Date = 5/5/2008 9:13:11 PM | Attr =    ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 6/4/2008 12:08:19 AM | Attr = R  ]
FinePixViewer.lnk -> %AllUsersProfile%\Desktop\FinePixViewer.lnk ->  [Ver =  | Size = 1628 bytes | Modified Date = 6/8/2008 12:43:08 PM | Attr =    ]
Introduction of Picture The Future.lnk -> %AllUsersProfile%\Desktop\Introduction of Picture The Future.lnk ->  [Ver =  | Size = 1927 bytes | Modified Date = 6/8/2008 12:45:14 PM | Attr =    ]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 6/8/2008 12:54:36 PM | Attr =    ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 6/13/2008 6:32:14 PM | Attr =    ]
User's Guide.lnk -> %AllUsersProfile%\Desktop\User's Guide.lnk ->  [Ver =  | Size = 1978 bytes | Modified Date = 6/8/2008 12:45:10 PM | Attr =    ]
Adolf Hitler.odt -> %UserProfile%\Desktop\Adolf Hitler.odt ->  [Ver =  | Size = 12913 bytes | Modified Date = 5/16/2008 7:04:20 AM | Attr =    ]
aloahgrades.htm -> %UserProfile%\Desktop\aloahgrades.htm ->  [Ver =  | Size = 14488 bytes | Modified Date = 3/21/2008 5:55:51 PM | Attr =    ]
aloahgrades_files -> %UserProfile%\Desktop\aloahgrades_files ->  [Folder | Modified Date = 6/17/2008 2:55:37 PM | Attr =    ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1842547 bytes | Modified Date = 6/17/2008 8:42:32 AM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 6/16/2008 3:15:03 PM | Attr =    ]
Internet Security Suite.url -> %UserProfile%\Desktop\Internet Security Suite.url ->  [Ver =  | Size = 223 bytes | Modified Date = 5/23/2008 4:05:09 PM | Attr =    ]
me and ave on boat.jpg -> %UserProfile%\Desktop\me and ave on boat.jpg ->  [Ver =  | Size = 46098 bytes | Modified Date = 3/25/2008 10:48:39 PM | Attr =    ]
onna pics -> %UserProfile%\Desktop\onna pics ->  [Folder | Modified Date = 5/30/2008 1:28:46 AM | Attr =    ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 6/12/2008 9:21:10 AM | Attr =    ]
ExifLauncher2.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ExifLauncher2.lnk ->  [Ver =  | Size = 1612 bytes | Modified Date = 6/8/2008 12:43:09 PM | Attr =    ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 6/13/2008 6:31:01 PM | Attr =    ]

< End of report >
[/code]