Here's the Hijack This! log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:06 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=T5048A
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=T5048A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1180615605421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1180560646750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Datalico - {F6DBC315-0284-4418-862E-84D587F3CAFF} - C:\WINDOWS\system32\v32amctl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8068 bytes
Here's the file from WinPfind35:
[code=auto:0]WinPFind35 logfile created on: 2/29/2008 5:55:33 PM
WinPFind35U Version 1.0.2.2 Folder = C:\Documents and Settings\Daddy\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
445.55 Mb Total Physical Memory | 53.16 Mb Available Physical Memory | 11.93% Memory free
1.03 Gb Paging File | 0.63 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 115.19 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.40 Gb Free Space | 64.33% Space Free | Partition Type: FAT32
Drive E: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-08D5303051
Current User Name: Daddy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/15/2006 4:41:52 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 10/18/2006 11:58:45 AM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 9/25/2001 10:32:50 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/15/2006 4:41:52 PM | Attr = ]
zhotkey.exe -> %SystemRoot%\zHotkey.exe -> [Ver = 3, 0, 0, 10 | Size = 550912 bytes | Modified Date = 12/8/2004 7:57:36 PM | Attr = ]
bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 8:30:00 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.3.6 | Size = 16342528 bytes | Modified Date = 5/10/2007 5:08:06 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 31, 25, 90 | Size = 282624 bytes | Modified Date = 6/21/2007 10:56:14 PM | Attr = ]
minimind.exe -> %ProgramFiles%\MiniMind\MiniMind.exe -> Vellosoft [Ver = 7.27 | Size = 237568 bytes | Modified Date = 2/11/2007 12:08:36 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/15/2006 4:41:52 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 1/26/2006 10:57:00 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr = ]
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 10/18/2006 11:58:45 AM | Attr = ]
(SanaSafeConnectAgent) SanaSafeConnectAgent [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Sana Security\Primary Response SafeConnect\agent\Bin\SanaAgent.exe -> Sana Security [Ver = 2.3.0.1434 | Size = 5218840 bytes | Modified Date = 8/18/2007 12:48:50 AM | Attr = R ]
(SanaSafeConnectWatcher) SanaSafeConnectWatcher [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe -> Sana Security [Ver = 2.3.0.1434 | Size = 547352 bytes | Modified Date = 8/18/2007 12:48:54 AM | Attr = R ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 9/25/2001 10:32:50 AM | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 10:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 10:51:58 PM | Attr = ]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 1/16/2007 6:58:09 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6599 | Size = 1477632 bytes | Modified Date = 1/15/2006 4:48:08 PM | Attr = ]
(atksgt) atksgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atksgt.sys -> [Ver = | Size = 271360 bytes | Modified Date = 8/16/2007 8:11:38 PM | Attr = ]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 10/18/2006 3:00:00 AM | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 10/18/2006 3:00:00 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 10:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 10:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 7:07:18 PM | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.53.00 built by: WinDDK | Size = 256128 bytes | Modified Date = 7/18/2006 5:15:18 PM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.53.00 built by: WinDDK | Size = 990592 bytes | Modified Date = 7/18/2006 5:16:08 PM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5413 built by: WinDDK | Size = 4419584 bytes | Modified Date = 5/10/2007 5:28:08 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(lirsgt) lirsgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\lirsgt.sys -> [Ver = | Size = 18048 bytes | Modified Date = 8/16/2007 8:11:38 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 4:26:58 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr = ]
(NEOFLTR_550_11711) Juniper Networks TDI Filter Driver (NEOFLTR_550_11711) [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NEOFLTR_550_11711.sys -> Juniper Networks [Ver = 5, 5, 0, 11711 | Size = 63264 bytes | Modified Date = 4/10/2007 9:24:54 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 10/18/2006 3:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 10:52:18 PM | Attr = ]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,639,0118,2006 built by: WinDDK | Size = 80512 bytes | Modified Date = 1/18/2006 8:41:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:34 AM | Attr = ]
(SanaSafeConnectDriver) SanaSafeConnectDriver [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectDriver.sys -> Sana Security, Inc. [Ver = 2.3.0.1434 | Size = 160280 bytes | Modified Date = 8/18/2007 12:49:12 AM | Attr = R ]
(SanaSafeConnectFilter) SanaSafeConnectFilter [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectFilter.sys -> Sana Security, Inc. [Ver = 2.3.0.1434 | Size = 30232 bytes | Modified Date = 8/18/2007 12:49:12 AM | Attr = ]
(SanaSafeConnectShim) SanaSafeConnectShim [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectShim.sys -> Sana Security, Inc. [Ver = 2.3.0.1434 | Size = 27312 bytes | Modified Date = 8/18/2007 12:49:14 AM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = R ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 PM | Attr = ]
(szkg) szkg [Kernel | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\szkg.sys -> File not found
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 10:52:22 PM | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 1/15/2008 2:39:58 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 7.8.0.0 | Size = 28396 bytes | Modified Date = 9/27/2001 12:00:26 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.53.00 built by: WinDDK | Size = 728192 bytes | Modified Date = 7/18/2006 5:15:10 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 5:43:28 PM | Attr = ]
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 8:30:00 PM | Attr = ]
CHotkey -> %SystemRoot%\zHotkey.exe -> [Ver = 3, 0, 0, 10 | Size = 550912 bytes | Modified Date = 12/8/2004 7:57:36 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.2.5 | Size = 1121280 bytes | Modified Date = 11/7/2006 2:49:50 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 1:42:26 AM | Attr = ]
Reminder -> %SystemRoot%\creator\Remind_XP.exe -> SoftThinks [Ver = 1, 0, 3, 0 | Size = 966656 bytes | Modified Date = 2/25/2005 8:24:50 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.3.6 | Size = 16342528 bytes | Modified Date = 5/10/2007 5:08:06 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr = ]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Power2GoExpress -> -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< Run [HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\] > -> HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Power2GoExpress -> -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 31, 25, 90 | Size = 282624 bytes | Modified Date = 6/21/2007 10:56:14 PM | Attr = ]
< Daddy Startup Folder > -> C:\Documents and Settings\Daddy\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\MiniMinder.lnk -> %ProgramFiles%\MiniMind\MiniMind.exe -> Vellosoft [Ver = 7.27 | Size = 237568 bytes | Modified Date = 2/11/2007 12:08:36 PM | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Owner.YOUR-08D5303051 Startup Folder > -> C:\Documents and Settings\Owner.YOUR-08D5303051\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 10/18/2006 12:00:49 PM | Attr = ]
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{F6DBC315-0284-4418-862E-84D587F3CAFF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\v32amctl.dll [Datalico] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007] > -> HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 1/15/2006 4:42:52 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007] > -> HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.runescape.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.google.com ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.google.com ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\] > -> ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: Main\\Search Bar -> http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048A ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: Main\\Start Page -> http://www.runescape.com/ ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-1254882472-3451870046-1501629578-1007\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3939 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 57 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3934 domain(s) found. ->
31 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3934 domain(s) found. ->
31 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3934 domain(s) found. ->
31 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key]