[code=auto:0]
OTScanIt logfile created on: 6/21/2008 2:36:13 PM
OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Aj\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 490.94 Mb Available Physical Memory | 51.22% Memory free
2.26 Gb Paging File | 1.79 Gb Available in Paging File | 79.31% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 66.84 Gb Free Space | 47.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 6.96 Gb Total Space | 1.07 Gb Free Space | 15.31% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: AJ-DF81D87BDABB
Current User Name: Aj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
wusb54gsv2.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe -> Linksys [Ver = 1.0.1.5 | Size = 5230080 bytes | Modified Date = 11/14/2005 3:40:00 AM | Attr = ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ]
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ]
orbtray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ]
eroca.exe -> %ProgramFiles%\Eroca\Eroca.exe -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ]
winamptbserver.exe -> %ProgramFiles%\Winamp Toolbar\winampTbServer.exe -> AOL LLC. [Ver = 5.1.20.3 | Size = 140640 bytes | Modified Date = 3/19/2008 11:36:36 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4168 | Size = 483328 bytes | Modified Date = 6/13/2007 8:15:39 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 6/13/2007 10:29:00 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/6/2007 3:55:46 AM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 10:21:10 PM | Attr = ]
(WUSB54GSv2SVC) WUSB54GSv2SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 1/14/2008 3:14:14 PM | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 PM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6240 built by: WinDDK | Size = 4030144 bytes | Modified Date = 4/26/2007 12:20:48 AM | Attr = ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6698 | Size = 2155520 bytes | Modified Date = 6/13/2007 8:24:13 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
(Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctpdusb.sys -> Creative Technology Ltd. [Ver = 1.27.02.00 | Size = 16880 bytes | Modified Date = 9/30/2004 9:27:00 AM | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 4:54:34 PM | Attr = ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 4:54:32 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 12:51:00 AM | Attr = ]
(RT73) Wireless-G USB Network Adapter with RangeBooster Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.04.0000 | Size = 252928 bytes | Modified Date = 1/13/2006 3:46:28 AM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 1/9/2007 3:09:48 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 11:25:53 AM | Attr = ]
(StreamSurge) StreamSurge Driver (miniport) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ss.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 11:15:32 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
4 dog bin grim -> %AllUsersProfile%\Application Data\second regs grim software\tick army knob.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\second regs grim software\tick army knob.exe] -> File not found
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 PM | Attr = ]
Flag Owns Live Grim -> %AllUsersProfile%\Application Data\Software rule flag owns\bib bash.exe [C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\bib bash.exe] -> [Ver = | Size = 4037120 bytes | Modified Date = 6/21/2008 2:35:23 PM | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 11/28/2006 10:12:12 PM | Attr = ]
PKR Pal -> %ProgramFiles%\PKR\pkrpal.exe ["C:\Program Files\PKR\pkrpal.exe" -osboot] -> File not found
SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 11:28:22 PM | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 8:35:24 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [Ver = | Size = 36352 bytes | Modified Date = 4/1/2008 7:49:42 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Build Love -> %AppData%\Idol heck\UpTonsHtm.exe [C:\DOCUME~1\Aj\APPLIC~1\IDOLHE~1\UpTonsHtm.exe] -> [Ver = | Size = 465920 bytes | Modified Date = 5/30/2008 3:19:50 PM | Attr = ]
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 7:23:34 PM | Attr = ]
Eroca -> %ProgramFiles%\Eroca\Eroca.exe [C:\Program Files\Eroca\Eroca.exe] -> [Ver = | Size = 125952 bytes | Modified Date = 6/1/2008 10:37:20 AM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe ["C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart] -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 6/29/2007 6:36:44 AM | Attr = ]
Orb -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 4/1/2008 2:54:06 AM | Attr = ]
QdrPack16 -> %ProgramFiles%\QdrPack\QdrPack16.exe ["C:\Program Files\QdrPack\QdrPack16.exe"] -> File not found
Steam -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 3:40:54 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 1/10/2007 4:14:36 PM | Attr = ]
< Aj Startup Folder > -> C:\Documents and Settings\Aj\Start Menu\Programs\Startup ->
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rtmipr.dll [delayingly] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 10:12:20 AM | Attr = ]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 118784 bytes | Modified Date = 6/13/2007 8:16:59 PM | Attr = ]
rqRHywvw -> %SystemRoot%\system32\rqRHywvw.dll -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\start -> %ProgramFiles%\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GCA-4164B_______________E.D0____\5&1c5c6e99&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/9/2004 2:20:04 PM | Attr = ]
AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/28/2001 7:07:38 AM | Attr = HS]
Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> H:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 11:01:14 PM | Attr = HS]
< HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL ->
http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL ->
http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar ->
http://internetsearc...ce.com/ie6.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page ->
http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page ->
http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant ->
http://internetsearchservice.com ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL ->
http://internetsearchservice.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar ->
http://internetsearc...ce.com/ie6.html ->
HKEY_CURRENT_USER\: Main\\Search Page ->
http://internetsearchservice.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: Search\\SearchAssistant ->
http://internetsearchservice.com ->
HKEY_CURRENT_USER\: SearchURL\\ ->
http://g.msn.co.uk/0...S01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 41 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 8:02:04 PM | Attr = ]
{129FA2A1-408C-4824-83A4-5001581FD01E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHywvw.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 59392 bytes | Modified Date = 5/31/2008 10:26:39 AM | Attr = ]
{514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\muutwswe.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 92160 bytes | Modified Date = 6/20/2008 4:44:12 PM | Attr = ]
{5D975859-CF56-4845-B558-E49A4DAB7134} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\WGI9IO12\3077ahntdksr[1].dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 88576 bytes | Modified Date = 6/20/2008 11:26:40 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{77C988F4-5D0F-4BA2-A252-997D62F434C1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usegnnfb.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 49664 bytes | Modified Date = 6/13/2008 10:09:30 PM | Attr = ]
{813d1b1a-2f4e-4659-b40d-b417a475f59b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\plktumgo.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 98816 bytes | Modified Date = 6/20/2008 4:23:18 AM | Attr = ]
{A321EBBF-3691-4A0E-9F12-5383C17E715D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcBuUMF.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/6/2007 3:55:45 AM | Attr = R ]
WebBrowser\\{51D81DD5-55B7-497F-95DB-D356429BB54E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC. [Ver = 5.1.20.3 | Size = 1267040 bytes | Modified Date = 3/19/2008 11:36:35 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Winamp Search -> %AllUsersProfile%\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html -> [Ver = | Size = 748 bytes | Modified Date = 3/19/2008 11:21:40 PM | Attr = ]
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage ->
http://activex.micro...d...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 9:56:24 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2CED90EE-1B8C-48EE-8F32-8A7C15415E77} -> (Linksys Wireless-G USB Network Adapter with SpeedBooster v2) ->
{86FF0F7E-5F08-4846-B546-F8C274041E45} -> (1394 Net Adapter) ->
{CFF53A29-92B0-4CC4-B7CF-B63DD07098A8} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{10093E98-C073-4C75-8D0E-FB5CD3A71D33}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...ds.cab57176.cab[ZoneUpwords Object] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...kr.cab56986.cab[Checkers Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] ->
http://gfx2.hotmail....es/MSNPUpld.cab[MSN Photo Upload Tool] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...1/GAME_UNO1.cab[UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...ro.cab56649.cab[MSN Games - Installer] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] ->
http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
{DA758BB1-5F89-4465-975F-8D7179A4BCF3}[HKEY_LOCAL_MACHINE] ->
http://messenger.zon...oF.cab57176.cab[WheelofFortune Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\.Owner -> {10093E98-C073-4C75-8D0E-FB5CD3A71D33} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Upwords.ocx\\{10093E98-C073-4C75-8D0E-FB5CD3A71D33} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\.Owner -> {DA758BB1-5F89-4465-975F-8D7179A4BCF3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WoF.ocx\\{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
C:\WINDOWS\system32\efcBuUMF -> %SystemRoot%\system32\efcBuUMF.dll -> [Ver = | Size = 373248 bytes | Modified Date = 5/31/2008 10:31:49 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3087 (xpsp_sp2_qfe.070219-2253) | Size = 299008 bytes | Modified Date = 4/15/2007 10:22:15 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 3:21:15 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3027 (xpsp_sp2_qfe.061105-2318) | Size = 49152 bytes | Modified Date = 4/15/2007 10:23:44 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A3 B3 71 06 7B D5 F9 F1 38 14 98 B7 D1 32 1D 9A 31 34 32 63 32 39 36 64 00 FD 07 00 06 99 00 00 34 FA 07 00 76 92 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 28 2D 3A 36 28 3F 2C F9 F1 05 83 14 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E9 C1 96 9E 88 F7 D0 A6 D3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 CD 4E 32 00 11 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DF 20 7E CD 89 F2 58 81 22 1B EB 6F 99 9E AE 78 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL ->
http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> AE DE 7B CA 08 BA C7 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services