viruses and worms > viruses and worms

WNSO.EXE help please.........

<< < (2/8) > >>

MarkLoehndorf:
Here ya go Polonus, I really do appreciate your help on this.  My hat's off to you if you are able to make heads or tails of it all........
WinPFind3 logfile created on: 10/19/2007 8:26:26 PM
WinPFind3U by OldTimer - Version 1.0.42   Folder = C:\Documents and Settings\hp user\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
1022.48 Mb Total Physical Memory | 676.66 Mb Available Physical Memory | 66.18% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.71 Gb Free Space | 50.60% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MARKSHPLAPTOP
Current User Name: hp user
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr =    ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr =    ]
standaloneslv.exe -> %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe ->  [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr =    ]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr =    ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 4:54:58 AM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 3/8/2005 4:34:28 PM | Attr =    ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 7/18/2005 11:17:28 PM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 5:06:04 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] -> %System32%\0ae7.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R  ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr =    ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] -> %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe ->  [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr =    ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe -> SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr =    ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr =    ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr =    ]

MarkLoehndorf:
It continues..
| Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr =    ]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 5:05:42 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 5:04:44 AM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 7/20/2005 12:07:16 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(ms_fax) Fax Client [Win32_Own | Auto | Stopped] -> %System32%\0ae7.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5401 | Size = 77824 bytes | Modified Date = 2/3/2004 8:26:00 AM | Attr = R  ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr =    ]
(Remote Solver for COSMOSFloWorks 2007) Remote Solver for COSMOSFloWorks 2007 [Win32_Own | Auto | Running] -> %ProgramFiles%\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe ->  [Ver = 14, 0000, 304, 0 | Size = 606208 bytes | Modified Date = 4/2/2007 10:38:10 AM | Attr =    ]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe -> SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 9/21/2007 9:35:50 PM | Attr =    ]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.4 | Size = 857088 bytes | Modified Date = 7/11/2006 7:22:40 AM | Attr =    ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr =    ]
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr =    ]
SearchIndexer -> %System32%\xuswofkx.dll [rundll32.exe "C:\WINDOWS\system32\xuswofkx.dll",sitypnow] ->  [Ver =  | Size = 83008 bytes | Modified Date = 10/18/2007 11:01:12 PM | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\WNSO.lnk -> %CommonProgramFiles%\RGGZS\WNSO.exe -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] -> %System32%\rqrqomm.dll [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 3/8/2005 4:34:34 PM | Attr =    ]
rqrqomm -> rqrqomm.dll -> File not found
WgaLogon -> Reg Data - Value does not exist -> File not found

MarkLoehndorf:
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (764 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
192.168.1.109 HP000D9D182CA5 ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://us8l.hpwis.com ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://seek.3721.com/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://us8l.hpwis.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr =    ]
{387EDF53-1CF2-4523-BC2F-13462651BE8C} [HKLM] -> %System32%\BhoCitUS.dll [CitiUSBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 3, 7, 0, 0, 134 | Size = 139264 bytes | Modified Date = 8/12/2004 2:55:00 PM | Attr =    ]
{72F37957-227A-476E-9F62-9E00CDB84368} [HKLM] -> %System32%\vturr.dll [Reg Data - Value does not exist] ->  [Ver =  | Size = 244832 bytes | Modified Date = 9/19/2007 4:49:34 AM | Attr =    ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] -> %System32%\rqrqomm.dll [Reg Data - Value does not exist] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] -> %System32%\vtquqiex.dll [Reg Data - Value does not exist] ->  [Ver =  | Size = 77376 bytes | Modified Date = 10/2/2007 7:06:56 PM | Attr =    ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
 [HKLM] -> Reg Data - Key not found [] -> File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr =    ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll [HP View] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1AF1AB90-7611-4EF5-9EAC-76B4D4CF6D36} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{22EC5A37-74D9-46B2-963C-7E18D6427A2E} ->    (1394 Net Adapter) ->
{32564508-58B8-45A1-9A54-0B1E9C5D32A3} ->    (1394 Net Adapter) ->
{5C79B13D-D4E6-41B5-8537-A193B74756ED} ->    () ->
{690E8785-F190-4F25-8406-EAEDB088921C} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7C777C7A-6DEF-4F41-91BB-8AC28D08D0D7} ->    (1394 Net Adapter) ->
{7D4EEF3A-321A-4114-8A31-619F7E7D68E3} ->    (1394 Net Adapter) ->
{B0043B74-DEA3-411A-AEA4-86C8487645A8} ->    (Broadcom 802.11b) ->
{B146B9C6-05FB-40C5-AAF9-4424DAD1C800} ->    (1394 Net Adapter) ->
{C1D6AC56-DFF8-49B8-9E4A-81C6919FE1BA} ->    (Broadcom 802.11b) ->
{EECAB3FF-1C5B-4C5B-B679-9AF04C2FC3B3} ->    (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr =    ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000055-9980-0010-8000-00AA00389B71} ->  - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Microsoft XML Parser for Java ->  - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

Jeez..... Is it supposed to be this long???
->

MarkLoehndorf:
Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\System32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 65993 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\C:\WINDOWS\system32\-200431.exe -> C:\WINDOWS\system32\-200431.exe:*:Enabled:pop ->

MarkLoehndorf:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\-16767.exe -> C:\WINDOWS\system32\-16767.exe:*:Disabled:pop ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\yjiklkd.exe -> C:\Program Files\Internet Explorer\yjiklkd.exe:*:Enabled:pop ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\zfkhggn.exe -> C:\WINDOWS\system32\zfkhggn.exe:*:Enabled:pop ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\tlchiil.exe -> C:\Program Files\HP\tlchiil.exe:*:Enabled:pop ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy‚—\\C:\WINDOWS\system32\-200431.exe -> C:\WINDOWS\system32\-200431.exe:*:Enabled:pop ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ ->  ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 

[Files/Folders - Created Within 30 days]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 10/16/2007 9:00:38 PM | Attr =    ]
SDFix.zip -> %SystemDrive%\SDFix.zip ->  [Ver =  | Size = 1346060 bytes | Created Date = 10/16/2007 10:30:09 PM | Attr =    ]
$NtUninstallKB911993-V2$ -> %SystemRoot%\$NtUninstallKB911993-V2$ ->  [Folder | Created Date = 9/21/2007 8:03:48 PM | Attr =  H ]
$NtUninstallKB919880$ -> %SystemRoot%\$NtUninstallKB919880$ ->  [Folder | Created Date = 9/21/2007 8:45:38 PM | Attr =  H ]
$NtUninstallKB922120$ -> %SystemRoot%\$NtUninstallKB922120$ ->  [Folder | Created Date = 10/5/2007 7:11:30 PM | Attr =  H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ ->  [Folder | Created Date = 10/10/2007 10:13:12 PM | Attr =  H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ ->  [Folder | Created Date = 10/10/2007 10:11:30 PM | Attr =  H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ ->  [Folder | Created Date = 10/10/2007 10:09:57 PM | Attr =  H ]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 639 bytes | Created Date = 9/20/2007 10:37:33 PM | Attr =    ]
eDrawingOfficeAutomator.INI -> %SystemRoot%\eDrawingOfficeAutomator.INI ->  [Ver =  | Size = 0 bytes | Created Date = 9/21/2007 8:48:37 PM | Attr =    ]
winshow.exe -> %SystemRoot%\winshow.exe ->  [Ver = 23.03.0020 | Size = 35328 bytes | Created Date = 10/3/2007 11:19:47 PM | Attr =    ]
bocouhkq.ini -> %System32%\bocouhkq.ini ->  [Ver =  | Size = 693721 bytes | Created Date = 10/15/2007 7:30:47 PM | Attr =  HS]
bxsrffnh.exe -> %System32%\bxsrffnh.exe ->   [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/3/2007 6:21:13 PM | Attr =    ]
caqlphka.dll -> %System32%\caqlphka.dll ->  [Ver =  | Size = 69184 bytes | Created Date = 9/30/2007 8:55:30 PM | Attr =    ]
cfnwicad.dll -> %System32%\cfnwicad.dll ->  [Ver =  | Size = 69184 bytes | Created Date = 9/22/2007 4:08:06 AM | Attr =    ]
cvqtiqmy.ini -> %System32%\cvqtiqmy.ini ->  [Ver =  | Size = 693772 bytes | Created Date = 9/29/2007 6:10:11 PM | Attr =  HS]
cxxyvsqv.exe -> %System32%\cxxyvsqv.exe ->   [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/9/2007 4:10:45 PM | Attr =    ]
dvmjoetv.exe -> %System32%\dvmjoetv.exe ->   [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 9/20/2007 10:18:33 PM | Attr =    ]
emdorobt.ini -> %System32%\emdorobt.ini ->  [Ver =  | Size = 693481 bytes | Created Date = 10/8/2007 5:47:34 PM | Attr =  HS]
epqefoto.exe -> %System32%\epqefoto.exe ->   [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/1/2007 5:54:31 PM | Attr =    ]
erfgtpgv.ini -> %System32%\erfgtpgv.ini ->  [Ver =  | Size = 694381 bytes | Created Date = 10/7/2007 8:30:23 AM | Attr =  HS]
evxftikj.exe -> %System32%\evxftikj.exe ->   [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/17/2007 7:56:25 PM | Attr =    ]
fsdgubhf.ini -> %System32%\fsdgubhf.ini ->  [Ver =  | Size = 694312 bytes | Created Date = 10/5/2007 9:34:19 PM | Attr =  HS]
gahucgqj.ini -> %System32%\gahucgqj.ini ->  [Ver =  | Size = 694021 bytes | Created Date = 10/2/2007 6:03:51 PM | Attr =  HS]
ghabwcty.exe -> %System32%\ghabwcty.exe ->  [Ver =  | Size = 4672 bytes | Created Date = 10/16/2007 7:58:45 PM | Attr =    ]
gqorhcce.ini -> %System32%\gqorhcce.ini ->  [Ver =  | Size = 693721 bytes | Created Date = 9/29/2007 5:49:10 PM | Attr =  HS]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Created Date = 9/21/2007 8:13:55 PM | Attr =    ]

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version