Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

softwarereferral.com/antivirus2008.com [RESOLVED]

Started by marionks , May 27 2008 07:54 PM

  • This topic is locked This topic is locked

#31
marionks
Posted 13 June 2008 - 11:42 AM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 341097 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\I:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\I:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [I:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [I:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [I:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [I:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [I:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Created Date = 5/14/2008 8:10:37 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Created Date = 5/14/2008 6:34:58 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Created Date = 5/14/2008 10:02:48 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/17/2008 8:42:38 AM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/17/2008 11:50:33 AM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/18/2008 12:30:30 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/19/2008 8:30:43 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/20/2008 5:46:29 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/21/2008 7:26:36 AM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/21/2008 8:20:09 PM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/22/2008 6:46:44 PM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/24/2008 10:05:06 AM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Created Date = 6/9/2008 3:20:09 PM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/12/2008 4:24:47 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/14/2008 8:10:37 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/14/2008 6:34:58 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/14/2008 10:02:48 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/17/2008 8:42:38 AM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/17/2008 11:50:33 AM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/18/2008 12:30:30 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/19/2008 8:30:43 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/20/2008 5:46:29 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/21/2008 7:26:36 AM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/21/2008 8:20:09 PM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/22/2008 6:46:44 PM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/24/2008 10:05:06 AM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/9/2008 3:20:09 PM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/12/2008 4:24:47 PM | Attr = H ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 5/27/2008 5:03:43 PM | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Created Date = 5/27/2008 5:03:43 PM | Attr = ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 6/9/2008 9:28:34 PM | Attr = ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 6/9/2008 9:28:34 PM | Attr = ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> [Ver = | Size = 79360 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2150 bytes | Created Date = 6/9/2008 9:34:18 PM | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 6/9/2008 9:28:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VACFix.exe:Zone.Identifier
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 6/9/2008 9:28:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VCCLSID.exe:Zone.Identifier
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 6/9/2008 9:28:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\WS2Fix.exe:Zone.Identifier
edma.exe -> %SystemRoot%\edma.exe -> [Ver = | Size = 94208 bytes | Created Date = 5/26/2008 12:21:53 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 5/27/2008 5:03:43 PM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 5/27/2008 5:03:51 PM | Attr = ]
TmpRecentIcons -> %AppData%\TmpRecentIcons -> [Folder | Created Date = 5/26/2008 2:07:00 PM | Attr = ]
ATF Cleaner.doc -> %UserProfile%\My Documents\ATF Cleaner.doc -> [Ver = | Size = 100864 bytes | Created Date = 5/27/2008 4:45:34 PM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 5/27/2008 5:03:43 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/13/2008 7:13:47 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 5/27/2008 8:00:11 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/13/2008 7:16:31 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Created Date = 6/13/2008 7:15:38 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 5/31/2008 3:12:12 PM | Attr = ]
VArestorepolicies -> %UserProfile%\Desktop\VArestorepolicies -> [Folder | Created Date = 6/12/2008 3:57:34 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 5/27/2008 5:02:19 PM | Attr = ]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 5/27/2008 5:03:42 PM | Attr = ]
Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 5/27/2008 6:54:38 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/4/2008 8:32:05 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/4/2008 8:32:05 AM | Attr = ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/14/2008 8:10:37 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/14/2008 6:34:58 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/14/2008 10:02:48 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/17/2008 8:42:38 AM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/17/2008 11:50:33 AM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/18/2008 12:30:30 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/19/2008 8:30:43 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/20/2008 5:46:29 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2008 7:26:36 AM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2008 8:20:09 PM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/22/2008 6:46:44 PM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/24/2008 10:05:06 AM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 6/9/2008 3:20:09 PM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/12/2008 4:24:47 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/14/2008 8:10:37 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/14/2008 6:34:58 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/14/2008 10:02:48 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/17/2008 8:42:38 AM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/17/2008 11:50:33 AM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/18/2008 12:30:30 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/19/2008 8:30:43 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/20/2008 5:46:29 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/21/2008 7:26:36 AM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/21/2008 8:20:09 PM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/22/2008 6:46:44 PM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/24/2008 10:05:06 AM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/9/2008 3:20:09 PM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/12/2008 4:24:47 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/13/2008 7:10:55 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/9/2008 5:50:30 PM | Attr = ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 5/18/2008 9:40:00 PM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/27/2008 12:36:29 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/10/2008 9:36:49 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/10/2008 4:40:42 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/10/2008 4:39:11 PM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 5/18/2008 9:40:00 PM | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> [Ver = | Size = 79360 bytes | Modified Date = 6/9/2008 9:28:18 PM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2150 bytes | Modified Date = 6/9/2008 9:34:19 PM | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 6/9/2008 9:28:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VACFix.exe:Zone.Identifier
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 6/9/2008 9:28:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VCCLSID.exe:Zone.Identifier
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/13/2008 7:10:23 AM | Attr = ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 6/9/2008 9:28:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\WS2Fix.exe:Zone.Identifier
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/10/2008 4:40:27 PM | Attr = H ]
5 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/13/2008 7:09:39 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/27/2008 6:54:21 PM | Attr = S]
edma.exe -> %SystemRoot%\edma.exe -> [Ver = | Size = 94208 bytes | Modified Date = 5/26/2008 8:23:02 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/10/2008 4:39:20 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/10/2008 4:40:48 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/4/2008 8:31:41 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/13/2008 7:15:19 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/13/2008 7:09:58 AM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/13/2008 7:15:07 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/13/2008 7:14:39 AM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Modified Date = 6/12/2008 9:41:01 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/13/2008 7:09:40 AM | Attr = H ]
I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/10/2007 5:58:42 PM | Attr = ]
qmgr0.dat -> I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 6/13/2008 7:10:55 AM | Attr = ]
qmgr1.dat -> I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5480 bytes | Modified Date = 6/13/2008 7:10:55 AM | Attr = ]
I:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> I:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2/26/2007 9:26:25 PM | Attr = ]
data.dat -> I:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 2/26/2007 9:26:31 PM | Attr = ]
I:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> I:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 9/9/2007 1:44:38 PM | Attr = ]
wkcalcat.dat -> I:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/22/2007 8:43:23 PM | Attr = ]
wklntsk1.dat -> I:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 198279 bytes | Modified Date = 6/1/2008 10:57:05 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 5/27/2008 5:03:43 PM | Attr = ]
PlayFirst -> %AllUsersProfile%\Application Data\PlayFirst -> [Folder | Modified Date = 5/19/2008 8:23:59 PM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 5/19/2008 8:30:25 PM | Attr = ]
@Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:05816AFA
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:268F887D
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:30C46519
@Alternate Data Stream - 113 bytes -> %AllUsersProfile%\Application Data\TEMP:54997B77
@Alternate Data Stream - 114 bytes -> %AllUsersProfile%\Application Data\TEMP:54CBEF30
@Alternate Data Stream - 147 bytes -> %AllUsersProfile%\Application Data\TEMP:8D09A3F7
@Alternate Data Stream - 127 bytes -> %AllUsersProfile%\Application Data\TEMP:93C494CA
@Alternate Data Stream - 163 bytes -> %AllUsersProfile%\Application Data\TEMP:98F0614F
@Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:9B52F176
@Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 114 bytes -> %AllUsersProfile%\Application Data\TEMP:EB170088
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:F01E7F17
@Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:F82297CD
@Alternate Data Stream - 132 bytes -> %AllUsersProfile%\Application Data\TEMP:F880DE59
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 5/26/2008 12:14:28 PM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 5/27/2008 5:03:51 PM | Attr = ]
TmpRecentIcons -> %AppData%\TmpRecentIcons -> [Folder | Modified Date = 5/26/2008 2:07:00 PM | Attr = ]
wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 5054 bytes | Modified Date = 6/1/2008 10:56:53 PM | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 7477542 bytes | Modified Date = 5/27/2008 5:25:16 PM | Attr = H ]
ATF Cleaner.doc -> %UserProfile%\My Documents\ATF Cleaner.doc -> [Ver = | Size = 100864 bytes | Modified Date = 5/27/2008 4:45:34 PM | Attr = ]
Family Files -> %UserProfile%\My Documents\Family Files -> [Folder | Modified Date = 5/21/2008 8:50:15 PM | Attr = ]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 574 bytes | Modified Date = 6/13/2008 7:16:07 AM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 5/27/2008 5:03:43 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/13/2008 7:14:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 5/27/2008 8:00:11 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/13/2008 7:16:31 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Modified Date = 6/13/2008 7:15:57 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 6/9/2008 9:35:57 PM | Attr = ]
Tools -> %UserProfile%\Desktop\Tools -> [Folder | Modified Date = 6/1/2008 9:51:10 PM | Attr = ]
VArestorepolicies -> %UserProfile%\Desktop\VArestorepolicies -> [Folder | Modified Date = 6/12/2008 3:57:34 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 5/27/2008 5:02:19 PM | Attr = ]

< End of report >
[/code]
  • 0

Advertisements

#32
Metallica
Posted 13 June 2008 - 12:50 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Use Live Messenger a lot? :)

I'd like to have a look at this.

Click Start > Run > type cmd and click OK
In the Command Prompt copy & paste this command:

reg query "HKEY_CURRENT_USER\Control Panel\International" > C:\looktime.txt

Then copy & paste this command:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" >> C:\looktime.txt

After each line press ENTER to execute the commands

Next use this command:

notepad C:\looktime.txt

This will open C:\looktime.txt
Post the content please.
  • 0

#33
marionks
Posted 13 June 2008 - 06:57 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I haven't used it in over a month ... my husband's daughter isn't talking to us ... we're hoping she will again in the future! :) However, if Live Messenger is the cause of the problems, we'll drop it now!! :)

Couldn't get anything to work in the cmd ... "The device is not ready" keeps showing up. I was supposed to paste it after I:\Documents and Settings\Ginny -- Correct?? That's the only place to put it. I also tried to copy and paste your second query and got the same result.
  • 0

#34
Metallica
Posted 14 June 2008 - 03:34 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

However, if Live Messenger is the cause of the problems, we'll drop it now!! :)


I didn't mean to imply that. I just noticed the number of sessions. :)

I think I made a mistake. Can you try it like this?

Copy the text in the code block into notepad and save it as investigate.bat

reg query "HKEY_CURRENT_USER\Control Panel\International" > I:\looktime.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" >> I:\looktime.txt
notepad I:\looktime.txt

That should produce the text file on a partition that actually exists. :)
  • 0

#35
marionks
Posted 14 June 2008 - 07:24 AM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
If there is still a number of sessions in Live Messenger, something is definitely WRONG! As I said, we haven't used it in over a month! Of course, it loads every time I log on, but there should be no "usage". If there is, tell me how to delete the program NOW!
I was going to tell you the code paste didn't work, then I opened the investigate file ... here's what popped up in a looktime notepad after I doubleclicked on that .bat file (There was no end program note):

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Control Panel\International
iCountry REG_SZ 1
iCurrDigits REG_SZ 2
iCurrency REG_SZ 0
iDate REG_SZ 0
iDigits REG_SZ 2
iLZero REG_SZ 1
iMeasure REG_SZ 1
iNegCurr REG_SZ 0
iTime REG_SZ 0
iTLZero REG_SZ 0
Locale REG_SZ 00000409
s1159 REG_SZ AM
s2359 REG_SZ PM
sCountry REG_SZ United States
sCurrency REG_SZ $
sDate REG_SZ /
sDecimal REG_SZ .
sLanguage REG_SZ ENU
sList REG_SZ ,
sLongDate REG_SZ dddd, MMMM dd, yyyy
sShortDate REG_SZ M/d/yyyy
sThousand REG_SZ ,
sTime REG_SZ :
sTimeFormat REG_SZ HH:mm: VIRUS ALERT!
iTimePrefix REG_SZ 0
sMonDecimalSep REG_SZ .
sMonThousandSep REG_SZ ,
iNegNumber REG_SZ 1
sNativeDigits REG_SZ 0123456789
NumShape REG_SZ 1
iCalendarType REG_SZ 1
iFirstDayOfWeek REG_SZ 6
iFirstWeekOfYear REG_SZ 0
sGrouping REG_SZ 3;0
sMonGrouping REG_SZ 3;0
sPositiveSign REG_SZ
sNegativeSign REG_SZ -

HKEY_CURRENT_USER\Control Panel\International\Geo

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
SubVersionNumber REG_SZ
CurrentBuild REG_SZ 1.511.1 () (Obsolete data - do not use)
InstallDate REG_DWORD 0x45ce0e5b
ProductName REG_SZ Microsoft Windows XP
RegDone REG_SZ
RegisteredOrganization REG_SZ
RegisteredOwner REG_SZ Lind Family
SoftwareType REG_SZ SYSTEM
CurrentVersion REG_SZ 5.1
CurrentBuildNumber REG_SZ 2600
BuildLab REG_SZ 2600.xpsp_sp2_qfe.070227-2300
CurrentType REG_SZ Multiprocessor Free
CSDVersion REG_SZ Service Pack 2
SystemRoot REG_SZ I:\WINDOWS
SourcePath REG_SZ G:\I386
PathName REG_SZ I:\WINDOWS
ProductId REG_SZ 92318-600-0011903-00825
DigitalProductId REG_BINARY A40000000300000037363438372D4F454D2D303031313930332D3030383235002D0000004132322D
303030303100000000000000F29D2F0ECF0F0EB05FFFCBE9C08C020000000000AAB5CD45122B01000
20000000000000000000000000000000000000000000000343F36323000000000000000D10E000000
000000FF0300008C01000000000000000000000000000000000000000000000000000000000000BB4
F8DFC
LicenseInfo REG_BINARY 330646F0997414FB475A6FEF2A31121CAED9DFDAB648886DB52DF996A7BCE82334B5BE2CA262B3FF
C008AA74C1E502BE83B3952B33708CE9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownFunctionTableDlls

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LastFontSweep

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\related.desc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF
  • 0

#36
Metallica
Posted 14 June 2008 - 01:04 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
There is the VIRUS ALERT message.

under
HKEY_CURRENT_USER\Control Panel\International
this entry
sTimeFormat REG_SZ HH:mm: VIRUS ALERT!

To correct this:
Go to start > run and type: intl.cpl
Hit enter
This opens the Regional Settings properties.
Under the tab Regional Options > standards and formats, from the dropdown list, re-select your region again.
I'm guessing that should be English (United States) in your case.

Then about Live Messenger:
The last session shows on 6/12/2008

If you want to disable it from starting automatically:
Open Live Messenger...go to the Tools tab, click it, and go down to
"Options", and when it opens select the General tab, then uncheck
"Automatically run Windows Live Messenger when I log on to Windows.
click Apply, then OK.
  • 0

#37
marionks
Posted 15 June 2008 - 12:32 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
THANK YOU! The virus alert is out of the toolbar tray, and time is back to normal. And Messenger is no longer starting up as I start.
NOW ... can we get my wallpaper back?? I still need to get whatever file that is out of the wallpaper. When I start up, I get my original selected wallpaper, then a navy blue screen with my desktop, then this file as the background with my desktop on top.
ALSO ... it still takes forever for my portion of the computer to load, compared to the remainder of the family.
  • 0

#38
marionks
Posted 15 June 2008 - 12:32 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
PS ... Happy Father's Day! :)
  • 0

#39
Metallica
Posted 15 June 2008 - 12:42 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you try something for me?
This only works if you have XP Pro.

Start > Run > type or copy&paste gpedit.msc > OK

In the Policy editor choose and expand User Configuration > Administrative Templates > Desktop > Active Desktop
Then select and rightclick Disable Active desktop and choose Properties
Select Disabled > Apply and close the Policy Editor. You may have to reboot for the change to take effect.
  • 0

#40
marionks
Posted 15 June 2008 - 09:13 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
It didn't have any effect. :)
  • 0

Advertisements

#41
Metallica
Posted 15 June 2008 - 10:24 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you check something for me?

Under Start > Control Panel > Display > on the Desktop tab click Customize Desktop
Then on the Web tab check if anything is checked in the Web Pages box.

If so let me know what it is called and click the Properties button to find more information, like where it is located.
Then remove the checkmark. Then click OK, Apply, OK and close the Panel.
  • 0

#42
marionks
Posted 16 June 2008 - 08:19 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I've attached a Word file from My Documents: "Screen Shots" ... I hope you can find it.
I couldn't find what you were referring to ... I hope you can see what I cannot.
The first page shows the "Web" tab from the Customize Desktop ... the second page shows the "General" tab from Customize Desktop. I cannot click on the "Properties" button.
  • 0

#43
Metallica
Posted 16 June 2008 - 10:30 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I see a checkmark before Privacy Protection. That is the one we want to get rid off.
Can you remove that checkmark?
Then click OK, Apply, OK and close the Panel.

Let me know if that helps.
  • 0

#44
marionks
Posted 17 June 2008 - 03:35 PM

marionks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
YAY! I think we're fixed!!! Thank you SO MUCH!! I have learned a LOT from you, too!! Now, I just hope I can remember all this! Will all this be archived somewhere where I can find it??? :)
  • 0

#45
Metallica
Posted 17 June 2008 - 10:34 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
You will always be able to find it using this link:

http://www.geekstogo...howtopic=199675

Is your profiles slow load also fixed?
Please follow the red link in my signature and check how you can improve your computers protection.

Prevention doesn't need to cost much, but can save a lot of troubles.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP