Fri Jul 01 2011 08:50:11 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/23/AB3DEF1FC49CB32F0E8E93E988EBA.jpg cache stored in: UPQVMROL/AB3DEF1FC49CB32F0E8E93E988EBA[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "16b5a88f638cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 3159 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 09:14:07 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?pc=8142/13187 cache stored in: UPQVMROL/emily[1].htm - HTTP/1.1 200 OK - Content-Length: 6621 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 09:57:36 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/F4/8E1CE8BD265B47CBBE321FF47E2A1.jpg cache stored in: UPQVMROL/8E1CE8BD265B47CBBE321FF47E2A1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "ab269faf38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4095 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 09:57:47 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/1361550/PID_1666481_K2335_NAS_OM_728x90.jpg cache stored in: UPQVMROL/PID_1666481_K2335_NAS_OM_728x90[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Content-Type-Options: nosniff - Content-Length: 30061 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:08 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/ie6-fixes.css?r=38841 cache stored in: SLK18LSF/ie6-fixes[2].css - HTTP/1.1 200 OK - Content-Length: 1604 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_channels.js?r=38841 cache stored in: YZCXGNW1/tpl_channels[2].js - HTTP/1.1 200 OK - Content-Length: 7834 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_comments.js?r=38841 cache stored in: UPQVMROL/tpl_comments[2].js - HTTP/1.1 200 OK - Content-Length: 3493 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_directory.js?r=38841 cache stored in: YZCXGNW1/tpl_directory[1].js - HTTP/1.1 200 OK - Content-Length: 3164 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_htdocs.js?r=38841 cache stored in: UPQVMROL/tpl_htdocs[1].js - HTTP/1.1 200 OK - Content-Length: 78342 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_player.js?r=38841 cache stored in: YZCXGNW1/tpl_player[2].js - HTTP/1.1 200 OK - Content-Length: 20356 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_shows.js?r=38841 cache stored in: SLK18LSF/tpl_shows[2].js - HTTP/1.1 200 OK - Content-Length: 65677 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:18 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/combined/index.js?r=38841 cache stored in: UPQVMROL/index[2].js - HTTP/1.1 200 OK - Content-Length: 157999 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:29 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/combined/showPage.js?r=38841 cache stored in: QJM5KT6J/showPage[2].js - HTTP/1.1 200 OK - Content-Length: 98741 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:41 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/combined/channels.css?r=38841 cache stored in: QJM5KT6J/channels[1].css - HTTP/1.1 200 OK - Content-Length: 18839 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:42 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/combined/directory.css?r=38841 cache stored in: SLK18LSF/directory[2].css - HTTP/1.1 200 OK - Content-Length: 1954 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:43 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/combined/index.css?r=38841 cache stored in: QJM5KT6J/index[1].css - HTTP/1.1 200 OK - Content-Length: 26185 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 10:08:50 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/combined/shows.css?r=38841 cache stored in: UPQVMROL/shows[2].css - HTTP/1.1 200 OK - Content-Length: 33316 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 11:33:45 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/D8/5BDA7261AAEAD28A63201DFFAC2A4B.jpg cache stored in: YZCXGNW1/5BDA7261AAEAD28A63201DFFAC2A4B[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0e15f691d38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4078 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 11:37:53 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/500/21e/50021ee7fded0de4baf2235b2b688d3ec4d239cc.jpg?url=http://origin.psstatic.podshow.com/images/shows/21849/episodes/286858/large/presspause-us-e.jpg?r=1309545471&width=200&height=112&scheme=1 cache stored in: SLK18LSF/50021ee7fded0de4baf2235b2b688d3ec4d239cc[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 14652 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 11:38:22 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/2e/9f5897c9639ef97fa228d2ecc7575e.css cache stored in: UPQVMROL/9f5897c9639ef97fa228d2ecc7575e[1].css - HTTP/1.1 200 OK - Content-Length: 3520 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/37/b862c6c3329c726208dab3c6f742b8_blue.css cache stored in: UPQVMROL/b862c6c3329c726208dab3c6f742b8_blue[1].css - HTTP/1.1 200 OK - Content-Length: 112836 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/66/40bebb8ac371d6f92b3720e62f3017.css cache stored in: SLK18LSF/40bebb8ac371d6f92b3720e62f3017[1].css - HTTP/1.1 200 OK - Content-Length: 4690 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 11:38:25 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stj.s-msn.com/br/sc/js/50/e2815c7504541e30998dd35159edbb.js cache stored in: QJM5KT6J/e2815c7504541e30998dd35159edbb[1].js - HTTP/1.1 200 OK - Content-Length: 133114 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 12:07:30 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/60/C40C5665D2C06F965D1A6A40B84.jpg cache stored in: QJM5KT6J/C40C5665D2C06F965D1A6A40B84[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0c5c51f2238cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 15098 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 12:56:41 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/TimeZoneInformation 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0A08/2&daba3ff&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C01/2&daba3ff&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/TimeZoneInformation 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0A08/2&daba3ff&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C01/2&daba3ff&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0/LogConf Fri Jul 01 2011 12:56:48 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/15_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:56:52 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:56:55 0 ma.. r/rr-xr-xr-x 0 0 3657-128-13 /WINDOWS/Debug/PASSWD.LOG Fri Jul 01 2011 12:56:56 62 mac. r/rr-xr-xr-x 0 0 10656-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000131.ini 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) EventLog/6005_Info_ (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) EventLog/6009_Info_5.01. - 2600 - Service Pack 3 - Uniprocessor Free (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:56:57 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A}/CupdTime 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A}/CurrVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A}/OldVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A}/OupdTime 0 ma.. r/rr-xr-xr-x 0 0 10402-128-12 /WINDOWS/0.log 62 mac. r/rr-xr-xr-x 0 0 10662-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000132.ini Fri Jul 01 2011 12:57:09 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:57:11 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:57:18 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/15_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:58:12 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1007_Warn_001558286148 - 169.254.125.21 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:58:27 20 m.c. r/rrwxrwxrwx 0 0 11486-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/$WinMgmt.CFG 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_14 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:58:30 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_ALG/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NLA/0000 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) SecurityCenter/1800_Info_ (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Network Location Awareness (NLA) - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Network Location Awareness (NLA) - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_14 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:58:31 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Application Layer Gateway Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Computer Browser - stopped (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Application Layer Gateway Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:58:58 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Print Fri Jul 01 2011 12:59:15 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/100_Info_wuauclt - 528 - - 5 - 01 - 2600 - 5512 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/102_Info_wuaueng.dll - 528 - SUS20ClientDataStore: - 0 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 12:59:16 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:20 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:21 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:24 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:35 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:38 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:43 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_FASTUSERSWITCHINGCOMPATIBILITY/0000 0 macb 0 0 0 10413 [XP Prefetch] (Last run) EXPLORER.EXE-082F38A9.pf - [EXPLORER.EXE] was executed - run count [3]- full path: [C:/WINDOWS/EXPLORER.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/BROWSEUI.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/SHDOCVW.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/CRYPTUI.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/RICHED20.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/CSCUI.DLL - WINDOWS/SYSTEM32/CSCDLL.DLL - WINDOWS/SYSTEM32/THEMEUI.DLL - WINDOWS/SYSTEM32/MSIMG32.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/ACTXPRXY.DLL - WINDOWS/SYSTEM32/SAMLIB.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/MYDOCS.DLL - WINDOWS/SYSTEM32/NETSHELL.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/CREDUI.DLL - WINDOWS/SYSTEM32/DOT3API.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/DOT3DLG.DLL - WINDOWS/SYSTEM32/ONEX.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/EAPPCFG.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/EAPPPRXY.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/MORICONS.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/WINSRV.DLL - WINDOWS/SYSTEM32/SHDOCLC.DLL} (file: /media/sdb1/WINDOWS/Prefetch/EXPLORER.EXE-082F38A9.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) USERINIT.EXE-30B18140.pf - [USERINIT.EXE] was executed - run count [2]- full path: [C:/WINDOWS/SYSTEM32/USERINIT.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL} (file: /media/sdb1/WINDOWS/Prefetch/USERINIT.EXE-30B18140.pf) 84 .a.. r/rr-xr-xr-x 0 0 10507-128-3 /Documents and Settings/malware/Start Menu/Programs/Accessories/Entertainment/desktop.ini 348 .a.. r/rr-xr-xr-x 0 0 10517-128-3 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility/desktop.ini 90 .a.. r/rr-xr-xr-x 0 0 10758-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000071.ini 448 .a.. r/rr-xr-xr-x 0 0 10778-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000073.ini 146 .a.. r/rr-xr-xr-x 0 0 10811-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000080.ini 757 .a.. r/rr-xr-xr-x 0 0 10834-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000088.ini 62 mac. r/rr-xr-xr-x 0 0 11164-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000133.ini 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Fast User Switching Compatibility - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Fast User Switching Compatibility - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 448 .a.. r/rr-xr-xr-x 0 0 4855-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Communications/desktop.ini 757 .a.. r/rr-xr-xr-x 0 0 5514-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/System Tools/desktop.ini 146 .a.. r/rr-xr-xr-x 0 0 5519-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Entertainment/desktop.ini 90 .a.. r/rr-xr-xr-x 0 0 5523-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Accessibility/desktop.ini Fri Jul 01 2011 12:59:44 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SSDPSRV/0000 0 ma.. r/rr-xr-xr-x 0 0 11452-128-3 /ok.txt 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_SSDP Discovery Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_SSDP Discovery Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:45 0 macb 0 0 0 10413 [XP Prefetch] (Last run) FC.EXE-1B9F0926.pf - [FC.EXE] was executed - run count [1]- full path: [C:/WINDOWS/SYSTEM32/FC.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ULIB.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/FC.EXE-1B9F0926.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) FIND.EXE-0EC32F1E.pf - [FIND.EXE] was executed - run count [1]- full path: [C:/WINDOWS/SYSTEM32/FIND.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ULIB.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/FIND.EXE-0EC32F1E.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) WGET.EXE-37D5C025.pf - [WGET.EXE] was executed - run count [2]- full path: [C:/WINDOWS/SYSTEM32/WGET.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/WSOCK32.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/RSAENH.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSWSOCK.DLL - WINDOWS/SYSTEM32/HNETCFG.DLL - WINDOWS/SYSTEM32/WSHTCPIP.DLL - WINDOWS/SYSTEM32/RASADHLP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/WGET.EXE-37D5C025.pf) 0 ma.. r/rr-xr-xr-x 0 0 11165-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000134.exe 0 m... r/rr-xr-xr-x 0 0 11453-128-3 /WINDOWS/system32/sandnet.exe 10124 macb r/rrwxrwxrwx 0 0 11460-128-4 /WINDOWS/Prefetch/WGET.EXE-37D5C025.pf 10944 macb r/rrwxrwxrwx 0 0 11462-128-4 /WINDOWS/Prefetch/FC.EXE-1B9F0926.pf 10888 macb r/rrwxrwxrwx 0 0 11463-128-4 /WINDOWS/Prefetch/FIND.EXE-0EC32F1E.pf Fri Jul 01 2011 12:59:49 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_IMAPISERVICE/0000 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/CD Burning 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Desktop/CleanupWiz 0 macb 0 0 0 10413 [XP Prefetch] (Last run) IMAPI.EXE-0BF740A4.pf - [IMAPI.EXE] was executed - run count [3]- full path: [C:/WINDOWS/SYSTEM32/IMAPI.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/ACTXPRXY.DLL - WINDOWS/SYSTEM32/RSAENH.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/IMAPI.EXE-0BF740A4.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) RUNDLL32.EXE-1BC69D2D.pf - [RUNDLL32.EXE] was executed - run count [1]- full path: [C:/WINDOWS/SYSTEM32/RUNDLL32.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/FLDRCLNR.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/SHDOCVW.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/CRYPTUI.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/RICHED20.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/LINKINFO.DLL - WINDOWS/SYSTEM32/NTSHRUI.DLL - WINDOWS/SYSTEM32/ATL.DLL} (file: /media/sdb1/WINDOWS/Prefetch/RUNDLL32.EXE-1BC69D2D.pf) 18922 macb r/rrwxrwxrwx 0 0 11464-128-4 /WINDOWS/Prefetch/RUNDLL32.EXE-1BC69D2D.pf 87552 .a.. r/rr-xr-xr-x 0 0 2484-128-3 /WINDOWS/system32/fldrclnr.dll 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_IMAPI CD-Burning COM Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_IMAPI CD-Burning COM Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:51 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 12:59:53 13814 mac. r/rrwxrwxrwx 0 0 10586-128-4 /WINDOWS/Prefetch/USERINIT.EXE-30B18140.pf 55850 mac. r/rrwxrwxrwx 0 0 10587-128-4 /WINDOWS/Prefetch/EXPLORER.EXE-082F38A9.pf Fri Jul 01 2011 12:59:55 18480 mac. r/rrwxrwxrwx 0 0 10639-128-4 /WINDOWS/Prefetch/IMAPI.EXE-0BF740A4.pf 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_IMAPI CD-Burning COM Service - stopped (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:00:09 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Print/Providers Fri Jul 01 2011 13:00:44 0 macb 0 0 0 10413 [XP Prefetch] (Last run) WMIADAP.EXE-2DF425B2.pf - [WMIADAP.EXE] was executed - run count [3]- full path: [C:/WINDOWS/SYSTEM32/WBEM/WMIADAP.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCOMN.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/LOADPERF.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/PSAPI.DLL - WINDOWS/SYSTEM32/NTMARTA.DLL - WINDOWS/SYSTEM32/SAMLIB.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/WBEM/WBEMPROX.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/WBEM/WBEMSVC.DLL - WINDOWS/SYSTEM32/WBEM/FASTPROX.DLL - WINDOWS/SYSTEM32/NTDSAPI.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/WMIADAP.EXE-2DF425B2.pf) 97280 .a.. r/rr-xr-xr-x 0 0 2147-128-3 /WINDOWS/system32/loadperf.dll 196608 .a.. r/rr-xr-xr-x 0 0 4899-128-3 /WINDOWS/system32/wbem/wmiadap.exe Fri Jul 01 2011 13:00:45 144896 .a.. r/rr-xr-xr-x 0 0 4910-128-3 /WINDOWS/system32/wbem/wmiprov.dll 0 macb 0 0 0 5544 [WMIprov Log file] (Time Written) Entry in log file: WDM call returned error: 4200 (file: /media/sdb1/WINDOWS/system32/wbem/Logs/wmiprov.log) Fri Jul 01 2011 13:00:46 123904 .a.. r/rr-xr-xr-x 0 0 4877-128-3 /WINDOWS/system32/wbem/mofd.dll Fri Jul 01 2011 13:00:48 187776 .a.. r/rr-xr-xr-x 0 0 3621-128-3 /WINDOWS/system32/drivers/acpi.sys 14208 .a.. r/rr-xr-xr-x 0 0 4838-128-3 /WINDOWS/system32/drivers/battc.sys Fri Jul 01 2011 13:00:49 738 m... r/rr-xr-xr-x 0 0 11465-128-4 /WINDOWS/system32/wbem/Performance/WmiApRpl.h 3160 m.c. r/rrwxrwxrwx 0 0 11491-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING1.MAP Fri Jul 01 2011 13:00:51 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/WmiApRpl/Performance 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/WmiApRpl/Performance 3824 ma.. r/rr-xr-xr-x 0 0 10652-128-4 /WINDOWS/system32/wbem/Performance/WmiApRpl.ini 738 .a.. r/rr-xr-xr-x 0 0 11465-128-4 /WINDOWS/system32/wbem/Performance/WmiApRpl.h 40394 ma.. r/rr-xr-xr-x 0 0 246-128-3 /WINDOWS/system32/perfc009.dat 312172 ma.. r/rr-xr-xr-x 0 0 247-128-3 /WINDOWS/system32/perfh009.dat 56 m... d/dr-xr-xr-x 0 0 29-144-7 /WINDOWS/system32 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) LoadPerf/1000_Info_WmiApRpl - WmiApRpl (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) LoadPerf/1001_Info_WmiApRpl - WmiApRpl (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 356120 ma.. r/rr-xr-xr-x 0 0 4149-128-4 /WINDOWS/system32/PerfStringBackup.INI 264 m... d/dr-xr-xr-x 0 0 5539-144-1 /WINDOWS/system32/wbem/Performance Fri Jul 01 2011 13:00:52 26610 mac. r/rrwxrwxrwx 0 0 10653-128-4 /WINDOWS/Prefetch/WMIADAP.EXE-2DF425B2.pf Fri Jul 01 2011 13:00:57 999424 m.c. r/rrwxrwxrwx 0 0 11488-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/INDEX.BTR 524 m.c. r/rrwxrwxrwx 0 0 11489-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/INDEX.MAP 5300224 m.c. r/rrwxrwxrwx 0 0 11493-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/OBJECTS.DATA 2636 m.c. r/rrwxrwxrwx 0 0 11494-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/OBJECTS.MAP Fri Jul 01 2011 13:00:58 4 m.c. r/rrwxrwxrwx 0 0 11490-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING.VER 3160 m.c. r/rrwxrwxrwx 0 0 11492-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING2.MAP 3160 m... r/rr-xr-xr-x 0 0 5549-128-3 /WINDOWS/system32/wbem/Repository/FS/MAPPING2.MAP Fri Jul 01 2011 13:02:09 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:02:13 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:02:16 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:02:30 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 0 macb 0 0 0 5544 [WMIprov Log file] (Time Written) Entry in log file: WDM call returned error: 4200 (file: /media/sdb1/WINDOWS/system32/wbem/Logs/wmiprov.log) Fri Jul 01 2011 13:02:33 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:02:44 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:02:47 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:03:33 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:03:37 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:03:40 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:03:51 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:03:54 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:04:05 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:04:07 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:04:16 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/101_Info_wuauclt - 528 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/103_Info_wuaueng.dll - 528 - SUS20ClientDataStore: - 0 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 13:06:29 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:36 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:39 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:41 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:42 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:44 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:06:58 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:07:01 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:07:12 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:07:14 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:07:19 0 macb 0 0 0 5544 [WMIprov Log file] (Time Written) Entry in log file: Impersonation failed - Access denied (file: /media/sdb1/WINDOWS/system32/wbem/Logs/wmiprov.log) Fri Jul 01 2011 13:08:02 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:04 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:05 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:08 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:15 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:18 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:30 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:08:32 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:09:35 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:09:38 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:09:40 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:09:49 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:09:52 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:10:03 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:10:06 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:11:29 15360 .a.. r/rr-xr-xr-x 0 0 2747-128-3 /WINDOWS/system32/msisip.dll 90112 .a.. r/rr-xr-xr-x 0 0 3185-128-3 /WINDOWS/system32/wshext.dll Fri Jul 01 2011 13:11:43 383488 .a.. r/rr-xr-xr-x 0 0 3196-128-3 /WINDOWS/system32/wzcdlg.dll 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_14 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:08 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:10 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:11 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:13 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1003_Warn_001558286148 - %23 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:22 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:24 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1003_Warn_001558286148 - %23 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:55 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Tcpip/Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Tcpip/Parameters 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1003_Warn_001558286148 - %1 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:17:58 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1007_Warn_001558286148 - 169.254.125.21 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_14 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:21 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:28 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:29 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4202_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:30 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:31 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:33 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:19:34 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:20:13 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:20:16 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:20:27 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:20:29 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:21:31 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Dhcp/Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Dhcp/Parameters Fri Jul 01 2011 13:21:34 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Dhcp/1007_Warn_001558286148 - 169.254.125.21 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:21:40 0 macb 0 0 0 10413 [XP Prefetch] (Last run) LOGON.SCR-151EFAEA.pf - [LOGON.SCR] was executed - run count [11]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL} (file: /media/sdb1/WINDOWS/Prefetch/LOGON.SCR-151EFAEA.pf) 220672 .a.. r/rr-xr-xr-x 0 0 2163-128-3 /WINDOWS/system32/logon.scr Fri Jul 01 2011 13:21:50 5910 mac. r/rrwxrwxrwx 0 0 11122-128-4 /WINDOWS/Prefetch/LOGON.SCR-151EFAEA.pf Fri Jul 01 2011 13:22:02 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:22:07 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:22:09 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:22:12 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:23:04 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:23:07 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:23:18 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:23:20 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:24:29 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:24:31 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:24:32 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:24:35 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/11_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:26:44 0 macb 0 0 0 10413 [XP Prefetch] (Last run) DEFRAG.EXE-273F131E.pf - [DEFRAG.EXE] was executed - run count [4]- full path: [C:/WINDOWS/SYSTEM32/DEFRAG.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/DFRGRES.DLL - WINDOWS/SYSTEM32/NTMARTA.DLL - WINDOWS/SYSTEM32/SAMLIB.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/DEFRAG.EXE-273F131E.pf) 110178 mac. r/rrwxrwxrwx 0 0 11123-128-3 /WINDOWS/Prefetch/Layout.ini 25088 .a.. r/rr-xr-xr-x 0 0 2158-128-3 /WINDOWS/system32/defrag.exe Fri Jul 01 2011 13:26:45 0 macb 0 0 0 10413 [XP Prefetch] (Last run) DFRGNTFS.EXE-269967DF.pf - [DFRGNTFS.EXE] was executed - run count [4]- full path: [C:/WINDOWS/SYSTEM32/DFRGNTFS.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/VSSAPI.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/DFRGRES.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/WINSTA.DLL} (file: /media/sdb1/WINDOWS/Prefetch/DFRGNTFS.EXE-269967DF.pf) 105472 .a.. r/rr-xr-xr-x 0 0 2161-128-3 /WINDOWS/system32/dfrgntfs.exe 51200 .a.. r/rr-xr-xr-x 0 0 244-128-3 /WINDOWS/system32/dfrgres.dll Fri Jul 01 2011 13:26:51 14988 mac. r/rrwxrwxrwx 0 0 11124-128-4 /WINDOWS/Prefetch/DEFRAG.EXE-273F131E.pf 36214 mac. r/rrwxrwxrwx 0 0 11125-128-4 /WINDOWS/Prefetch/DFRGNTFS.EXE-269967DF.pf Fri Jul 01 2011 13:27:22 416 ...b d/drwxrwxrwx 0 0 11458-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12 536 ...b r/rrwxrwxrwx 0 0 11466-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/rp.log 56 ...b d/drwxrwxrwx 0 0 11468-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot 245760 macb r/rrwxrwxrwx 0 0 11469-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_NTUSER_S-1-5-18 237568 macb r/rrwxrwxrwx 0 0 11470-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_NTUSER_S-1-5-19 8192 macb r/rrwxrwxrwx 0 0 11471-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_USRCLASS_S-1-5-19 237568 macb r/rrwxrwxrwx 0 0 11472-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_NTUSER_S-1-5-20 8192 macb r/rrwxrwxrwx 0 0 11473-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_USRCLASS_S-1-5-20 606208 macb r/rrwxrwxrwx 0 0 11474-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_NTUSER_S-1-5-21-1390067357-343818398-1801674531-1003 8192 macb r/rrwxrwxrwx 0 0 11475-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_USRCLASS_S-1-5-21-1390067357-343818398-1801674531-1003 245760 macb r/rrwxrwxrwx 0 0 11476-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_USER_.DEFAULT 22528 .a.. r/rr-xr-xr-x 0 0 2679-128-3 /WINDOWS/system32/mfcsubs.dll 226304 .a.. r/rr-xr-xr-x 0 0 4930-128-3 /WINDOWS/system32/catsrv.dll 625664 .a.. r/rr-xr-xr-x 0 0 4931-128-3 /WINDOWS/system32/catsrvut.dll Fri Jul 01 2011 13:27:23 40960 macb r/rrwxrwxrwx 0 0 11477-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_MACHINE_SECURITY 9314304 macb r/rrwxrwxrwx 0 0 11478-128-6 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_MACHINE_SOFTWARE 3346432 ...b r/rrwxrwxrwx 0 0 11480-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_MACHINE_SYSTEM Fri Jul 01 2011 13:27:24 16384 macb 16895 0 0 10383 [Restore Point] (Created) Restore point RP12 created - System Checkpoint (file: /media/sdb1/System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}) 23256 m.c. r/rrwxrwxrwx 0 0 10426-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/_filelst.cfg 536 m.c. r/rrwxrwxrwx 0 0 11466-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/rp.log 56 mac. d/drwxrwxrwx 0 0 11468-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot 3346432 mac. r/rrwxrwxrwx 0 0 11480-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_MACHINE_SYSTEM 28672 macb r/rrwxrwxrwx 0 0 11481-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/_REGISTRY_MACHINE_SAM 22512 .a.b r/rrwxrwxrwx 0 0 11482-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/ComDb.Dat 56 macb r/rrwxrwxrwx 0 0 11483-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/domain.txt 248 macb d/drwxrwxrwx 0 0 11485-144-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository 20 .a.b r/rrwxrwxrwx 0 0 11486-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/$WinMgmt.CFG 56 macb d/drwxrwxrwx 0 0 11487-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS 999424 .a.b r/rrwxrwxrwx 0 0 11488-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/INDEX.BTR 524 .a.b r/rrwxrwxrwx 0 0 11489-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/INDEX.MAP 4 .a.b r/rrwxrwxrwx 0 0 11490-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING.VER 3160 .a.b r/rrwxrwxrwx 0 0 11491-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING1.MAP 3160 .a.b r/rrwxrwxrwx 0 0 11492-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/MAPPING2.MAP 5300224 .a.b r/rrwxrwxrwx 0 0 11493-128-4 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/OBJECTS.DATA 2636 .a.b r/rrwxrwxrwx 0 0 11494-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/snapshot/Repository/FS/OBJECTS.MAP 8 macb r/rrwxrwxrwx 0 0 11495-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/RestorePointSize 19569 .ac. r/r--x--x--x 0 0 5762-128-3 /WINDOWS/system32/Restore/filelist.xml Fri Jul 01 2011 13:27:54 0 macb 0 0 0 10413 [XP Prefetch] (Last run) HELPSVC.EXE-2878DDA2.pf - [HELPSVC.EXE] was executed - run count [11]- full path: [C:/WINDOWS/PCHEALTH/HELPCTR/BINARIES/HELPSVC.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/PCHEALTH/HELPCTR/BINARIES/HCAPPRES.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/SXS.DLL - WINDOWS/SYSTEM32/MSXML3.DLL - WINDOWS/SYSTEM32/MSXML3R.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/MLANG.DLL - WINDOWS/SYSTEM32/WBEM/FASTPROX.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCOMN.DLL - WINDOWS/SYSTEM32/NTDSAPI.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/WBEM/WBEMPROX.DLL - WINDOWS/SYSTEM32/WBEM/WBEMSVC.DLL - WINDOWS/SYSTEM32/WBEM/XML/WMI2XML.DLL} (file: /media/sdb1/WINDOWS/Prefetch/HELPSVC.EXE-2878DDA2.pf) 4 .a.. r/rr-xr-xr-x 0 0 11085-128-1 /WINDOWS/pchealth/helpctr/PackageStore/CRC_Disk 3476 .a.. r/rr-xr-xr-x 0 0 11096-128-4 /WINDOWS/pchealth/helpctr/PackageStore/SkuStore.bin 2036 .a.. r/rr-xr-xr-x 0 0 11364-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_237.xml 744448 .a.. r/rr-xr-xr-x 0 0 5771-128-3 /WINDOWS/pchealth/helpctr/binaries/HelpSvc.exe 6656 .a.. r/rr-xr-xr-x 0 0 6261-128-3 /WINDOWS/pchealth/helpctr/binaries/HCAppRes.dll 2435 .a.. r/rr-xr-xr-x 0 0 6575-128-3 /WINDOWS/pchealth/helpctr/Config/dataspec.xml 8738 .a.. r/rr-xr-xr-x 0 0 7515-128-5 /WINDOWS/pchealth/helpctr/Config/Cntstore.bin Fri Jul 01 2011 13:27:55 25600 .a.. r/rr-xr-xr-x 0 0 1015-128-3 /WINDOWS/system32/msvidc32.dll 0 macb 0 0 0 10413 [XP Prefetch] (Last run) WMIPRVSE.EXE-28F301A9.pf - [WMIPRVSE.EXE] was executed - run count [12]- full path: [C:/WINDOWS/SYSTEM32/WBEM/WMIPRVSE.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCOMN.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/WBEM/FASTPROX.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/NTDSAPI.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/NCOBJAPI.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/WBEM/WBEMPROX.DLL - WINDOWS/SYSTEM32/WBEM/WBEMSVC.DLL - WINDOWS/SYSTEM32/WBEM/WMIUTILS.DLL - WINDOWS/SYSTEM32/WBEM/CIMWIN32.DLL - WINDOWS/SYSTEM32/WBEM/FRAMEDYN.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/PSAPI.DLL - WINDOWS/SYSTEM32/ICCVID.DLL - WINDOWS/SYSTEM32/IR32_32.DLL - WINDOWS/SYSTEM32/IYUV_32.DLL - WINDOWS/SYSTEM32/MSRLE32.DLL - WINDOWS/SYSTEM32/MSVIDC32.DLL - WINDOWS/SYSTEM32/MSYUV.DLL - WINDOWS/SYSTEM32/TSBYUV.DLL - WINDOWS/SYSTEM32/IR50_32.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/CFGMGR32.DLL - WINDOWS/SYSTEM32/WMI.DLL - WINDOWS/SYSTEM32/DSKQUOTA.DLL - WINDOWS/SYSTEM32/TRAFFIC.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/SECURITY.DLL - WINDOWS/SYSTEM32/SCHANNEL.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/WBEM/WMIPROV.DLL - WINDOWS/SYSTEM32/WBEM/MOFD.DLL} (file: /media/sdb1/WINDOWS/Prefetch/WMIPRVSE.EXE-28F301A9.pf) 2036 .a.. r/rr-xr-xr-x 0 0 11176-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_27.xml 5424 .a.. r/rr-xr-xr-x 0 0 11177-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_37.xml 2036 .a.. r/rr-xr-xr-x 0 0 11178-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_57.xml 2036 .a.. r/rr-xr-xr-x 0 0 11239-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_87.xml 2036 .a.. r/rr-xr-xr-x 0 0 11240-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_117.xml 2036 .a.. r/rr-xr-xr-x 0 0 11271-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_147.xml 2036 .a.. r/rr-xr-xr-x 0 0 11302-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_177.xml 2036 .a.. r/rr-xr-xr-x 0 0 11333-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_207.xml 8192 .a.. r/rr-xr-xr-x 0 0 1411-128-3 /WINDOWS/system32/tsbyuv.dll 8192 .a.. r/rr-xr-xr-x 0 0 1414-128-3 /WINDOWS/system32/tssoft32.acm 16896 .a.. r/rr-xr-xr-x 0 0 2041-128-3 /WINDOWS/system32/cfgmgr32.dll 92672 .a.. r/rr-xr-xr-x 0 0 2421-128-3 /WINDOWS/system32/dskquota.dll 80384 .a.. r/rr-xr-xr-x 0 0 2534-128-3 /WINDOWS/system32/iccvid.dll 16384 .a.. r/rr-xr-xr-x 0 0 2552-128-3 /WINDOWS/system32/imaadp32.acm 14848 .a.. r/rr-xr-xr-x 0 0 2727-128-3 /WINDOWS/system32/msadp32.acm 11264 .a.. r/rr-xr-xr-x 0 0 2765-128-3 /WINDOWS/system32/msrle32.dll 16896 .a.. r/rr-xr-xr-x 0 0 2787-128-3 /WINDOWS/system32/msyuv.dll 199680 .a.. r/rr-xr-xr-x 0 0 3415-128-3 /WINDOWS/system32/iac25_32.ax 848384 .a.. r/rr-xr-xr-x 0 0 3417-128-3 /WINDOWS/system32/ir41_32.ax 755200 .a.. r/rr-xr-xr-x 0 0 3420-128-3 /WINDOWS/system32/ir50_32.dll 47616 .a.. r/rr-xr-xr-x 0 0 3424-128-3 /WINDOWS/system32/iyuv_32.dll 294912 .a.. r/rr-xr-xr-x 0 0 3447-128-3 /WINDOWS/system32/msh263.drv 290816 .a.. r/rr-xr-xr-x 0 0 3558-128-3 /WINDOWS/system32/l3codeca.acm 294912 .a.. r/rr-xr-xr-x 0 0 3566-128-3 /WINDOWS/system32/msaud32.acm 86016 .a.. r/rr-xr-xr-x 0 0 3578-128-3 /WINDOWS/system32/sl_anet.acm 211 .a.. r/rr-xr-xr-x 0 0 3646-128-3 /boot.ini 1358848 .a.. r/rr-xr-xr-x 0 0 4867-128-3 /WINDOWS/system32/wbem/cimwin32.dll 185344 .a.. r/rr-xr-xr-x 0 0 4871-128-3 /WINDOWS/system32/wbem/framedyn.dll 218112 .a.. r/rr-xr-xr-x 0 0 4912-128-3 /WINDOWS/system32/wbem/wmiprvse.exe 188416 .a.. r/rr-xr-xr-x 0 0 5750-128-3 /WINDOWS/system32/msh261.drv 118784 .a.. r/rr-xr-xr-x 0 0 6191-128-3 /WINDOWS/system32/msg723.acm 199168 .a.. r/rr-xr-xr-x 0 0 671-128-3 /WINDOWS/system32/ir32_32.dll 9216 .a.. r/rr-xr-xr-x 0 0 988-128-3 /WINDOWS/system32/msg711.acm 19968 .a.. r/rr-xr-xr-x 0 0 989-128-3 /WINDOWS/system32/msgsm32.acm Fri Jul 01 2011 13:27:56 42980 m..b r/rr-xr-xr-x 0 0 11496-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_256.xml 31232 .a.. r/rr-xr-xr-x 0 0 1407-128-3 /WINDOWS/system32/traffic.dll 5632 .a.. r/rr-xr-xr-x 0 0 2996-128-3 /WINDOWS/system32/security.dll 231750 .a.. r/rr-xr-xr-x 0 0 3632-128-3 /WINDOWS/repair/setup.log 45568 .a.. r/rr-xr-xr-x 0 0 5099-128-3 /WINDOWS/system32/wbem/xml/wmi2xml.dll Fri Jul 01 2011 13:27:57 600484 m..b r/rr-xr-xr-x 0 0 11126-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_274.xml 1896 ma.b r/rr-xr-xr-x 0 0 11138-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_266.xml 18844 ma.b r/rr-xr-xr-x 0 0 11140-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_270.xml 2054 ma.b r/rr-xr-xr-x 0 0 11145-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_272.xml 1592 ma.b r/rr-xr-xr-x 0 0 11238-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_268.xml 20218 ma.b r/rr-xr-xr-x 0 0 11270-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_264.xml 3652 ma.b r/rr-xr-xr-x 0 0 11301-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_262.xml 50176 ma.b r/rr-xr-xr-x 0 0 11332-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_260.xml 1492 ma.b r/rr-xr-xr-x 0 0 11363-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_258.xml 42980 .a.. r/rr-xr-xr-x 0 0 11496-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_256.xml 2036 ma.b r/rr-xr-xr-x 0 0 11497-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_267.xml Fri Jul 01 2011 13:27:58 600484 .a.. r/rr-xr-xr-x 0 0 11126-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_274.xml 157092 ma.b r/rr-xr-xr-x 0 0 11127-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_276.xml 87390 ma.b r/rr-xr-xr-x 0 0 11128-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_278.xml 316 ma.b r/rr-xr-xr-x 0 0 11129-128-1 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_280.xml 44442 ma.b r/rr-xr-xr-x 0 0 11130-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_282.xml 10374 ma.b r/rr-xr-xr-x 0 0 11131-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_284.xml 9486 ma.. r/rr-xr-xr-x 0 0 11141-128-4 /WINDOWS/pchealth/helpctr/DataColl/history_db.xml 3684 ma.b r/rr-xr-xr-x 0 0 11498-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_277.xml 312 m... d/dr-xr-xr-x 0 0 5769-144-5 /WINDOWS/pchealth/helpctr/DataColl Fri Jul 01 2011 13:28:04 73948 mac. r/rrwxrwxrwx 0 0 7555-128-4 /WINDOWS/Prefetch/HELPSVC.EXE-2878DDA2.pf Fri Jul 01 2011 13:28:05 37104 mac. r/rrwxrwxrwx 0 0 10674-128-4 /WINDOWS/Prefetch/WMIPRVSE.EXE-28F301A9.pf Fri Jul 01 2011 13:36:34 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 30 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_30 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 13:44:34 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/65/7815B21D9A578DAD6365D443B0D6B6.jpg cache stored in: SLK18LSF/7815B21D9A578DAD6365D443B0D6B6[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "206730af2f38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 9167 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 14:01:58 56 mac. d/dr-xr-xr-x 0 0 10383-144-6 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA} 497 macb r/rrwxrwxrwx 0 0 3759-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/fifo.log Fri Jul 01 2011 14:06:34 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 60 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_60 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:09:59 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/4_Warn_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:10:01 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Tcpip/4201_Info_ - Broadcom...Ethernet - Packet Scheduler Miniport (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:14:33 650752 .a.. r/rr-xr-xr-x 0 0 2399-128-3 /WINDOWS/system32/dot3ui.dll Fri Jul 01 2011 14:16:24 7168 .a.. r/rr-xr-xr-x 0 0 1535-128-3 /WINDOWS/system32/wshnetbs.dll 56 m... d/dr-xr-xr-x 0 0 3753-144-5 /WINDOWS/system32/CatRoot2 Fri Jul 01 2011 14:16:44 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Tcpip/Parameters/Interfaces/{D668E008-1573-470A-9346-7741E6261C75} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/{D668E008-1573-470A-9346-7741E6261C75}/Parameters/Tcpip 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Tcpip/Parameters/Interfaces/{D668E008-1573-470A-9346-7741E6261C75} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/{D668E008-1573-470A-9346-7741E6261C75}/Parameters/Tcpip Fri Jul 01 2011 14:16:46 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Network 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Network/{4D36E972-E325-11CE-BFC1-08002BE10318}/{D668E008-1573-470A-9346-7741E6261C75}/Connection 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Network 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Network/{4D36E972-E325-11CE-BFC1-08002BE10318}/{D668E008-1573-470A-9346-7741E6261C75}/Connection 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/SharedAccess/Epoch Fri Jul 01 2011 14:17:01 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 15 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_14 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:20:11 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/F7/7E527F040B5694B10F6F9B92DE95.jpg cache stored in: QJM5KT6J/7E527F040B5694B10F6F9B92DE95[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "08e7ea93438cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 7832 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://variantov.com/pusk.exe cache stored in: UPQVMROL/pusk[1].exe - HTTP/1.1 200 OK - Content-Type: application/octet-stream - Content-Length: 452608 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 14:32:01 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/17_Error_time.windows.com-0x1 - A socket operation was attempted to an unreachable host. (0x80072751) - 30 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) W32Time/29_Error_29 (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:38:35 1527 .a.. r/rr-xr-xr-x 0 0 10498-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Tour Windows XP.lnk 347136 .a.. r/rr-xr-xr-x 0 0 3479-128-3 /WINDOWS/system32/tourstart.exe Fri Jul 01 2011 14:38:36 208896 .a.. r/rr-xr-xr-x 0 0 3398-128-3 /WINDOWS/inf/unregmp2.exe Fri Jul 01 2011 14:38:43 67 .a.. r/rr-xr-xr-x 0 0 10520-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/desktop.ini 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://home.microsoft.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:microsoft.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 122 .a.. r/rr-xr-xr-x 0 0 10592-128-1 /Documents and Settings/malware/Favorites/Desktop.ini 108 ma.b r/rr-xr-xr-x 0 0 5540-128-1 /Documents and Settings/malware/Cookies/malware@microsoft[1].txt Fri Jul 01 2011 14:38:44 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/2e/9f5897c9639ef97fa228d2ecc7575e.css cache stored in: UPQVMROL/9f5897c9639ef97fa228d2ecc7575e[1].css - HTTP/1.1 200 OK - Content-Length: 3520 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/37/b862c6c3329c726208dab3c6f742b8_blue.css cache stored in: UPQVMROL/b862c6c3329c726208dab3c6f742b8_blue[1].css - HTTP/1.1 200 OK - Content-Length: 112836 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/css/66/40bebb8ac371d6f92b3720e62f3017.css cache stored in: SLK18LSF/40bebb8ac371d6f92b3720e62f3017[1].css - HTTP/1.1 200 OK - Content-Length: 4690 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stj.s-msn.com/br/sc/js/jquery/jquery-1.4.2.min.js cache stored in: YZCXGNW1/jquery-1.4.2.min[2].js - HTTP/1.1 200 OK - Content-Length: 72182 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 72182 .a.. r/rr-xr-xr-x 0 0 10770-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/jquery-1.4.2.min[2].js 112836 ma.b r/rr-xr-xr-x 0 0 6828-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/b862c6c3329c726208dab3c6f742b8_blue[1].css 3520 ma.b r/rr-xr-xr-x 0 0 6829-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/9f5897c9639ef97fa228d2ecc7575e[1].css 4690 ma.b r/rr-xr-xr-x 0 0 6830-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/40bebb8ac371d6f92b3720e62f3017[1].css Fri Jul 01 2011 14:38:45 4842 ma.b r/rr-xr-xr-x 0 0 10356-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1db850e671ac9a39751a1482909ea6[1].jpg 7322 ma.b r/rr-xr-xr-x 0 0 10438-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/4378db7471b44dea1c183f006ee3d0[1].gif 9167 ma.b r/rr-xr-xr-x 0 0 10439-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/7815B21D9A578DAD6365D443B0D6B6[1].jpg 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ads1.msn.com/library/dapmsn.js cache stored in: YZCXGNW1/dapmsn[1].js - HTTP/1.1 200 OK - Content-Length: 3877 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://analytics.live.com/Analytics/wlanalytics.js cache stored in: UPQVMROL/wlanalytics[1].js - HTTP/1.1 200 OK - Content-Length: 9288 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://blst.msn.com/as/wea3/i/en-us/law/32.gif cache stored in: SLK18LSF/32[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "083df89b6bac81:0"- - X-Powered-By: ASP.NET - S: BLUMPPSTCA01 - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 895 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/18/41EA2BB896C1D269F946D98D1E31A.jpg cache stored in: QJM5KT6J/41EA2BB896C1D269F946D98D1E31A[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "80fc42806537cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 3775 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/54/76EF7E2C6994B1A2C79DDB1DF450.jpg cache stored in: SLK18LSF/76EF7E2C6994B1A2C79DDB1DF450[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "56ffa123431cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4830 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/60/C40C5665D2C06F965D1A6A40B84.jpg cache stored in: QJM5KT6J/C40C5665D2C06F965D1A6A40B84[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0c5c51f2238cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 15098 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/65/7815B21D9A578DAD6365D443B0D6B6.jpg cache stored in: SLK18LSF/7815B21D9A578DAD6365D443B0D6B6[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "206730af2f38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 9167 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/A1/D72D7743BB3018A939743976971.jpg cache stored in: YZCXGNW1/D72D7743BB3018A939743976971[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "6a999136637cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 2661 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/A3/6ECB5F9A4119F2F7D7B4AF62EC5A.jpg cache stored in: QJM5KT6J/6ECB5F9A4119F2F7D7B4AF62EC5A[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "80c558286637cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 3996 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/B7/EB75D45B8948F72EE451223E95A96.gif cache stored in: QJM5KT6J/EB75D45B8948F72EE451223E95A96[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "80a1bae029c0ca1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 2477 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/E2/37BA92E210D341BFDBF4126422A3D2.gif cache stored in: UPQVMROL/37BA92E210D341BFDBF4126422A3D2[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "ac1668bfc52ca1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 657 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/F7/7E527F040B5694B10F6F9B92DE95.jpg cache stored in: QJM5KT6J/7E527F040B5694B10F6F9B92DE95[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "08e7ea93438cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 7832 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/07/617475cf39bf6f5c0bd6ecb985335c.gif cache stored in: UPQVMROL/617475cf39bf6f5c0bd6ecb985335c[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "0f9486d2298cb1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 48 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/2d/1db850e671ac9a39751a1482909ea6.jpg cache stored in: UPQVMROL/1db850e671ac9a39751a1482909ea6[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0d2e990026cc1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4842 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/f8/614595fba50d96389708a4135776e4.gif cache stored in: YZCXGNW1/614595fba50d96389708a4135776e4[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "8053ca1db891cb1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 43 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/ff/adchoices_gif2.gif cache stored in: UPQVMROL/adchoices_gif2[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "096b38d19cc1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 417 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/icons/BING_websearch_2.jpg cache stored in: SLK18LSF/BING_websearch_2[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0e49dbec5aecb1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4082 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stj.s-msn.com/br/sc/js/50/e2815c7504541e30998dd35159edbb.js cache stored in: QJM5KT6J/e2815c7504541e30998dd35159edbb[1].js - HTTP/1.1 200 OK - Content-Length: 133114 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://www.bing.com/partner/primedns.gif cache stored in: UPQVMROL/primedns[2].gif - HTTP/1.1 200 OK - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:exp.www.msn.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:live.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 4830 ma.b r/rr-xr-xr-x 0 0 10556-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/76EF7E2C6994B1A2C79DDB1DF450[1].jpg 417 ma.b r/rr-xr-xr-x 0 0 10558-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/adchoices_gif2[1].gif 3996 ma.b r/rr-xr-xr-x 0 0 10577-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/6ECB5F9A4119F2F7D7B4AF62EC5A[1].jpg 3775 ma.b r/rr-xr-xr-x 0 0 10580-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/41EA2BB896C1D269F946D98D1E31A[1].jpg 43 .a.. r/rr-xr-xr-x 0 0 10764-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/primedns[2].gif 137 .a.. r/rr-xr-xr-x 0 0 10772-128-1 /Documents and Settings/malware/Cookies/malware@exp.www.msn[1].txt 4082 .a.. r/rr-xr-xr-x 0 0 10773-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/BING_websearch_2[1].jpg 9288 .a.. r/rr-xr-xr-x 0 0 10777-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/wlanalytics[1].js 2477 .a.. r/rr-xr-xr-x 0 0 10782-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/EB75D45B8948F72EE451223E95A96[1].gif 48 .a.. r/rr-xr-xr-x 0 0 10783-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/617475cf39bf6f5c0bd6ecb985335c[1].gif 657 .a.. r/rr-xr-xr-x 0 0 10787-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/37BA92E210D341BFDBF4126422A3D2[1].gif 43 .a.. r/rr-xr-xr-x 0 0 10791-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/614595fba50d96389708a4135776e4[1].gif 94 .a.. r/rr-xr-xr-x 0 0 10805-128-1 /Documents and Settings/malware/Cookies/malware@live[1].txt 133114 ma.b r/rr-xr-xr-x 0 0 6827-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/e2815c7504541e30998dd35159edbb[1].js 2661 ma.b r/rr-xr-xr-x 0 0 6831-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/D72D7743BB3018A939743976971[1].jpg 3877 ma.b r/rr-xr-xr-x 0 0 6832-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/dapmsn[1].js 895 ma.b r/rr-xr-xr-x 0 0 6833-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/32[1].gif 7832 ma.b r/rr-xr-xr-x 0 0 6835-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/7E527F040B5694B10F6F9B92DE95[1].jpg 15098 ma.b r/rr-xr-xr-x 0 0 8483-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/C40C5665D2C06F965D1A6A40B84[1].jpg Fri Jul 01 2011 14:38:46 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1828.1214.tk.100x25/805306726 cache stored in: YZCXGNW1/805306726[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - X-Powered-By: PHP/5.1.6 - P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" - Content-Length: 42 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ads2.msads.net/CIS/43/000/000/000/017/544.jpg cache stored in: UPQVMROL/544[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-AspNet-Version: 4.0.30319 - X-Powered-By: ASP.NET - Content-Length: 16533 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ads2.msads.net/CIS/61/000/000/000/017/003.png cache stored in: QJM5KT6J/003[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-AspNet-Version: 4.0.30319 - X-Powered-By: ASP.NET - Content-Length: 4330 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/23/AB3DEF1FC49CB32F0E8E93E988EBA.jpg cache stored in: UPQVMROL/AB3DEF1FC49CB32F0E8E93E988EBA[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "16b5a88f638cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 3159 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/D8/5BDA7261AAEAD28A63201DFFAC2A4B.jpg cache stored in: YZCXGNW1/5BDA7261AAEAD28A63201DFFAC2A4B[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "0e15f691d38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4078 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/F4/8E1CE8BD265B47CBBE321FF47E2A1.jpg cache stored in: UPQVMROL/8E1CE8BD265B47CBBE321FF47E2A1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - ETag: "ab269faf38cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 4095 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/0c/c57bc2a7d38843d7c4aa8028fc9f82.gif cache stored in: SLK18LSF/c57bc2a7d38843d7c4aa8028fc9f82[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "066dd3aa6bdcb1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 1142 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PN=MSFT&ID=0A9F82A7055868E13BAD83DD015868BB&MUID=0A9F82A7055868E13BAD83DD015868BB&PG=MSNHQ2&AP=1402 cache stored in: YZCXGNW1/ADSAdClient31[1].htm - HTTP/1.1 200 OK - Content-Length: 1046 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PN=MSFT&ID=0A9F82A7055868E13BAD83DD015868BB&MUID=0A9F82A7055868E13BAD83DD015868BB&PG=MSNIF1&AP=1455 cache stored in: SLK18LSF/ADSAdClient31[1].htm - HTTP/1.1 200 OK - Content-Length: 978 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:ad.wsod.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:c.msn.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:msn.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 68 ma.b r/rr-xr-xr-x 0 0 10574-128-1 /Documents and Settings/malware/Cookies/malware@c.msn[2].txt 42 ma.b r/rr-xr-xr-x 0 0 10582-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/805306726[1].gif 583 ma.. r/rr-xr-xr-x 0 0 10588-128-1 /Documents and Settings/malware/Cookies/malware@msn[1].txt 3159 ma.b r/rr-xr-xr-x 0 0 10603-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/AB3DEF1FC49CB32F0E8E93E988EBA[1].jpg 4078 ma.b r/rr-xr-xr-x 0 0 10604-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5BDA7261AAEAD28A63201DFFAC2A4B[1].jpg 1046 ma.b r/rr-xr-xr-x 0 0 10605-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ADSAdClient31[1].htm 1142 ma.b r/rr-xr-xr-x 0 0 10618-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/c57bc2a7d38843d7c4aa8028fc9f82[1].gif 4095 ma.b r/rr-xr-xr-x 0 0 10619-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/8E1CE8BD265B47CBBE321FF47E2A1[1].jpg 978 ma.b r/rr-xr-xr-x 0 0 10620-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ADSAdClient31[1].htm 4330 ma.b r/rr-xr-xr-x 0 0 10621-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/003[1].png 16533 ma.b r/rr-xr-xr-x 0 0 10622-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/544[1].jpg 176 ma.b r/rr-xr-xr-x 0 0 10625-128-1 /Documents and Settings/malware/Cookies/malware@ad.wsod[2].txt 42 m..b r/rr-xr-xr-x 0 0 10626-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/pixel[1].gif Fri Jul 01 2011 14:38:47 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PN=MSFT&ID=0A9F82A7055868E13BAD83DD015868BB&MUID=0A9F82A7055868E13BAD83DD015868BB&PG=MSNREC&AP=1089 cache stored in: QJM5KT6J/ADSAdClient31[1].htm - HTTP/1.1 200 OK - Content-Length: 5200 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://api.bing.com/qsonhs.aspx?form=MSN005&q= cache stored in: YZCXGNW1/qsonhs[1].aspx - HTTP/1.1 200 OK - Content-Length: 35 - Content-Type: application/json_ charset=utf-8 - X-Akamai-TestID: 6ef8e433668e41d8bb73e8fca6cd23d2 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stb.s-msn.com/i/86/9934D0635AD244E5FA684B7B8CBD0.gif cache stored in: QJM5KT6J/9934D0635AD244E5FA684B7B8CBD0[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "67c14931217cc1:0"- "" - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 7582 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stj.s-msn.com/br/sc/js/1c/4a0253de6eac448d8f2c39c53f8926.js cache stored in: SLK18LSF/4a0253de6eac448d8f2c39c53f8926[2].js - HTTP/1.1 200 OK - Content-Length: 554 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stj.s-msn.com/br/sc/js/1c/899538en_msn.js cache stored in: UPQVMROL/899538en_msn[1].js - HTTP/1.1 200 OK - Content-Length: 14512 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:www.bing.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:www.msn.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 5200 ma.b r/rr-xr-xr-x 0 0 10627-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ADSAdClient31[1].htm 14512 ma.b r/rr-xr-xr-x 0 0 10629-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/899538en_msn[1].js 35 ma.b r/rr-xr-xr-x 0 0 10630-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/qsonhs[1].aspx 110 ma.b r/rr-xr-xr-x 0 0 10631-128-1 /Documents and Settings/malware/Cookies/malware@www.bing[1].txt 190 ...b r/rr-xr-xr-x 0 0 10634-128-1 /Documents and Settings/malware/Cookies/malware@bing[1].txt 188 ma.. r/rr-xr-xr-x 0 0 10635-128-1 /Documents and Settings/malware/Cookies/malware@www.msn[1].txt 7582 ma.b r/rr-xr-xr-x 0 0 10636-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/9934D0635AD244E5FA684B7B8CBD0[1].gif 554 ma.b r/rr-xr-xr-x 0 0 10637-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4a0253de6eac448d8f2c39c53f8926[2].js 19882 ...b r/rr-xr-xr-x 0 0 5542-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/894[1].jpg Fri Jul 01 2011 14:38:48 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011070120110702 496 m... d/drwxrwxrwx 0 0 10463-144-1 /Documents and Settings/malware/Local Settings/History/History.IE5 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://a.ads2.msads.net/CIS/48/000/000/000/016/894.jpg cache stored in: UPQVMROL/894[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-AspNet-Version: 4.0.30319 - X-Powered-By: ASP.NET - Content-Length: 19882 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://analytics.live.com/Sync.html?V=3525&AQNT=1 cache stored in: YZCXGNW1/Sync[1].htm - HTTP/1.1 200 OK - Content-Length: 607 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://analytics.msn.com/Include.html cache stored in: YZCXGNW1/Include[1].htm - HTTP/1.1 200 OK - Content-Length: 464 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://col.stc.s-msn.com/br/sc/i/76/4378db7471b44dea1c183f006ee3d0.gif cache stored in: YZCXGNW1/4378db7471b44dea1c183f006ee3d0[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - ETag: "052428bbd36cc1:0"- - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 7322 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.msn.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:bing.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 113 .a.. r/rr-xr-xr-x 0 0 10568-128-1 /Documents and Settings/malware/Local Settings/History/desktop.ini 152 m..b d/drwxrwxrwx 0 0 10632-144-1 /Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702 190 ma.. r/rr-xr-xr-x 0 0 10634-128-1 /Documents and Settings/malware/Cookies/malware@bing[1].txt 0 macb 0 0 0 10638 [Internet Explorer] (Last Access) User: malware URL::Host: www.msn.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702/index.dat) 0 macb 0 0 0 10638 [Internet Explorer] (Last Access) User: malware URL:http://www.msn.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702/index.dat) 32768 .a.b r/rr-xr-xr-x 0 0 10638-128-3 /Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702/index.dat 607 ma.. r/rr-xr-xr-x 0 0 10641-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Sync[1].htm 1988 m..b r/rr-xr-xr-x 0 0 10642-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/wlHelper[1].js 1340 m..b r/rr-xr-xr-x 0 0 10644-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/wlHelper[3].js 19882 ma.. r/rr-xr-xr-x 0 0 5542-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/894[1].jpg Fri Jul 01 2011 14:38:51 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://analytics.atdmt.com/Scripts/wlHelper.js?i=MUID cache stored in: QJM5KT6J/wlHelper[3].js - HTTP/1.1 200 OK - Content-Length: 1340 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://analytics.live.com/Scripts/wlHelper.js?i=ANID cache stored in: SLK18LSF/wlHelper[1].js - HTTP/1.1 200 OK - Content-Type: application/x-javascript_ charset=utf-8 - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET - P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - Content-Length: 1988 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 1988 .a.. r/rr-xr-xr-x 0 0 10642-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/wlHelper[1].js 1340 .a.. r/rr-xr-xr-x 0 0 10644-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/wlHelper[3].js 464 .a.. r/rr-xr-xr-x 0 0 10809-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Include[1].htm Fri Jul 01 2011 14:38:54 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/UserAssist/{5E6AB780-7743-11CF-A12B-00AA004AE837}/Count Fri Jul 01 2011 14:39:00 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/UsbFlags 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/UsbFlags/13fe1d200100 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/Vid_13fe&Pid_1d20 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/UsbFlags 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/UsbFlags/13fe1d200100 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/Vid_13fe&Pid_1d20 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A/LogConf 0 macb 0 0 0 10413 [XP Prefetch] (Last run) RUNDLL32.EXE-1B220F9A.pf - [RUNDLL32.EXE] was executed - run count [1]- full path: [C:/WINDOWS/SYSTEM32/RUNDLL32.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/NEWDEV.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/CREDUI.DLL} (file: /media/sdb1/WINDOWS/Prefetch/RUNDLL32.EXE-1B220F9A.pf) 247808 .a.. r/rr-xr-xr-x 0 0 2825-128-3 /WINDOWS/system32/newdev.dll Fri Jul 01 2011 14:39:02 8 .a.. r/rr-xr-xr-x 0 0 3771-128-1 /WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}/TimeStamp 8 .a.. r/rr-xr-xr-x 0 0 3772-128-1 /WINDOWS/system32/CatRoot/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}/TimeStamp Fri Jul 01 2011 14:39:03 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{36FC9E60-C465-11CF-8056-444553540000} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{36FC9E60-C465-11CF-8056-444553540000}/0012 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed}/##?#USB#Vid_13fe&Pid_1d20#077403946E3A#{a5dcbf10-6530-11d2-901f-00c04fb951ed} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed}/##?#USB#Vid_13fe&Pid_1d20#077403946E3A#{a5dcbf10-6530-11d2-901f-00c04fb951ed}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/USBSTOR 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{36FC9E60-C465-11CF-8056-444553540000} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{36FC9E60-C465-11CF-8056-444553540000}/0012 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed}/##?#USB#Vid_13fe&Pid_1d20#077403946E3A#{a5dcbf10-6530-11d2-901f-00c04fb951ed} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{a5dcbf10-6530-11d2-901f-00c04fb951ed}/##?#USB#Vid_13fe&Pid_1d20#077403946E3A#{a5dcbf10-6530-11d2-901f-00c04fb951ed}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/USBSTOR 26368 .a.. r/rr-xr-xr-x 0 0 10678-128-3 /WINDOWS/system32/drivers/USBSTOR.SYS Fri Jul 01 2011 14:39:05 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#Disk&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#Disk&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/STORAGE/RemovableMedia 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/STORAGE/RemovableMedia/7&311e3236&0&RM/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/Device Parameters/MediaChangeNotification 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#Disk&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#Disk&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/STORAGE/RemovableMedia 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/STORAGE/RemovableMedia/7&311e3236&0&RM/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/Vid_13fe&Pid_1d20/077403946E3A/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/Device Parameters/MediaChangeNotification 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/LogConf 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/LogConf Fri Jul 01 2011 14:39:06 74752 .a.. r/rr-xr-xr-x 0 0 3906-128-3 /WINDOWS/system32/storprop.dll Fri Jul 01 2011 14:39:08 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E967-E325-11CE-BFC1-08002BE10318} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E967-E325-11CE-BFC1-08002BE10318}/0003 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_FASTFAT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E967-E325-11CE-BFC1-08002BE10318} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E967-E325-11CE-BFC1-08002BE10318}/0003 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_FASTFAT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/Disk&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&0/Device Parameters 143744 .a.. r/rr-xr-xr-x 0 0 1934-128-3 /WINDOWS/system32/drivers/fastfat.sys Fri Jul 01 2011 14:39:09 1048520 ...b r/rrwxrwxrwx 0 0 10633-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.1 1048472 ...b r/rrwxrwxrwx 0 0 10648-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.3 109652 ...b r/rrwxrwxrwx 0 0 11162-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.2 83990 ...b r/rrwxrwxrwx 0 0 11179-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log 8480 ma.. r/rr-xr-xr-x 0 0 3871-128-3 /WINDOWS/inf/flpydisk.PNF Fri Jul 01 2011 14:39:10 13216 macb r/rrwxrwxrwx 0 0 10645-128-4 /WINDOWS/Prefetch/RUNDLL32.EXE-1B220F9A.pf Fri Jul 01 2011 14:39:11 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E980-E325-11CE-BFC1-08002BE10318} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E980-E325-11CE-BFC1-08002BE10318} Fri Jul 01 2011 14:39:12 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E980-E325-11CE-BFC1-08002BE10318}/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f56311-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/Device Parameters/MediaChangeNotification 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Sfloppy 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E980-E325-11CE-BFC1-08002BE10318}/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f56311-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/##?#USBSTOR#SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP#077403946E3A&1#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USBSTOR/SFloppy&Ven_&Prod_Secure_Guard&Rev_PMAP/077403946E3A&1/Device Parameters/MediaChangeNotification 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Sfloppy 0 m... 0 0 0 0 REG_System_system/MountedDevices 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/{8adc8c6b-a42a-11e0-9a12-001558286148} 11392 .a.. r/rr-xr-xr-x 0 0 1923-128-3 /WINDOWS/system32/drivers/sfloppy.sys Fri Jul 01 2011 14:39:14 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{71A27CDD-812A-11D0-BEC7-08002BE2092F} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{71A27CDD-812A-11D0-BEC7-08002BE2092F}/0003 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/STORAGE/RemovableMedia/7&311e3236&0&RM 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{71A27CDD-812A-11D0-BEC7-08002BE2092F} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{71A27CDD-812A-11D0-BEC7-08002BE2092F}/0003 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/STORAGE/RemovableMedia/7&311e3236&0&RM 990208 .a.. r/rr-xr-xr-x 0 0 2125-128-3 /WINDOWS/system32/syssetup.dll Fri Jul 01 2011 14:39:15 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#RemovableMedia#7&311e3236&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 271475 ma.. r/rr-xr-xr-x 0 0 3735-128-3 /WINDOWS/setupapi.log Fri Jul 01 2011 14:39:17 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/{8adc8c6a-a42a-11e0-9a12-001558286148}/shell 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/{8adc8c6a-a42a-11e0-9a12-001558286148}/shell/Autoplay 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/{8adc8c6a-a42a-11e0-9a12-001558286148}/shell/Autoplay/DropTarget 0 macb 0 0 0 10413 [XP Prefetch] (Last run) RUNDLL32.EXE-451FC2C0.pf - [RUNDLL32.EXE] was executed - run count [6]- full path: [C:/WINDOWS/SYSTEM32/RUNDLL32.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/RUNDLL32.EXE-451FC2C0.pf) 10952 mac. r/rrwxrwxrwx 0 0 10682-128-4 /WINDOWS/Prefetch/RUNDLL32.EXE-451FC2C0.pf 33280 .a.. r/rr-xr-xr-x 0 0 2123-128-3 /WINDOWS/system32/rundll32.exe Fri Jul 01 2011 14:39:21 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/{8adc8c6a-a42a-11e0-9a12-001558286148} Fri Jul 01 2011 14:39:29 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Streams/1 Fri Jul 01 2011 14:39:34 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/StreamMRU 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Streams 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Streams/6 Fri Jul 01 2011 14:39:35 338432 .a.. r/rr-xr-xr-x 0 0 3254-128-3 /WINDOWS/system32/zipfldr.dll Fri Jul 01 2011 14:39:53 56 .a.. d/dr-xr-xr-x 0 0 10360-144-6 /Documents and Settings/LocalService 0 macb 0 0 0 10413 [XP Prefetch] (Last run) DOCUMENT.EXE-1502F88B.pf - [DOCUMENT.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/VERSION.DLL} (file: /media/sdb1/WINDOWS/Prefetch/DOCUMENT.EXE-1502F88B.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) SVCHOST.EXE-3530F672.pf - [SVCHOST.EXE] was executed - run count [3]- full path: [C:/WINDOWS/SYSTEM32/SVCHOST.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/WSOCK32.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/RASAPI32.DLL - WINDOWS/SYSTEM32/RASMAN.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/TAPI32.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/SENSAPI.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/MSWSOCK.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/WEBCLNT.DLL - WINDOWS/SYSTEM32/REGSVC.DLL - WINDOWS/SYSTEM32/SCHEDSVC.DLL - WINDOWS/SYSTEM32/WKSSVC.DLL - WINDOWS/SYSTEM32/CRYPTSVC.DLL - WINDOWS/SYSTEM32/CERTCLI.DLL - WINDOWS/SYSTEM32/WUAUSERV.DLL - WINDOWS/SYSTEM32/WBEM/WMISVC.DLL - WINDOWS/SYSTEM32/DSSENH.DLL - WINDOWS/SYSTEM32/VSSAPI.DLL - WINDOWS/SYSTEM32/WUAUENG.DLL - WINDOWS/SYSTEM32/ADVPACK.DLL - WINDOWS/SYSTEM32/CABINET.DLL - WINDOWS/SYSTEM32/MSPATCHA.DLL - WINDOWS/SYSTEM32/SFC.DLL - WINDOWS/SYSTEM32/SFC_OS.DLL - WINDOWS/SYSTEM32/SHFOLDER.DLL - WINDOWS/SYSTEM32/WINHTTP.DLL - WINDOWS/SYSTEM32/W32TIME.DLL - WINDOWS/SYSTEM32/TRKWKS.DLL - WINDOWS/SYSTEM32/ES.DLL - WINDOWS/SYSTEM32/SRSVC.DLL - WINDOWS/SYSTEM32/POWRPROF.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/NTMARTA.DLL - WINDOWS/SYSTEM32/SECLOGON.DLL - WINDOWS/SYSTEM32/NETMAN.DLL - WINDOWS/SYSTEM32/NETSHELL.DLL - WINDOWS/SYSTEM32/CREDUI.DLL - WINDOWS/SYSTEM32/DOT3DLG.DLL - WINDOWS/SYSTEM32/ONEX.DLL - WINDOWS/SYSTEM32/EAPPCFG.DLL - WINDOWS/SYSTEM32/EAPPPRXY.DLL - WINDOWS/SYSTEM32/WZCSAPI.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/HNETCFG.DLL - WINDOWS/SYSTEM32/WSHTCPIP.DLL - WINDOWS/SYSTEM32/SRVSVC.DLL - WINDOWS/SYSTEM32/NETMSG.DLL - WINDOWS/PCHEALTH/HELPCTR/BINARIES/PCHSVC.DLL - WINDOWS/SYSTEM32/MSXML3.DLL - WINDOWS/SYSTEM32/MSXML3R.DLL - WINDOWS/SYSTEM32/ERSVC.DLL - WINDOWS/SYSTEM32/WSCSVC.DLL - WINDOWS/SYSTEM32/MSI.DLL - WINDOWS/SYSTEM32/IPNATHLP.DLL - WINDOWS/SYSTEM32/AUTHZ.DLL - WINDOWS/SYSTEM32/SENS.DLL - WINDOWS/SYSTEM32/WBEM/WBEMPROX.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCOMN.DLL - WINDOWS/SYSTEM32/BROWSER.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCORE.DLL - WINDOWS/SYSTEM32/WBEM/ESSCLI.DLL - WINDOWS/SYSTEM32/WBEM/FASTPROX.DLL - WINDOWS/SYSTEM32/SENSCFG.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/WBEM/WBEMSVC.DLL - WINDOWS/SYSTEM32/SXS.DLL - WINDOWS/SYSTEM32/COMSVCS.DLL - WINDOWS/SYSTEM32/COLBACT.DLL - WINDOWS/SYSTEM32/MTXCLU.DLL - WINDOWS/SYSTEM32/CLUSAPI.DLL - WINDOWS/SYSTEM32/RESUTILS.DLL} (file: /media/sdb1/WINDOWS/Prefetch/SVCHOST.EXE-3530F672.pf) 10468 macb r/rrwxrwxrwx 0 0 10647-128-4 /WINDOWS/Prefetch/DOCUMENT.EXE-1502F88B.pf Fri Jul 01 2011 14:39:58 452608 ...b r/rr-xr-xr-x 0 0 10646-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/pusk[1].exe Fri Jul 01 2011 14:40:03 48206 mac. r/rrwxrwxrwx 0 0 10428-128-4 /WINDOWS/Prefetch/SVCHOST.EXE-3530F672.pf Fri Jul 01 2011 14:41:02 3153920 ma.. r/rr-xr-xr-x 0 0 3768-128-3 /WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}/catdb Fri Jul 01 2011 14:42:26 78 .a.. r/rr-xr-xr-x 0 0 10548-128-1 /Documents and Settings/malware/My Documents/desktop.ini Fri Jul 01 2011 14:42:29 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/BagMRU/3 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/Bags 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/Bags/1/Shell 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/Bags/11 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/DUIBags/ShellFolders 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/DUIBags/ShellFolders/{450D8FBA-AD25-11D0-98A8-0800361B1103} 185 .a.. r/rr-xr-xr-x 0 0 10550-128-1 /Documents and Settings/malware/My Documents/My Pictures/Desktop.ini 183 .a.. r/rr-xr-xr-x 0 0 10553-128-1 /Documents and Settings/malware/My Documents/My Music/Desktop.ini Fri Jul 01 2011 14:42:32 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/Bags/11/Shell Fri Jul 01 2011 14:42:44 555 .a.. r/rr-xr-xr-x 0 0 11075-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools/Command Shell.lnk 555 .a.. r/rrwxrwxrwx 0 0 11151-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000122.lnk Fri Jul 01 2011 14:42:48 84 .a.. r/rr-xr-xr-x 0 0 10495-128-3 /Documents and Settings/malware/Start Menu/Programs/Startup/desktop.ini 1599 .a.. r/rr-xr-xr-x 0 0 10496-128-4 /Documents and Settings/malware/Start Menu/Programs/Remote Assistance.lnk 376 .a.. r/rr-xr-xr-x 0 0 10499-128-3 /Documents and Settings/malware/Start Menu/Programs/Messenger Center.lnk 382 .a.. r/rr-xr-xr-x 0 0 10500-128-3 /Documents and Settings/malware/Start Menu/Programs/Media Player Center.lnk 234 .a.. r/rr-xr-xr-x 0 0 10501-128-3 /Documents and Settings/malware/Start Menu/Programs/desktop.ini 792 .a.. r/rr-xr-xr-x 0 0 10505-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows Media Player.lnk 542 .a.. r/rr-xr-xr-x 0 0 10508-128-3 /Documents and Settings/malware/Start Menu/Programs/Accessories/desktop.ini 767 .a.. r/rr-xr-xr-x 0 0 10565-128-4 /Documents and Settings/malware/Start Menu/Programs/Internet Explorer.lnk 738 .a.. r/rr-xr-xr-x 0 0 10576-128-4 /Documents and Settings/malware/Start Menu/Programs/Outlook Express.lnk 294 .a.. r/rr-xr-xr-x 0 0 10683-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000069.ini 265 .a.. r/rr-xr-xr-x 0 0 10808-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000079.ini 545 .a.. r/rr-xr-xr-x 0 0 10847-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000100.ini 150 .a.. r/rr-xr-xr-x 0 0 10853-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000105.ini 798 .a.. r/rr-xr-xr-x 0 0 10855-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000106.ini 1986 .a.. r/rrwxrwxrwx 0 0 11139-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000118.lnk 84 .a.. r/rr-xr-xr-x 0 0 11147-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000119.ini 609 .a.. r/rrwxrwxrwx 0 0 11148-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000120.lnk 786 .a.. r/rrwxrwxrwx 0 0 11149-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000121.lnk 1607 .a.. r/rrwxrwxrwx 0 0 11154-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000125.lnk 398 .a.. r/rrwxrwxrwx 0 0 11155-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000126.lnk 1507 .a.. r/rrwxrwxrwx 0 0 11156-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000127.lnk 294 .a.. r/rr-xr-xr-x 0 0 3844-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/desktop.ini 150 .a.. r/rr-xr-xr-x 0 0 3846-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/desktop.ini 84 .a.. r/rr-xr-xr-x 0 0 3848-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Startup/desktop.ini 265 .a.. r/rr-xr-xr-x 0 0 5488-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/desktop.ini 1986 .a.. r/rr-xr-xr-x 0 0 5494-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/MSN.lnk 545 .a.. r/rr-xr-xr-x 0 0 5502-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Administrative Tools/desktop.ini 798 .a.. r/rr-xr-xr-x 0 0 5526-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Games/desktop.ini 609 .a.. r/rr-xr-xr-x 0 0 5537-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Messenger.lnk 786 .a.. r/rr-xr-xr-x 0 0 6549-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Movie Maker.lnk 1507 .a.. r/rr-xr-xr-x 0 0 7591-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Windows Update.lnk 398 .a.. r/rr-xr-xr-x 0 0 7592-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Windows Catalog.lnk 1607 .a.. r/rr-xr-xr-x 0 0 7594-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Set Program Access and Defaults.lnk Fri Jul 01 2011 14:44:11 0 macb 0 0 0 10413 [XP Prefetch] (Last run) TASKMGR.EXE-20256C55.pf - [TASKMGR.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/VDMDBG.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/UTILDLL.DLL - WINDOWS/SYSTEM32/TAPI32.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/TASKMGR.EXE-20256C55.pf) 25600 .a.. r/rr-xr-xr-x 0 0 1433-128-3 /WINDOWS/system32/utildll.dll 26112 .a.. r/rr-xr-xr-x 0 0 3144-128-3 /WINDOWS/system32/vdmdbg.dll Fri Jul 01 2011 14:44:21 15094 macb r/rrwxrwxrwx 0 0 10649-128-4 /WINDOWS/Prefetch/TASKMGR.EXE-20256C55.pf Fri Jul 01 2011 14:44:25 135680 .a.. r/rr-xr-xr-x 0 0 3086-128-3 /WINDOWS/system32/taskmgr.exe Fri Jul 01 2011 14:45:18 0 macb 0 0 0 10413 [XP Prefetch] (Last run) PUSK.EXE-0C3E2A63.pf - [PUSK.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/OLE32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/PUSK.EXE-0C3E2A63.pf) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://variantov.com/pusk.exe cache stored in: UPQVMROL/pusk[1].exe - HTTP/1.1 200 OK - Content-Type: application/octet-stream - Content-Length: 452608 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 452608 ma.. r/rr-xr-xr-x 0 0 10646-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/pusk[1].exe 452608 m... r/rr-xr-xr-x 0 0 10650-128-4 /Documents and Settings/All Users/Application Data/VDPLtsHLVdsd.exe 62 .a.. r/rr-xr-xr-x 0 0 3853-128-1 /Documents and Settings/All Users/Documents/desktop.ini Fri Jul 01 2011 14:45:22 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies/System 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Run 0 macb 0 0 0 10413 [XP Prefetch] (Last run) VDPLTSHLVDSD.EXE-134109E4.pf - [VDPLTSHLVDSD.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/OLE32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/VDPLTSHLVDSD.EXE-134109E4.pf) 452608 ...b r/rr-xr-xr-x 0 0 10650-128-4 /Documents and Settings/All Users/Application Data/VDPLtsHLVdsd.exe Fri Jul 01 2011 14:45:23 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/Download 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies/Associations 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies/Attachments 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://findlate.org/404.php?type=stats&affid=531&subid=01&awok cache stored in: YZCXGNW1/404[1].htm - HTTP/1.1 200 OK - Content-Type: text/html - Transfer-Encoding: chunked - X-Powered-By: PHP/5.2.10 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 ma.b r/rr-xr-xr-x 0 0 10651-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/404[1].htm Fri Jul 01 2011 14:45:24 299008 ...b r/rr-xr-xr-x 0 0 10654-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/531-direct[1] Fri Jul 01 2011 14:45:28 12538 macb r/rrwxrwxrwx 0 0 10658-128-4 /WINDOWS/Prefetch/PUSK.EXE-0C3E2A63.pf Fri Jul 01 2011 14:45:32 11364 macb r/rrwxrwxrwx 0 0 10660-128-4 /WINDOWS/Prefetch/VDPLTSHLVDSD.EXE-134109E4.pf Fri Jul 01 2011 14:45:40 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://finddelicate.org/pica1/531-direct cache stored in: SLK18LSF/531-direct[1] - HTTP/1.1 200 OK - Content-Type: application/octet-stream - Content-Length: 299008 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 299008 ma.. r/rr-xr-xr-x 0 0 10654-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/531-direct[1] Fri Jul 01 2011 14:45:41 0 macb 0 0 0 10413 [XP Prefetch] (Last run) ADOBE_FLASH_PLAYER.EXE-22950765.pf - [ADOBE_FLASH_PLAYER.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/APPHELP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/ADOBE_FLASH_PLAYER.EXE-22950765.pf) 0 macb 0 0 0 10413 [XP Prefetch] (Last run) JAVAW.EXE-2B5AE019.pf - [JAVAW.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL} (file: /media/sdb1/WINDOWS/Prefetch/JAVAW.EXE-2B5AE019.pf) 16250 macb r/rrwxrwxrwx 0 0 10663-128-4 /WINDOWS/Prefetch/ADOBE_FLASH_PLAYER.EXE-22950765.pf Fri Jul 01 2011 14:45:51 7730 macb r/rrwxrwxrwx 0 0 10675-128-4 /WINDOWS/Prefetch/JAVAW.EXE-2B5AE019.pf Fri Jul 01 2011 14:47:07 64281 ma.. r/rr-xr-xr-x 0 0 5556-128-3 /WINDOWS/system32/wbem/Logs/wbemcore.log Fri Jul 01 2011 14:48:27 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/User Shell Folders 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/User Shell Folders/New 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies/ActiveDesktop 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Cached 0 macb 0 0 0 10413 [XP Prefetch] (Last run) VERCLSID.EXE-3667BD89.pf - [VERCLSID.EXE] was executed - run count [18]- full path: [C:/WINDOWS/SYSTEM32/VERCLSID.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHDOCVW.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/CRYPTUI.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/RICHED20.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/ZIPFLDR.DLL - WINDOWS/SYSTEM32/NETSHELL.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/CREDUI.DLL - WINDOWS/SYSTEM32/DOT3API.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/DOT3DLG.DLL - WINDOWS/SYSTEM32/ONEX.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/EAPPCFG.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/EAPPPRXY.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/VERCLSID.EXE-3667BD89.pf) 150 .ac. r/rr-xr-xr-x 0 0 10591-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000068.ini 17802 mac. r/rrwxrwxrwx 0 0 10615-128-4 /WINDOWS/Prefetch/VERCLSID.EXE-3667BD89.pf 150 m..b r/rr-xr-xr-x 0 0 10676-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000135.ini 312 ...b d/dr-xr-xr-x 0 0 10679-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp 56 ...b d/dr-xr-xr-x 0 0 10681-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1 56 ...b d/dr-xr-xr-x 0 0 10686-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs 56 ...b d/dr-xr-xr-x 0 0 10754-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories 400 m..b d/dr-xr-xr-x 0 0 10756-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Accessibility 56 ...b d/dr-xr-xr-x 0 0 10765-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Communications 294 ..c. r/rr-xr-xr-x 0 0 3844-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/desktop.ini 448 ..c. r/rr-xr-xr-x 0 0 4855-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Communications/desktop.ini 48 m... d/d--x--x--x 0 0 5521-144-1 /Documents and Settings/All Users/Start Menu/Programs/Accessories/Accessibility 90 ..c. r/rr-xr-xr-x 0 0 5523-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Accessibility/desktop.ini Fri Jul 01 2011 14:48:28 56 m... d/dr-xr-xr-x 0 0 10754-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories 56 m... d/dr-xr-xr-x 0 0 10765-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Communications 56 m..b d/dr-xr-xr-x 0 0 10810-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Entertainment 56 m..b d/dr-xr-xr-x 0 0 10830-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/System Tools 56 ...b d/dr-xr-xr-x 0 0 10843-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Administrative Tools 56 m... d/d--x--x--x 0 0 4852-144-6 /Documents and Settings/All Users/Start Menu/Programs/Accessories 48 m... d/d--x--x--x 0 0 4853-144-6 /Documents and Settings/All Users/Start Menu/Programs/Accessories/Communications 265 ..c. r/rr-xr-xr-x 0 0 5488-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/desktop.ini 545 ..c. r/rr-xr-xr-x 0 0 5502-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Administrative Tools/desktop.ini 48 m... d/d--x--x--x 0 0 5512-144-6 /Documents and Settings/All Users/Start Menu/Programs/Accessories/System Tools 757 ..c. r/rr-xr-xr-x 0 0 5514-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/System Tools/desktop.ini 48 m... d/d--x--x--x 0 0 5517-144-6 /Documents and Settings/All Users/Start Menu/Programs/Accessories/Entertainment 146 ..c. r/rr-xr-xr-x 0 0 5519-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Entertainment/desktop.ini Fri Jul 01 2011 14:48:29 48 m... d/d--x--x--x 0 0 10562-144-6 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer/Quick Launch 119 ..c. r/rr-xr-xr-x 0 0 10564-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/2/desktop.ini 312 m... d/dr-xr-xr-x 0 0 10679-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp 56 m... d/dr-xr-xr-x 0 0 10681-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1 56 m... d/dr-xr-xr-x 0 0 10686-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs 56 m... d/dr-xr-xr-x 0 0 10843-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Administrative Tools 56 m..b d/dr-xr-xr-x 0 0 10854-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Games 48 m... d/dr-xr-xr-x 0 0 11072-144-6 /Documents and Settings/All Users/Start Menu/Programs/Windows Resource Kit Tools 152 m..b d/dr-xr-xr-x 0 0 11146-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Startup 56 m..b d/dr-xr-xr-x 0 0 11150-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools 48 m..b d/dr-xr-xr-x 0 0 11157-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/4 656 m..b d/dr-xr-xr-x 0 0 11158-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/2 56 m... d/d--x--x--x 0 0 3843-144-6 /Documents and Settings/All Users/Start Menu 56 m... d/d--x--x--x 0 0 3845-144-5 /Documents and Settings/All Users/Start Menu/Programs 150 ..c. r/rr-xr-xr-x 0 0 3846-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/desktop.ini 48 m... d/d--x--x--x 0 0 3847-144-1 /Documents and Settings/All Users/Start Menu/Programs/Startup 84 ..c. r/rr-xr-xr-x 0 0 3848-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Startup/desktop.ini 48 m... d/d--x--x--x 0 0 5500-144-6 /Documents and Settings/All Users/Start Menu/Programs/Administrative Tools 48 m... d/d--x--x--x 0 0 5524-144-5 /Documents and Settings/All Users/Start Menu/Programs/Games 798 ..c. r/rr-xr-xr-x 0 0 5526-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Games/desktop.ini Fri Jul 01 2011 14:48:30 56 .a.. d/drwxrwxrwx 0 0 10306-144-6 /Documents and Settings/NetworkService/Application Data/Microsoft 56 .a.. d/drwxrwxrwx 0 0 10373-144-6 /Documents and Settings/LocalService/Application Data/Microsoft 22984 ...b r/rrwxrwxrwx 0 0 11161-128-4 /WINDOWS/Prefetch/ATTRIB.EXE-39EAFB02.pf 56 .a.. d/dr-xr-xr-x 0 0 3633-144-6 /Documents and Settings/NetworkService 56 .a.. d/drwxrwxrwx 0 0 3745-144-6 /Documents and Settings/Default User/Application Data/Microsoft Fri Jul 01 2011 14:48:32 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MenuOrder/Start Menu2/Programs 62 .a.. r/rr-xr-xr-x 0 0 10514-128-3 /Documents and Settings/malware/Start Menu/desktop.ini Fri Jul 01 2011 14:48:33 56 .a.. d/d-wx-wx-wx 0 0 47-144-6 /WINDOWS/Fonts Fri Jul 01 2011 14:48:39 56 .a.. d/dr-xr-xr-x 0 0 4147-144-6 /WINDOWS/Installer Fri Jul 01 2011 14:48:41 56 .a.. d/drwxrwxrwx 0 0 10223-144-6 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft Fri Jul 01 2011 14:48:42 56 .a.. d/d--x--x--x 0 0 71-144-7 /WINDOWS/system32/dllcache Fri Jul 01 2011 14:48:50 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows NT/CurrentVersion 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows NT/CurrentVersion/TaskManager Fri Jul 01 2011 14:48:53 144 .a.. d/drwxrwxrwx 0 0 10405-144-1 /WINDOWS/system32/Microsoft 152 .a.. d/drwxrwxrwx 0 0 10406-144-1 /WINDOWS/system32/Microsoft/Protect 144 .a.. d/drwxrwxrwx 0 0 10407-144-1 /WINDOWS/system32/Microsoft/Protect/S-1-5-18 56 .a.. d/drwxrwxrwx 0 0 10408-144-5 /WINDOWS/system32/Microsoft/Protect/S-1-5-18/User Fri Jul 01 2011 14:49:00 1048520 mac. r/rrwxrwxrwx 0 0 10633-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.1 0 ..c. r/rr-xr-xr-x 0 0 11165-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000134.exe Fri Jul 01 2011 14:49:02 248 .a.. d/drwxrwxrwx 0 0 6135-144-1 /WINDOWS/Tasks Fri Jul 01 2011 14:50:09 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/StartPage 20480 .a.. r/rr-xr-xr-x 0 0 2176-128-3 /WINDOWS/system32/sclgntfy.dll Fri Jul 01 2011 14:50:10 109652 ma.. r/rrwxrwxrwx 0 0 11162-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.2 178 ..c. r/rr-xr-xr-x 0 0 11163-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000130.ini 178 ma.. r/rr-xr-xr-x 0 0 12072-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000136.ini Fri Jul 01 2011 14:50:11 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Session Manager/AppCompatibility 20480 .a.. r/rr-xr-xr-x 0 0 10368-128-4 /System Volume Information/tracking.log 8192 ma.. r/rr-xr-xr-x 0 0 3760-128-3 /WINDOWS/system32/CatRoot2/edb.chk Fri Jul 01 2011 14:50:12 24 mac. r/rr-xr-xr-x 0 0 10410-128-1 /WINDOWS/system32/Microsoft/Protect/S-1-5-18/User/Preferred 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) EventLog/6006_Info_ (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 ma.. r/rr-xr-xr-x 0 0 3779-128-3 /WINDOWS/system32/CatRoot2/edb.log 388 macb r/rr-xr-xr-x 0 0 4824-128-1 /WINDOWS/system32/Microsoft/Protect/S-1-5-18/User/317d6b3f-8ca3-4e12-a89f-4e263595d5f1 Fri Jul 01 2011 14:50:14 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Watchdog/Display 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Windows Fri Jul 01 2011 14:50:28 0 m... 0 0 0 0 REG_System_system 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d51-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d51-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/IDConfigDB 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/FixedButton/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/GenuineIntel_-_x86_Family_6_Model_13/_0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/IBM0057/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/IBM0071/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/NSC1100/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0000/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0100/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0200/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0303/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0400/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0501/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0700/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0800/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0A08/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0A08/2&daba3ff&0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0B00/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C01/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C02/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C04/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C09/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C0D/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C0E/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/ThermalZone/THM0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI_HAL/PNP0C08/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/HTREE/ROOT/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ISAPNP/ReadDataPort/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_1002&DEV_5460&SUBSYS_056E1014&REV_00/4&266c3fa7&0&0008 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_1180&DEV_0476&SUBSYS_056C1014&REV_8D/4&ad1b67f&0&00F0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11/4&111a1fd8&0&00E0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2448&SUBSYS_00000000&REV_D3/3&b1bfb68&0&F0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2448&SUBSYS_00000000&REV_D3/3&b1bfb68&0&F0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2590&SUBSYS_00000000&REV_03/3&b1bfb68&0&00 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2591&SUBSYS_00000000&REV_03/3&b1bfb68&0&08 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2591&SUBSYS_00000000&REV_03/3&b1bfb68&0&08/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2641&SUBSYS_00000000&REV_03/3&b1bfb68&0&F8 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2653&SUBSYS_056A1014&REV_03/3&b1bfb68&0&FA 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2658&SUBSYS_05651014&REV_03/3&b1bfb68&0&E8 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2659&SUBSYS_05651014&REV_03/3&b1bfb68&0&E9 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_265A&SUBSYS_05651014&REV_03/3&b1bfb68&0&EA 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_265B&SUBSYS_05651014&REV_03/3&b1bfb68&0&EB 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_265C&SUBSYS_05661014&REV_03/3&b1bfb68&0&EF 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_2664&SUBSYS_00000000&REV_03/3&b1bfb68&0&E2 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_266A&SUBSYS_056B1014&REV_03/3&b1bfb68&0&FB 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_266D&SUBSYS_05761014&REV_03/3&b1bfb68&0&F3 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_266E&SUBSYS_05671014&REV_03/3&b1bfb68&0&F2 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCI/VEN_8086&DEV_4224&SUBSYS_10108086&REV_05/4&ad1b67f&0&10F0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/ACPI_HAL/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/COMPOSITE_BATTERY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_AFD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_BEEP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_DMBOOT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_DMLOAD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_FIPS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_GPC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_HTTP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_IPNAT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_IPSEC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_IRDA/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_KSECDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MNMDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MOUNTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NDIS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NDISTAPI/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NDISUIO/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NDPROXY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NETBT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NULL/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_PARTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_PARVDM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_PCIIDE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_RASACD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_RDPCDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_TCPIP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_VGASAVE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_VOLSNAP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WANARP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MEDIA/MS_MMACM 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MEDIA/MS_MMDRV 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MEDIA/MS_MMMCI 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MEDIA/MS_MMVCD 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MEDIA/MS_MMVID 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_IRDAMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_L2TPMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_NDISWANIP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_PPPOEMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_PPTPMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_PSCHEDMP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_PSCHEDMP/0001 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/MS_PTIMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/RDPDR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/RDP_KBD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/RDP_MOU/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/SYSTEM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/SYSTEM/0001 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/SYSTEM/0002 0 m... 0 0 0 0 REG_System_system/ControlSet001/Hardware Profiles 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ACPI 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ACPIEC 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/AFD 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ALG 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/AudioSrv 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Beep 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Browser 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/COMSysApp 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Cdfs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Compbatt 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/CryptSvc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/DcomLaunch 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Dhcp 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Dnscache 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ERSvc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/EventSystem 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/FastUserSwitchingCompatibility 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Fastfat 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Fdc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Fips 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/FltMgr 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Fs_Rec 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Ftdisk 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Gpc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/HTTP 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/IPSec 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/IRENUM 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ImapiService 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/IntelIde 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/IpNat 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Irmon 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/KSecDD 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Kbdclass 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/LanmanServer 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/LmHosts 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/MRxDAV 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/MRxSmb 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/MSDTC 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/MSIServer 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Mouclass 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/MountMgr 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Msfs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Mup 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NDIS 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NDProxy 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NSCIRDA 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NdisTapi 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NdisWan 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Ndisuio 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NetBIOS 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/NetBT 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Netman 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Nla 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Npfs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Ntfs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Null 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PCI 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PCIIde 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PSched 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ParVdm 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PartMgr 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Pcmcia 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PolicyAgent 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/PptpMiniport 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ProtectedStorage 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Ptilink 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RDPCDD 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RDPNP 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RasAcd 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RasMan 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RasPppoe 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Rasirda 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Rasl2tp 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Raspti 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Rdbss 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RemoteRegistry 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/RpcSs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/SENS 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/SSDPSRV 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/SamSs 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Schedule 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Serial 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/SharedAccess 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/ShellHWDetection 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Spooler 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Srv 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/TapiSrv 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Tcpip 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/TermDD 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/TermService 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Themes 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/TrkWks 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Update 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/VgaSave 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/VolSnap 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/W32Time 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/WZCSVC 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Wanarp 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/WebClient 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/audstub 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/b57w2k 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/dmboot 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/dmload 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/helpsvc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/i8042prt 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/intelppm 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/irda 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/isapnp 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/lanmanworkstation 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/mnmdd 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/rdpdr 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/seclogon 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/serenum 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/sr 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/srservice 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/stisvc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/swenum 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/usbehci 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/usbuhci 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/winmgmt 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/wscsvc 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/wuauserv 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d51-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d51-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/IDConfigDB 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/FixedButton/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/GenuineIntel_-_x86_Family_6_Model_13/_0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/IBM0057/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/IBM0071/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/NSC1100/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0000/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0100/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0200/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0303/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0400/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0501/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0700/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0800/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0A08/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0A08/2&daba3ff&0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0B00/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C01/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C02/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C04/4&3863886d&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C09/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C0D/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C0E/2&daba3ff&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/ThermalZone/THM0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI_HAL/PNP0C08/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/HTREE/ROOT/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ISAPNP/ReadDataPort/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_1002&DEV_5460&SUBSYS_056E1014&REV_00/4&266c3fa7&0&0008 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_1180&DEV_0476&SUBSYS_056C1014&REV_8D/4&ad1b67f&0&00F0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11/4&111a1fd8&0&00E0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2448&SUBSYS_00000000&REV_D3/3&b1bfb68&0&F0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2448&SUBSYS_00000000&REV_D3/3&b1bfb68&0&F0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2590&SUBSYS_00000000&REV_03/3&b1bfb68&0&00 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2591&SUBSYS_00000000&REV_03/3&b1bfb68&0&08 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2591&SUBSYS_00000000&REV_03/3&b1bfb68&0&08/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2641&SUBSYS_00000000&REV_03/3&b1bfb68&0&F8 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2653&SUBSYS_056A1014&REV_03/3&b1bfb68&0&FA 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2658&SUBSYS_05651014&REV_03/3&b1bfb68&0&E8 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2659&SUBSYS_05651014&REV_03/3&b1bfb68&0&E9 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_265A&SUBSYS_05651014&REV_03/3&b1bfb68&0&EA 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_265B&SUBSYS_05651014&REV_03/3&b1bfb68&0&EB 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_265C&SUBSYS_05661014&REV_03/3&b1bfb68&0&EF 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2660&SUBSYS_00000000&REV_03/3&b1bfb68&0&E0/Device Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_2664&SUBSYS_00000000&REV_03/3&b1bfb68&0&E2 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_266A&SUBSYS_056B1014&REV_03/3&b1bfb68&0&FB 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_266D&SUBSYS_05761014&REV_03/3&b1bfb68&0&F3 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_266E&SUBSYS_05671014&REV_03/3&b1bfb68&0&F2 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCI/VEN_8086&DEV_4224&SUBSYS_10108086&REV_05/4&ad1b67f&0&10F0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/ACPI_HAL/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/COMPOSITE_BATTERY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_AFD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_BEEP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_DMBOOT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_DMLOAD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_FIPS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_GPC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_HTTP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_IPNAT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_IPSEC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_IRDA/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_KSECDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MNMDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MOUNTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NDIS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NDISTAPI/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NDISUIO/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NDPROXY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NETBT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NULL/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_PARTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_PARVDM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_PCIIDE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_RASACD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_RDPCDD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_TCPIP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_VGASAVE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_VOLSNAP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WANARP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MEDIA/MS_MMACM 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MEDIA/MS_MMDRV 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MEDIA/MS_MMMCI 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MEDIA/MS_MMVCD 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MEDIA/MS_MMVID 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_IRDAMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_L2TPMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_NDISWANIP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_PPPOEMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_PPTPMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_PSCHEDMP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_PSCHEDMP/0001 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/MS_PTIMINIPORT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/RDPDR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/RDP_KBD/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/RDP_MOU/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/SYSTEM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/SYSTEM/0001 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/SYSTEM/0002 0 m... 0 0 0 0 REG_System_system/ControlSet002/Hardware Profiles 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ACPI 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ACPIEC 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/AFD 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ALG 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/AudioSrv 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Beep 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Browser 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/COMSysApp 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Cdfs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Compbatt 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/CryptSvc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/DcomLaunch 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Dhcp 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Dnscache 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ERSvc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/EventSystem 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/FastUserSwitchingCompatibility 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Fastfat 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Fdc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Fips 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/FltMgr 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Fs_Rec 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Ftdisk 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Gpc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/HTTP 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/IPSec 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/IRENUM 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ImapiService 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/IntelIde 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/IpNat 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Irmon 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/KSecDD 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Kbdclass 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/LanmanServer 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/LmHosts 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/MRxDAV 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/MRxSmb 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/MSDTC 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/MSIServer 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Mouclass 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/MountMgr 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Msfs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Mup 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NDIS 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NDProxy 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NSCIRDA 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NdisTapi 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NdisWan 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Ndisuio 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NetBIOS 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/NetBT 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Netman 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Nla 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Npfs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Ntfs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Null 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PCI 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PCIIde 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PSched 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ParVdm 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PartMgr 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Pcmcia 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PolicyAgent 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/PptpMiniport 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ProtectedStorage 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Ptilink 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RDPCDD 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RDPNP 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RasAcd 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RasMan 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RasPppoe 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Rasirda 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Rasl2tp 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Raspti 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Rdbss 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RemoteRegistry 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/RpcSs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/SENS 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/SSDPSRV 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/SamSs 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Schedule 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Serial 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/SharedAccess 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/ShellHWDetection 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Spooler 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Srv 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/TapiSrv 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Tcpip 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/TermDD 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/TermService 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Themes 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/TrkWks 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Update 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/VgaSave 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/VolSnap 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/W32Time 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/WZCSVC 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Wanarp 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/WebClient 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/audstub 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/b57w2k 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/dmboot 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/dmload 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/helpsvc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/i8042prt 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/intelppm 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/irda 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/isapnp 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/lanmanworkstation 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/mnmdd 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/rdpdr 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/seclogon 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/serenum 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/sr 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/srservice 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/stisvc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/swenum 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/usbehci 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/usbuhci 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/winmgmt 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/wscsvc 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/wuauserv Fri Jul 01 2011 14:50:29 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E96A-E325-11CE-BFC1-08002BE10318}/0001 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Class/{4D36E96A-E325-11CE-BFC1-08002BE10318}/0002 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/##?#Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/##?#Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/ACPI0003/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/IBM0068/5&2890d699&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/ACPI/PNP0C0A/0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/IDE/DiskHTS541060G9AT00_________________________MB3IA60A/5&2c06044&0&0.0.0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCIIDE/IDEChannel/4&345649fa&0&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/PCIIDE/IDEChannel/4&345649fa&0&1 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/ftdisk/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/CmBatt 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Disk 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/atapi 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E96A-E325-11CE-BFC1-08002BE10318}/0001 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Class/{4D36E96A-E325-11CE-BFC1-08002BE10318}/0002 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/##?#Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/##?#Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/ACPI0003/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/IBM0068/5&2890d699&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/ACPI/PNP0C0A/0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/IDE/DiskHTS541060G9AT00_________________________MB3IA60A/5&2c06044&0&0.0.0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCIIDE/IDEChannel/4&345649fa&0&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/PCIIDE/IDEChannel/4&345649fa&0&1 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/ftdisk/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/CmBatt 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Disk 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/atapi Fri Jul 01 2011 14:50:30 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#DiskHTS541060G9AT00_________________________MB3IA60A#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#DiskHTS541060G9AT00_________________________MB3IA60A#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#Volume#1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#Volume#1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/IDE/CdRomHL-DT-ST_RW/DVD_GCC-4242N_______________0J05____/5&2ba179a6&0&0.0.0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_FLTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MUP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NTFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/STORAGE/Volume/1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Cdrom 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Imapi 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/redbook 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#DiskHTS541060G9AT00_________________________MB3IA60A#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#DiskHTS541060G9AT00_________________________MB3IA60A#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#Volume#1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#STORAGE#Volume#1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/IDE/CdRomHL-DT-ST_RW/DVD_GCC-4242N_______________0J05____/5&2ba179a6&0&0.0.0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_FLTMGR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MUP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NTFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SR/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/STORAGE/Volume/1&30a96598&0&Signature56DF56DFOffset7E00Length18E356200 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Cdrom 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Imapi 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/redbook Fri Jul 01 2011 14:50:31 256 .a.. d/drwxrwxrwx 0 0 10363-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files 56 .a.. d/drwxrwxrwx 0 0 10364-144-5 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5 256 .a.. d/drwxrwxrwx 0 0 10369-144-1 /Documents and Settings/LocalService/Local Settings/History 256 .a.. d/drwxrwxrwx 0 0 10370-144-1 /Documents and Settings/LocalService/Local Settings/History/History.IE5 152 .a.. d/drwxrwxrwx 0 0 10371-144-1 /Documents and Settings/LocalService/Cookies 0 macb 0 0 0 10413 [XP Prefetch] (Last run) NTOSBOOT-B00DFAAD.pf - [NTOSBOOT] was executed - run count [9]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/SFCFILES.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/COMDLG32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/LZ32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/OLECLI32.DLL - WINDOWS/SYSTEM32/OLECNV32.DLL - WINDOWS/SYSTEM32/OLESVR32.DLL - WINDOWS/SYSTEM32/OLETHK32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/URL.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/MPR.DLL - WINDOWS/SYSTEM32/WOW32.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHDOCVW.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/CRYPTUI.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/CSRSRV.DLL - WINDOWS/SYSTEM32/BASESRV.DLL - WINDOWS/SYSTEM32/WINSRV.DLL - WINDOWS/SYSTEM32/VGA.DLL - WINDOWS/SYSTEM32/FRAMEBUF.DLL - WINDOWS/SYSTEM32/VGA256.DLL - WINDOWS/SYSTEM32/VGA64K.DLL - WINDOWS/SYSTEM32/AUTHZ.DLL - WINDOWS/SYSTEM32/NDDEAPI.DLL - WINDOWS/SYSTEM32/PROFMAP.DLL - WINDOWS/SYSTEM32/PSAPI.DLL - WINDOWS/SYSTEM32/REGAPI.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/KBDUS.DLL - WINDOWS/SYSTEM32/MSGINA.DLL - WINDOWS/SYSTEM32/ODBC32.DLL - WINDOWS/SYSTEM32/SXS.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/ODBCINT.DLL - WINDOWS/SYSTEM32/SHSVCS.DLL - WINDOWS/SYSTEM32/SFC.DLL - WINDOWS/SYSTEM32/SFC_OS.DLL - WINDOWS/SYSTEM32/NCOBJAPI.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/SCESRV.DLL - WINDOWS/SYSTEM32/UMPNPMGR.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACADPROC.DLL - WINDOWS/SYSTEM32/LSASRV.DLL - WINDOWS/SYSTEM32/NTDSAPI.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/SAMLIB.DLL - WINDOWS/SYSTEM32/SAMSRV.DLL - WINDOWS/SYSTEM32/CRYPTDLL.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/SCHANNEL.DLL - WINDOWS/SYSTEM32/MSPRIVS.DLL - WINDOWS/SYSTEM32/KERBEROS.DLL - WINDOWS/SYSTEM32/MSV1_0.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/NETLOGON.DLL - WINDOWS/SYSTEM32/W32TIME.DLL - WINDOWS/SYSTEM32/WDIGEST.DLL - WINDOWS/SYSTEM32/RSAENH.DLL - WINDOWS/SYSTEM32/WINSCARD.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/SCECLI.DLL - WINDOWS/SYSTEM32/NTMARTA.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/EVENTLOG.DLL - WINDOWS/SYSTEM32/NETEVENT.DLL - WINDOWS/SYSTEM32/MSWSOCK.DLL - WINDOWS/SYSTEM32/HNETCFG.DLL - WINDOWS/SYSTEM32/WSHTCPIP.DLL - WINDOWS/SYSTEM32/WINRNR.DLL - WINDOWS/SYSTEM32/RASADHLP.DLL - WINDOWS/SYSTEM32/DHCPCSVC.DLL - WINDOWS/SYSTEM32/DNSRSLVR.DLL - WINDOWS/SYSTEM32/DUSER.DLL - WINDOWS/SYSTEM32/MSIMG32.DLL - WINDOWS/SYSTEM32/OLEACC.DLL - WINDOWS/SYSTEM32/OLEACCRC.DLL - WINDOWS/SYSTEM32/CSCDLL.DLL - WINDOWS/SYSTEM32/DIMSNTFY.DLL - WINDOWS/SYSTEM32/WLNOTIFY.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/SHGINA.DLL - WINDOWS/SYSTEM32/LMHSVC.DLL - WINDOWS/SYSTEM32/TERMSRV.DLL - WINDOWS/SYSTEM32/ICAAPI.DLL - WINDOWS/SYSTEM32/MSTLSAPI.DLL - WINDOWS/SYSTEM32/ACTIVEDS.DLL - WINDOWS/SYSTEM32/ADSLDPC.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/WZCSVC.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/WMI.DLL - WINDOWS/SYSTEM32/EAPOLQEC.DLL - WINDOWS/SYSTEM32/QUTIL.DLL - WINDOWS/SYSTEM32/DOT3API.DLL - WINDOWS/SYSTEM32/ESENT.DLL - WINDOWS/SYSTEM32/IRMON.DLL - WINDOWS/SYSTEM32/RASTLS.DLL - WINDOWS/SYSTEM32/MPRAPI.DLL - WINDOWS/SYSTEM32/RASAPI32.DLL - WINDOWS/SYSTEM32/RASMAN.DLL - WINDOWS/SYSTEM32/TAPI32.DLL - WINDOWS/SYSTEM32/RICHED20.DLL - WINDOWS/SYSTEM32/RASCHAP.DLL - WINDOWS/SYSTEM32/WSHIRDA.DLL - WINDOWS/SYSTEM32/SCHEDSVC.DLL - WINDOWS/SYSTEM32/MSIDLE.DLL - WINDOWS/SYSTEM32/AUDIOSRV.DLL - WINDOWS/SYSTEM32/WKSSVC.DLL - WINDOWS/SYSTEM32/WEBCLNT.DLL - WINDOWS/SYSTEM32/WSOCK32.DLL - WINDOWS/SYSTEM32/CRYPTSVC.DLL - WINDOWS/SYSTEM32/CERTCLI.DLL - WINDOWS/SYSTEM32/ERSVC.DLL - WINDOWS/SYSTEM32/ES.DLL - WINDOWS/PCHEALTH/HELPCTR/BINARIES/PCHSVC.DLL - WINDOWS/SYSTEM32/SRVSVC.DLL - WINDOWS/SYSTEM32/NETMSG.DLL - WINDOWS/SYSTEM32/IPSECSVC.DLL - WINDOWS/SYSTEM32/OAKLEY.DLL - WINDOWS/SYSTEM32/WINIPSEC.DLL - WINDOWS/SYSTEM32/PSTORSVC.DLL - WINDOWS/SYSTEM32/PSBASE.DLL - WINDOWS/SYSTEM32/NETMAN.DLL - WINDOWS/SYSTEM32/NETSHELL.DLL - WINDOWS/SYSTEM32/CREDUI.DLL - WINDOWS/SYSTEM32/DOT3DLG.DLL - WINDOWS/SYSTEM32/ONEX.DLL - WINDOWS/SYSTEM32/EAPPCFG.DLL - WINDOWS/SYSTEM32/EAPPPRXY.DLL - WINDOWS/SYSTEM32/WZCSAPI.DLL - WINDOWS/SYSTEM32/REGSVC.DLL - WINDOWS/SYSTEM32/SENS.DLL - WINDOWS/SYSTEM32/SECLOGON.DLL - WINDOWS/SYSTEM32/SRSVC.DLL - WINDOWS/SYSTEM32/POWRPROF.DLL - WINDOWS/SYSTEM32/TRKWKS.DLL - WINDOWS/SYSTEM32/WBEM/WMISVC.DLL - WINDOWS/SYSTEM32/VSSAPI.DLL - WINDOWS/SYSTEM32/WUAUSERV.DLL - WINDOWS/SYSTEM32/WUAUENG.DLL - WINDOWS/SYSTEM32/ADVPACK.DLL - WINDOWS/SYSTEM32/CABINET.DLL - WINDOWS/SYSTEM32/MSPATCHA.DLL - WINDOWS/SYSTEM32/SHFOLDER.DLL - WINDOWS/SYSTEM32/WINHTTP.DLL - WINDOWS/SYSTEM32/WSCSVC.DLL - WINDOWS/SYSTEM32/MSI.DLL - WINDOWS/SYSTEM32/BROWSER.DLL - WINDOWS/SYSTEM32/DSSENH.DLL - WINDOWS/SYSTEM32/WBEM/WBEMPROX.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCOMN.DLL - WINDOWS/SYSTEM32/CSCUI.DLL - WINDOWS/SYSTEM32/DPCDLL.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCORE.DLL - WINDOWS/SYSTEM32/WBEM/ESSCLI.DLL - WINDOWS/SYSTEM32/WBEM/FASTPROX.DLL - WINDOWS/SYSTEM32/WBEM/WBEMSVC.DLL - WINDOWS/SYSTEM32/MSXML3.DLL - WINDOWS/SYSTEM32/MSXML3R.DLL - WINDOWS/SYSTEM32/COMSVCS.DLL - WINDOWS/SYSTEM32/COLBACT.DLL - WINDOWS/SYSTEM32/MTXCLU.DLL - WINDOWS/SYSTEM32/CLUSAPI.DLL - WINDOWS/SYSTEM32/RESUTILS.DLL - WINDOWS/SYSTEM32/WBEM/WMIUTILS.DLL - WINDOWS/SYSTEM32/WBEM/REPDRVFS.DLL - WINDOWS/SYSTEM32/WBEM/WMIPRVSD.DLL - WINDOWS/SYSTEM32/WBEM/WBEMESS.DLL - WINDOWS/SYSTEM32/IPNATHLP.DLL - WINDOWS/SYSTEM32/WUAPI.DLL - WINDOWS/SYSTEM32/WBEM/NCPROV.DLL - WINDOWS/SYSTEM32/WBEM/WBEMCONS.DLL - WINDOWS/SYSTEM32/BROWSEUI.DLL - WINDOWS/SYSTEM32/NETCFGX.DLL - WINDOWS/SYSTEM32/THEMEUI.DLL - WINDOWS/SYSTEM32/ACTXPRXY.DLL - WINDOWS/SYSTEM32/MYDOCS.DLL - WINDOWS/SYSTEM32/MORICONS.DLL - WINDOWS/SYSTEM32/UPNP.DLL - WINDOWS/SYSTEM32/SSDPAPI.DLL - WINDOWS/SYSTEM32/SSDPSRV.DLL - WINDOWS/SYSTEM32/ULIB.DLL - WINDOWS/SYSTEM32/WEBCHECK.DLL - WINDOWS/SYSTEM32/STOBJECT.DLL - WINDOWS/SYSTEM32/BATMETER.DLL - WINDOWS/SYSTEM32/RASDLG.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.2600.5512_X-WW_DFB54E0C/GDIPLUS.DLL - WINDOWS/SYSTEM32/MFC42U.DLL - WINDOWS/SYSTEM32/LINKINFO.DLL - WINDOWS/SYSTEM32/NTSHRUI.DLL - WINDOWS/SYSTEM32/SENSAPI.DLL - WINDOWS/SYSTEM32/DCIMAN32.DLL - WINDOWS/SYSTEM32/SPOOLSS.DLL - WINDOWS/SYSTEM32/LOCALSPL.DLL - WINDOWS/SYSTEM32/CNBJMON.DLL - WINDOWS/SYSTEM32/PJLMON.DLL - WINDOWS/SYSTEM32/TCPMON.DLL - WINDOWS/SYSTEM32/USBMON.DLL - WINDOWS/SYSTEM32/WIN32SPL.DLL - WINDOWS/SYSTEM32/NETRAP.DLL - WINDOWS/SYSTEM32/INETPP.DLL - WINDOWS/SYSTEM32/WUPS.DLL - WINDOWS/SYSTEM32/NEWDEV.DLL - WINDOWS/SYSTEM32/MDMINST.DLL - WINDOWS/SYSTEM32/SYSSETUP.DLL - WINDOWS/SYSTEM32/STI_CI.DLL - WINDOWS/SYSTEM32/BATT.DLL - WINDOWS/SYSTEM32/SDHCINST.DLL - WINDOWS/SYSTEM32/BTHCI.DLL - WINDOWS/SYSTEM32/FLDRCLNR.DLL} (file: /media/sdb1/WINDOWS/Prefetch/NTOSBOOT-B00DFAAD.pf) 36352 .a.. r/rr-xr-xr-x 0 0 2570-128-3 /WINDOWS/system32/drivers/intelppm.sys 56 .a.. d/dr-xr-xr-x 0 0 3652-144-6 /System Volume Information Fri Jul 01 2011 14:50:32 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4d36e978-e325-11ce-bfc1-08002be10318}/##?#ACPI#PNP0501#4&3863886d&0#{4d36e978-e325-11ce-bfc1-08002be10318} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4d36e978-e325-11ce-bfc1-08002be10318}/##?#ACPI#PNP0501#4&3863886d&0#{4d36e978-e325-11ce-bfc1-08002be10318}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/##?#ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/##?#ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4d36e978-e325-11ce-bfc1-08002be10318}/##?#ACPI#PNP0501#4&3863886d&0#{4d36e978-e325-11ce-bfc1-08002be10318} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4d36e978-e325-11ce-bfc1-08002be10318}/##?#ACPI#PNP0501#4&3863886d&0#{4d36e978-e325-11ce-bfc1-08002be10318}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/##?#ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/##?#ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}/# 161792 .a.. r/rr-xr-xr-x 0 0 10752-128-3 /WINDOWS/system32/drivers/b57xp32.sys 19072 .a.. r/rr-xr-xr-x 0 0 1894-128-3 /WINDOWS/system32/drivers/tdi.sys 141056 .a.. r/rr-xr-xr-x 0 0 1906-128-3 /WINDOWS/system32/drivers/ks.sys 27392 .a.. r/rr-xr-xr-x 0 0 1908-128-3 /WINDOWS/system32/drivers/fdc.sys 64512 .a.. r/rr-xr-xr-x 0 0 1909-128-3 /WINDOWS/system32/drivers/serial.sys 15744 .a.. r/rr-xr-xr-x 0 0 1910-128-3 /WINDOWS/system32/drivers/serenum.sys 80128 .a.. r/rr-xr-xr-x 0 0 1911-128-3 /WINDOWS/system32/drivers/parport.sys 62976 .a.. r/rr-xr-xr-x 0 0 1912-128-3 /WINDOWS/system32/drivers/cdrom.sys 51328 .a.. r/rr-xr-xr-x 0 0 1913-128-3 /WINDOWS/system32/drivers/rasl2tp.sys 10112 .a.. r/rr-xr-xr-x 0 0 1914-128-3 /WINDOWS/system32/drivers/ndistapi.sys 91520 .a.. r/rr-xr-xr-x 0 0 1915-128-3 /WINDOWS/system32/drivers/ndiswan.sys 41472 .a.. r/rr-xr-xr-x 0 0 1916-128-3 /WINDOWS/system32/drivers/raspppoe.sys 48384 .a.. r/rr-xr-xr-x 0 0 1917-128-3 /WINDOWS/system32/drivers/raspptp.sys 69120 .a.. r/rr-xr-xr-x 0 0 1918-128-3 /WINDOWS/system32/drivers/psched.sys 35072 .a.. r/rr-xr-xr-x 0 0 1919-128-3 /WINDOWS/system32/drivers/msgpc.sys 42112 .a.. r/rr-xr-xr-x 0 0 1929-128-3 /WINDOWS/system32/drivers/imapi.sys 52480 .a.. r/rr-xr-xr-x 0 0 3619-128-3 /WINDOWS/system32/drivers/i8042prt.sys 143872 .a.. r/rr-xr-xr-x 0 0 3626-128-3 /WINDOWS/system32/drivers/usbport.sys 20608 .a.. r/rr-xr-xr-x 0 0 3627-128-3 /WINDOWS/system32/drivers/usbuhci.sys 30208 .a.. r/rr-xr-xr-x 0 0 3629-128-3 /WINDOWS/system32/drivers/usbehci.sys 23040 .a.. r/rr-xr-xr-x 0 0 3630-128-3 /WINDOWS/system32/drivers/mouclass.sys 24576 .a.. r/rr-xr-xr-x 0 0 3631-128-3 /WINDOWS/system32/drivers/kbdclass.sys 11264 .a.. r/rr-xr-xr-x 0 0 3910-128-3 /WINDOWS/system32/drivers/irenum.sys 28672 .a.. r/rr-xr-xr-x 0 0 4828-128-3 /WINDOWS/system32/drivers/nscirda.sys 19584 .a.. r/rr-xr-xr-x 0 0 4836-128-3 /WINDOWS/system32/drivers/rasirda.sys 13952 .a.. r/rr-xr-xr-x 0 0 4837-128-3 /WINDOWS/system32/drivers/CmBatt.sys 57600 .a.. r/rr-xr-xr-x 0 0 4840-128-3 /WINDOWS/system32/drivers/redbook.sys 3072 .a.. r/rr-xr-xr-x 0 0 4845-128-3 /WINDOWS/system32/drivers/audstub.sys Fri Jul 01 2011 14:50:33 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4747b320-62ce-11cf-a5d6-28db04c10000}/##?#Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4747b320-62ce-11cf-a5d6-28db04c10000}/##?#Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{97fadb10-4e33-40ae-359c-8bef029dbdd0}/##?#ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{97fadb10-4e33-40ae-359c-8bef029dbdd0}/##?#ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/mssmbios 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4747b320-62ce-11cf-a5d6-28db04c10000}/##?#Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4747b320-62ce-11cf-a5d6-28db04c10000}/##?#Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{97fadb10-4e33-40ae-359c-8bef029dbdd0}/##?#ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{97fadb10-4e33-40ae-359c-8bef029dbdd0}/##?#ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/mssmbios 17792 .a.. r/rr-xr-xr-x 0 0 191-128-3 /WINDOWS/system32/drivers/ptilink.sys 16512 .a.. r/rr-xr-xr-x 0 0 192-128-3 /WINDOWS/system32/drivers/raspti.sys 4352 .a.. r/rr-xr-xr-x 0 0 1920-128-3 /WINDOWS/system32/drivers/swenum.sys 15488 .a.. r/rr-xr-xr-x 0 0 2771-128-3 /WINDOWS/system32/drivers/mssmbios.sys 384768 .a.. r/rr-xr-xr-x 0 0 3391-128-3 /WINDOWS/system32/drivers/update.sys 40840 .a.. r/rr-xr-xr-x 0 0 4862-128-3 /WINDOWS/system32/drivers/termdd.sys 196224 .a.. r/rr-xr-xr-x 0 0 4863-128-3 /WINDOWS/system32/drivers/rdpdr.sys Fri Jul 01 2011 14:50:34 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{1186654d-47b8-48b9-beb9-7df113ae3c67}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{1186654d-47b8-48b9-beb9-7df113ae3c67}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{CCF3C231-86A7-4A76-91ED-5DB1B34426E5} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{E037727E-458A-432B-B328-F49A39D3C157} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{82F044D2-E75B-4BDB-B526-3A4305E354DC} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{34FDEE64-BCC1-4E03-867C-5775AC1F07FD} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{1186654d-47b8-48b9-beb9-7df113ae3c67}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{1186654d-47b8-48b9-beb9-7df113ae3c67}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/##?#IDE#CdRomHL-DT-ST_RW#DVD_GCC-4242N_______________0J05____#5&2ba179a6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{CCF3C231-86A7-4A76-91ED-5DB1B34426E5} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{E037727E-458A-432B-B328-F49A39D3C157} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{82F044D2-E75B-4BDB-B526-3A4305E354DC} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{34FDEE64-BCC1-4E03-867C-5775AC1F07FD} 40576 .a.. r/rr-xr-xr-x 0 0 1921-128-3 /WINDOWS/system32/drivers/ndproxy.sys 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/15_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:50:35 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2658&SUBSYS_05651014&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2658&SUBSYS_05651014&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#PCI#VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11#4&111a1fd8&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#PCI#VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11#4&111a1fd8&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{D668E008-1573-470A-9346-7741E6261C75} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#NDISWANIP 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{0A512159-DACE-4B87-A40C-67B8A358DEE7} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{E9E11213-1FEC-4A82-A89F-EDF59351EE8D} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{9FACBF16-E737-45C2-9529-1F8336812DDB} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&1b50c3be&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&1b50c3be&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/ROOT_HUB/4&1b50c3be&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/usbhub 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2658&SUBSYS_05651014&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2658&SUBSYS_05651014&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#PCI#VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11#4&111a1fd8&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#PCI#VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11#4&111a1fd8&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{D668E008-1573-470A-9346-7741E6261C75} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#NDISWANIP 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{0A512159-DACE-4B87-A40C-67B8A358DEE7} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{E9E11213-1FEC-4A82-A89F-EDF59351EE8D} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ROOT#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{9FACBF16-E737-45C2-9529-1F8336812DDB} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&1b50c3be&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&1b50c3be&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/ROOT_HUB/4&1b50c3be&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/usbhub 4736 .a.. r/rr-xr-xr-x 0 0 1885-128-3 /WINDOWS/system32/drivers/usbd.sys 28672 .a.. r/rr-xr-xr-x 0 0 3146-128-3 /WINDOWS/system32/verclsid.exe 59520 .a.. r/rr-xr-xr-x 0 0 3623-128-3 /WINDOWS/system32/drivers/usbhub.sys 131072 .acb 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:50:36 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2659&SUBSYS_05651014&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2659&SUBSYS_05651014&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265A&SUBSYS_05651014&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265A&SUBSYS_05651014&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265B&SUBSYS_05651014&REV_03#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265B&SUBSYS_05651014&REV_03#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265C&SUBSYS_05661014&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265C&SUBSYS_05661014&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0303#4&3863886d&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0303#4&3863886d&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#PNP0303#4&3863886d&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#PNP0303#4&3863886d&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&236de289&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&236de289&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&34f80b40&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&34f80b40&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&9c69b07&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&9c69b07&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB20#4&1aa45922&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB20#4&1aa45922&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/ROOT_HUB/4&236de289&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/ROOT_HUB/4&34f80b40&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/ROOT_HUB/4&9c69b07&0 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/ROOT_HUB20/4&1aa45922&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2659&SUBSYS_05651014&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_2659&SUBSYS_05651014&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265A&SUBSYS_05651014&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265A&SUBSYS_05651014&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265B&SUBSYS_05651014&REV_03#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265B&SUBSYS_05651014&REV_03#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265C&SUBSYS_05661014&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/##?#PCI#VEN_8086&DEV_265C&SUBSYS_05661014&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0303#4&3863886d&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{4afa3d53-74a7-11d0-be5e-00a0c9062857}/##?#ACPI#PNP0303#4&3863886d&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#PNP0303#4&3863886d&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#PNP0303#4&3863886d&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&236de289&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&236de289&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&34f80b40&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&34f80b40&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&9c69b07&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB#4&9c69b07&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB20#4&1aa45922&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{f18a0e88-c30c-11d0-8815-00a0c906bed8}/##?#USB#ROOT_HUB20#4&1aa45922&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/ROOT_HUB/4&236de289&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/ROOT_HUB/4&34f80b40&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/ROOT_HUB/4&9c69b07&0 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/ROOT_HUB20/4&1aa45922&0 Fri Jul 01 2011 14:50:37 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#IBM0057#4&3863886d&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#IBM0057#4&3863886d&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{811fc6a5-f728-11d0-a537-0000f8753ed1}/##?#LPTENUM#MicrosoftRawPort#5&be86656&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{811fc6a5-f728-11d0-a537-0000f8753ed1}/##?#LPTENUM#MicrosoftRawPort#5&be86656&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{86e0d1e0-8089-11d0-9ce4-08003e301f73}/##?#ACPI#PNP0501#4&3863886d&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{86e0d1e0-8089-11d0-9ce4-08003e301f73}/##?#ACPI#PNP0501#4&3863886d&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{97f76ef0-f883-11d0-af1f-0000f800845c}/##?#ACPI#PNP0400#4&3863886d&0#{97f76ef0-f883-11d0-af1f-0000f800845c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{97f76ef0-f883-11d0-af1f-0000f800845c}/##?#ACPI#PNP0400#4&3863886d&0#{97f76ef0-f883-11d0-af1f-0000f800845c}/# 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ACPI#IBM0071#4&3863886d&0#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ACPI#IBM0071#4&3863886d&0#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{97EC1D9E-62DB-4516-A68D-06DA05EB2694} 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Session Manager 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/LPTENUM/MicrosoftRawPort/5&be86656&0&LPT1 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_FS_REC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MRXSMB/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MSFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NETBIOS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NPFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_RDBSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Cdaudio 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Flpydisk 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Parport 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#IBM0057#4&3863886d&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{378de44c-56ef-11d1-bc8c-00a0c91405dd}/##?#ACPI#IBM0057#4&3863886d&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{811fc6a5-f728-11d0-a537-0000f8753ed1}/##?#LPTENUM#MicrosoftRawPort#5&be86656&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{811fc6a5-f728-11d0-a537-0000f8753ed1}/##?#LPTENUM#MicrosoftRawPort#5&be86656&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{86e0d1e0-8089-11d0-9ce4-08003e301f73}/##?#ACPI#PNP0501#4&3863886d&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{86e0d1e0-8089-11d0-9ce4-08003e301f73}/##?#ACPI#PNP0501#4&3863886d&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{97f76ef0-f883-11d0-af1f-0000f800845c}/##?#ACPI#PNP0400#4&3863886d&0#{97f76ef0-f883-11d0-af1f-0000f800845c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{97f76ef0-f883-11d0-af1f-0000f800845c}/##?#ACPI#PNP0400#4&3863886d&0#{97f76ef0-f883-11d0-af1f-0000f800845c}/# 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ACPI#IBM0071#4&3863886d&0#{ad498944-762f-11d0-8dcb-00c04fc3358c} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/DeviceClasses/{ad498944-762f-11d0-8dcb-00c04fc3358c}/##?#ACPI#IBM0071#4&3863886d&0#{ad498944-762f-11d0-8dcb-00c04fc3358c}/#{97EC1D9E-62DB-4516-A68D-06DA05EB2694} 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Session Manager 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/LPTENUM/MicrosoftRawPort/5&be86656&0&LPT1 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_FS_REC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MRXSMB/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MSFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NETBIOS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NPFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_RDBSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Cdaudio 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Flpydisk 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Parport 23256 .a.. r/rrwxrwxrwx 0 0 10426-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/_filelst.cfg 4224 .a.. r/rr-xr-xr-x 0 0 1552-128-3 /WINDOWS/system32/drivers/mnmdd.sys 456576 .a.. r/rr-xr-xr-x 0 0 1896-128-3 /WINDOWS/system32/drivers/mrxsmb.sys 175744 .a.. r/rr-xr-xr-x 0 0 1897-128-3 /WINDOWS/system32/drivers/rdbss.sys 19072 .a.. r/rr-xr-xr-x 0 0 1898-128-3 /WINDOWS/system32/drivers/msfs.sys 34688 .a.. r/rr-xr-xr-x 0 0 1900-128-3 /WINDOWS/system32/drivers/netbios.sys 30848 .a.. r/rr-xr-xr-x 0 0 1901-128-3 /WINDOWS/system32/drivers/npfs.sys 81664 .a.. r/rr-xr-xr-x 0 0 1905-128-3 /WINDOWS/system32/drivers/videoprt.sys 20480 .a.. r/rr-xr-xr-x 0 0 1922-128-3 /WINDOWS/system32/drivers/flpydisk.sys 20992 .a.. r/rr-xr-xr-x 0 0 1924-128-3 /WINDOWS/system32/drivers/vga.sys 75264 .a.. r/rr-xr-xr-x 0 0 1925-128-3 /WINDOWS/system32/drivers/ipsec.sys 361344 .a.. r/rr-xr-xr-x 0 0 1926-128-3 /WINDOWS/system32/drivers/tcpip.sys 162816 .a.. r/rr-xr-xr-x 0 0 1927-128-3 /WINDOWS/system32/drivers/netbt.sys 34560 .a.. r/rr-xr-xr-x 0 0 1928-128-3 /WINDOWS/system32/drivers/wanarp.sys 18688 .a.. r/rr-xr-xr-x 0 0 193-128-3 /WINDOWS/system32/drivers/cdaudio.sys 44544 .a.. r/rr-xr-xr-x 0 0 1930-128-3 /WINDOWS/system32/drivers/fips.sys 50688 .a.. r/rr-xr-xr-x 0 0 1932-128-3 /WINDOWS/system32/smss.exe 588800 .a.. r/rr-xr-xr-x 0 0 1933-128-3 /WINDOWS/system32/autochk.exe 7936 .a.. r/rr-xr-xr-x 0 0 194-128-3 /WINDOWS/system32/drivers/fs_rec.sys 2944 .a.. r/rr-xr-xr-x 0 0 195-128-3 /WINDOWS/system32/drivers/null.sys 4224 .a.. r/rr-xr-xr-x 0 0 196-128-3 /WINDOWS/system32/drivers/beep.sys 4224 .a.. r/rr-xr-xr-x 0 0 197-128-3 /WINDOWS/system32/drivers/rdpcdd.sys 8832 .a.. r/rr-xr-xr-x 0 0 198-128-3 /WINDOWS/system32/drivers/rasacd.sys 138112 .a.. r/rr-xr-xr-x 0 0 2022-128-3 /WINDOWS/system32/drivers/afd.sys 152832 .a.. r/rr-xr-xr-x 0 0 2577-128-3 /WINDOWS/system32/drivers/ipnat.sys Fri Jul 01 2011 14:50:38 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_CDFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/USB/Vid_0483&Pid_2016/5&1227f778&0&2 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_CDFS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/USB/Vid_0483&Pid_2016/5&1227f778&0&2 4352 .a.. r/rr-xr-xr-x 0 0 188-128-3 /WINDOWS/system32/drivers/wmilib.sys 96512 .a.. r/rr-xr-xr-x 0 0 1886-128-3 /WINDOWS/system32/drivers/atapi.sys 74752 .a.. r/rr-xr-xr-x 0 0 1943-128-3 /WINDOWS/system32/olecli32.dll 37376 .a.. r/rr-xr-xr-x 0 0 1944-128-3 /WINDOWS/system32/olecnv32.dll 37888 .a.. r/rr-xr-xr-x 0 0 1947-128-3 /WINDOWS/system32/url.dll 420864 .a.. r/rr-xr-xr-x 0 0 1957-128-3 /WINDOWS/system32/ntvdm.exe 264192 .a.. r/rr-xr-xr-x 0 0 1958-128-3 /WINDOWS/system32/wow32.dll 2560 .a.. r/rr-xr-xr-x 0 0 199-128-3 /WINDOWS/system32/lz32.dll 22016 .a.. r/rr-xr-xr-x 0 0 200-128-3 /WINDOWS/system32/olesvr32.dll 69120 .a.. r/rr-xr-xr-x 0 0 201-128-3 /WINDOWS/system32/olethk32.dll 63744 .a.. r/rr-xr-xr-x 0 0 2297-128-3 /WINDOWS/system32/drivers/cdfs.sys 1610612736 mac. r/rr-xr-xr-x 0 0 27-128-1 /pagefile.sys Fri Jul 01 2011 14:50:39 0 m... 0 0 0 0 REG_System_SECURITYSECURITY 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/ComputerName 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Lsa 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Lsa/SspiCache 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Session Manager/Memory Management/PrefetchParameters 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Session Manager/SubSystems 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/ComputerName 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Lsa 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Lsa/SspiCache 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Session Manager/Memory Management/PrefetchParameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Session Manager/SubSystems 221676 .a.. r/rr-xr-xr-x 0 0 1367-128-3 /WINDOWS/Fonts/sylfaen.ttf 18880 .a.. r/rr-xr-xr-x 0 0 1536-128-3 /WINDOWS/Fonts/wst_czec.fon 18880 .a.. r/rr-xr-xr-x 0 0 1537-128-3 /WINDOWS/Fonts/wst_engl.fon 18880 .a.. r/rr-xr-xr-x 0 0 1538-128-3 /WINDOWS/Fonts/wst_fren.fon 18880 .a.. r/rr-xr-xr-x 0 0 1539-128-3 /WINDOWS/Fonts/wst_germ.fon 18880 .a.. r/rr-xr-xr-x 0 0 1540-128-3 /WINDOWS/Fonts/wst_ital.fon 18880 .a.. r/rr-xr-xr-x 0 0 1541-128-3 /WINDOWS/Fonts/wst_span.fon 18880 .a.. r/rr-xr-xr-x 0 0 1542-128-3 /WINDOWS/Fonts/wst_swed.fon 51456 .a.. r/rr-xr-xr-x 0 0 1880-128-3 /WINDOWS/system32/vga256.dll 18176 .a.. r/rr-xr-xr-x 0 0 1881-128-3 /WINDOWS/system32/vga64k.dll 17664 .a.. r/rr-xr-xr-x 0 0 1963-128-3 /WINDOWS/system32/watchdog.sys 6144 .a.. r/rr-xr-xr-x 0 0 1964-128-3 /WINDOWS/system32/csrss.exe 32256 .a.. r/rr-xr-xr-x 0 0 1965-128-3 /WINDOWS/system32/csrsrv.dll 52736 .a.. r/rr-xr-xr-x 0 0 1966-128-3 /WINDOWS/system32/basesrv.dll 71168 .a.. r/rr-xr-xr-x 0 0 1970-128-3 /WINDOWS/system32/drivers/dxg.sys 17920 .a.. r/rr-xr-xr-x 0 0 1972-128-3 /WINDOWS/system32/nddeapi.dll 27648 .a.. r/rr-xr-xr-x 0 0 1975-128-3 /WINDOWS/system32/profmap.dll 355680 .a.. r/rr-xr-xr-x 0 0 1981-128-3 /WINDOWS/Fonts/tahomabd.ttf 383804 .a.. r/rr-xr-xr-x 0 0 1982-128-3 /WINDOWS/Fonts/tahoma.ttf 108544 .a.. r/rr-xr-xr-x 0 0 1994-128-3 /WINDOWS/system32/services.exe 13312 .a.. r/rr-xr-xr-x 0 0 1995-128-3 /WINDOWS/system32/lsass.exe 314880 .a.. r/rr-xr-xr-x 0 0 1996-128-3 /WINDOWS/system32/scesrv.dll 123392 .a.. r/rr-xr-xr-x 0 0 1997-128-3 /WINDOWS/system32/umpnpmgr.dll 728064 .a.. r/rr-xr-xr-x 0 0 1998-128-3 /WINDOWS/system32/lsasrv.dll 33280 .a.. r/rr-xr-xr-x 0 0 1999-128-3 /WINDOWS/system32/cryptdll.dll 415744 .a.. r/rr-xr-xr-x 0 0 2001-128-3 /WINDOWS/system32/samsrv.dll 48128 .a.. r/rr-xr-xr-x 0 0 2007-128-3 /WINDOWS/system32/msprivs.dll 299520 .a.. r/rr-xr-xr-x 0 0 2008-128-3 /WINDOWS/system32/kerberos.dll 407040 .a.. r/rr-xr-xr-x 0 0 2012-128-3 /WINDOWS/system32/netlogon.dll 49152 .a.. r/rr-xr-xr-x 0 0 2013-128-3 /WINDOWS/system32/wdigest.dll 148624 .a.. r/rr-xr-xr-x 0 0 2028-128-3 /WINDOWS/Fonts/tunga.ttf 3328 .a.. r/rr-xr-xr-x 0 0 203-128-3 /WINDOWS/system32/drivers/dxgthk.sys 5360 .a.. r/rr-xr-xr-x 0 0 205-128-3 /WINDOWS/Fonts/vgafix.fon 9344 .a.. r/rr-xr-xr-x 0 0 206-128-3 /WINDOWS/system32/vga.dll 231 .a.. r/rr-xr-xr-x 0 0 207-128-1 /WINDOWS/system.ini 5312 .a.. r/rr-xr-xr-x 0 0 209-128-3 /WINDOWS/Fonts/ega80woa.fon 13312 .a.. r/rr-xr-xr-x 0 0 215-128-3 /WINDOWS/Fonts/roman.fon 12288 .a.. r/rr-xr-xr-x 0 0 216-128-3 /WINDOWS/Fonts/script.fon 8704 .a.. r/rr-xr-xr-x 0 0 217-128-3 /WINDOWS/Fonts/modern.fon 134108 .a.. r/rr-xr-xr-x 0 0 2170-128-3 /WINDOWS/Fonts/trebuc.ttf 26112 .a.. r/rr-xr-xr-x 0 0 218-128-3 /WINDOWS/Fonts/smalle.fon 118832 .a.. r/rr-xr-xr-x 0 0 2180-128-3 /WINDOWS/Fonts/ariblk.ttf 127596 .a.. r/rr-xr-xr-x 0 0 2182-128-3 /WINDOWS/Fonts/comic.ttf 155068 .a.. r/rr-xr-xr-x 0 0 2184-128-3 /WINDOWS/Fonts/georgia.ttf 137448 .a.. r/rr-xr-xr-x 0 0 2185-128-3 /WINDOWS/Fonts/impact.ttf 56336 .a.. r/rr-xr-xr-x 0 0 219-128-3 /WINDOWS/Fonts/symbole.fon 39424 .a.. r/rr-xr-xr-x 0 0 2194-128-3 /WINDOWS/AppPatch/AcAdProc.dll 23408 .a.. r/rr-xr-xr-x 0 0 220-128-3 /WINDOWS/Fonts/coure.fon 57936 .a.. r/rr-xr-xr-x 0 0 222-128-3 /WINDOWS/Fonts/serife.fon 24124 .a.. r/rr-xr-xr-x 0 0 223-128-3 /WINDOWS/Fonts/marlett.ttf 79744 .a.. r/rr-xr-xr-x 0 0 226-128-3 /WINDOWS/Fonts/estre.ttf 285696 .a.. r/rr-xr-xr-x 0 0 2264-128-3 /WINDOWS/system32/atmfd.dll 214936 .a.. r/rr-xr-xr-x 0 0 227-128-3 /WINDOWS/Fonts/gautami.ttf 73292 .a.. r/rr-xr-xr-x 0 0 228-128-3 /WINDOWS/Fonts/latha.ttf 143864 .a.. r/rr-xr-xr-x 0 0 229-128-3 /WINDOWS/Fonts/mangal.ttf 40500 .a.. r/rr-xr-xr-x 0 0 230-128-3 /WINDOWS/Fonts/mvboli.ttf 57348 .a.. r/rr-xr-xr-x 0 0 231-128-3 /WINDOWS/Fonts/raavi.ttf 234280 .a.. r/rr-xr-xr-x 0 0 232-128-3 /WINDOWS/Fonts/shruti.ttf 123096 .a.. r/rr-xr-xr-x 0 0 249-128-3 /WINDOWS/Fonts/trebucbd.ttf 9344 .a.. r/rr-xr-xr-x 0 0 2493-128-3 /WINDOWS/system32/framebuf.dll 207808 .a.. r/rr-xr-xr-x 0 0 251-128-3 /WINDOWS/Fonts/ariali.ttf 111476 .a.. r/rr-xr-xr-x 0 0 252-128-3 /WINDOWS/Fonts/comicbd.ttf 303296 .a.. r/rr-xr-xr-x 0 0 253-128-3 /WINDOWS/Fonts/cour.ttf 312920 .a.. r/rr-xr-xr-x 0 0 254-128-3 /WINDOWS/Fonts/courbd.ttf 236148 .a.. r/rr-xr-xr-x 0 0 255-128-3 /WINDOWS/Fonts/courbi.ttf 245032 .a.. r/rr-xr-xr-x 0 0 256-128-3 /WINDOWS/Fonts/couri.ttf 141032 .a.. r/rr-xr-xr-x 0 0 257-128-3 /WINDOWS/Fonts/georgiab.ttf 157388 .a.. r/rr-xr-xr-x 0 0 258-128-3 /WINDOWS/Fonts/georgiai.ttf 159736 .a.. r/rr-xr-xr-x 0 0 259-128-3 /WINDOWS/Fonts/georgiaz.ttf 48 .a.. r/rr-xr-xr-x 0 0 26-144-2 /$Extend/$Reparse:$R 323980 .a.. r/rr-xr-xr-x 0 0 260-128-3 /WINDOWS/Fonts/l_10646.ttf 115068 .a.. r/rr-xr-xr-x 0 0 261-128-3 /WINDOWS/Fonts/lucon.ttf 489884 .a.. r/rr-xr-xr-x 0 0 262-128-3 /WINDOWS/Fonts/pala.ttf 434004 .a.. r/rr-xr-xr-x 0 0 263-128-3 /WINDOWS/Fonts/palab.ttf 344288 .a.. r/rr-xr-xr-x 0 0 264-128-3 /WINDOWS/Fonts/palabi.ttf 430800 .a.. r/rr-xr-xr-x 0 0 265-128-3 /WINDOWS/Fonts/palai.ttf 69464 .a.. r/rr-xr-xr-x 0 0 266-128-3 /WINDOWS/Fonts/symbol.ttf 239692 .a.. r/rr-xr-xr-x 0 0 267-128-3 /WINDOWS/Fonts/timesbi.ttf 248368 .a.. r/rr-xr-xr-x 0 0 268-128-3 /WINDOWS/Fonts/timesi.ttf 131188 .a.. r/rr-xr-xr-x 0 0 269-128-3 /WINDOWS/Fonts/trebucbi.ttf 139288 .a.. r/rr-xr-xr-x 0 0 270-128-3 /WINDOWS/Fonts/trebucit.ttf 155076 .a.. r/rr-xr-xr-x 0 0 271-128-3 /WINDOWS/Fonts/verdanai.ttf 154800 .a.. r/rr-xr-xr-x 0 0 272-128-3 /WINDOWS/Fonts/verdanaz.ttf 118752 .a.. r/rr-xr-xr-x 0 0 273-128-3 /WINDOWS/Fonts/webdings.ttf 261 .a.. r/rr-xr-xr-x 0 0 3641-128-3 /WINDOWS/system32/$winnt$.inf 90296 .a.. r/rr-xr-xr-x 0 0 3651-128-3 /WINDOWS/system32/FNTCACHE.DAT 625 .a.. r/rr-xr-xr-x 0 0 3683-128-4 /WINDOWS/WinSxS/Policies/x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510/5.1.2600.2000.Policy 10496 .a.. r/rr-xr-xr-x 0 0 515-128-3 /WINDOWS/system32/drivers/dxapi.sys 488 .a.. r/r--x--x--x 0 0 6563-128-1 /WINDOWS/system32/WindowsLogon.manifest Fri Jul 01 2011 14:50:40 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_DCOMLAUNCH/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_DHCP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_DNSCACHE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_RPCSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SAMSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_THEMES/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_DCOMLAUNCH/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_DHCP/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_DNSCACHE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_RPCSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SAMSS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_THEMES/0000 20 ..c. r/rr-xr-xr-x 0 0 10328-128-1 /Documents and Settings/NetworkService/ntuser.ini 62 mac. r/rr-xr-xr-x 0 0 10329-128-1 /Documents and Settings/NetworkService/Local Settings/desktop.ini 20 ..c. r/rr-xr-xr-x 0 0 10395-128-1 /Documents and Settings/LocalService/ntuser.ini 109652 ..c. r/rrwxrwxrwx 0 0 11162-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.2 1614848 .a.. r/rr-xr-xr-x 0 0 1935-128-3 /WINDOWS/system32/sfcfiles.dll 135168 .a.. r/rr-xr-xr-x 0 0 1987-128-3 /WINDOWS/system32/shsvcs.dll 56320 .a.. r/rr-xr-xr-x 0 0 2016-128-3 /WINDOWS/system32/eventlog.dll 181248 .a.. r/rr-xr-xr-x 0 0 2017-128-3 /WINDOWS/system32/scecli.dll 45568 .a.. r/rr-xr-xr-x 0 0 2033-128-3 /WINDOWS/system32/dnsrslvr.dll 14592 .a.. r/rr-xr-xr-x 0 0 2150-128-3 /WINDOWS/system32/drivers/ndisuio.sys 2188928 .a.. r/rr-xr-xr-x 0 0 3615-128-3 /WINDOWS/system32/ntoskrnl.exe 2065792 .a.. r/rr-xr-xr-x 0 0 3616-128-3 /WINDOWS/system32/ntkrnlpa.exe 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) EventLog/6005_Info_ (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) EventLog/6009_Info_5.01. - 2600 - Service Pack 3 - Uniprocessor Free (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 88192 .a.. r/rr-xr-xr-x 0 0 4831-128-3 /WINDOWS/system32/drivers/irda.sys Fri Jul 01 2011 14:50:41 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_IRMON/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_LMHOSTS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_TERMSERVICE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WZCSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_IRMON/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_LMHOSTS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_TERMSERVICE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WZCSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/Eventlog/Application/ESENT 16384 m... r/rr-xr-xr-x 0 0 10296-128-3 /Documents and Settings/NetworkService/Cookies/index.dat 16384 m... r/rr-xr-xr-x 0 0 10298-128-3 /Documents and Settings/NetworkService/Local Settings/History/History.IE5/index.dat 62 mac. r/rr-xr-xr-x 0 0 10396-128-1 /Documents and Settings/LocalService/Local Settings/desktop.ini 163328 .a.. r/rr-xr-xr-x 0 0 1144-128-3 /WINDOWS/system32/oleacc.dll 49664 .a.. r/rr-xr-xr-x 0 0 1977-128-3 /WINDOWS/system32/regapi.dll 14336 .a.. r/rr-xr-xr-x 0 0 2018-128-3 /WINDOWS/system32/svchost.exe 13824 .a.. r/rr-xr-xr-x 0 0 2034-128-3 /WINDOWS/system32/lmhsvc.dll 92672 .a.. r/rr-xr-xr-x 0 0 2084-128-3 /WINDOWS/system32/wlnotify.dll 116224 .a.. r/rr-xr-xr-x 0 0 2092-128-3 /WINDOWS/system32/mstlsapi.dll 514560 .a.. r/rr-xr-xr-x 0 0 2174-128-3 /WINDOWS/system32/logonui.exe 19456 .a.. r/rr-xr-xr-x 0 0 2367-128-3 /WINDOWS/system32/dimsntfy.dll 28160 .a.. r/rr-xr-xr-x 0 0 4832-128-3 /WINDOWS/system32/irmon.dll 11264 .a.. r/rr-xr-xr-x 0 0 4959-128-3 /WINDOWS/system32/icaapi.dll 295424 .a.. r/rr-xr-xr-x 0 0 4964-128-3 /WINDOWS/system32/termsrv.dll 488 .a.. r/r--x--x--x 0 0 6562-128-1 /WINDOWS/system32/logonui.exe.manifest Fri Jul 01 2011 14:50:42 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_AUDIOSRV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_LANMANWORKSTATION/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SCHEDULE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SHELLHWDETECTION/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SPOOLER/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_AUDIOSRV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_LANMANWORKSTATION/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SCHEDULE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SHELLHWDETECTION/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SPOOLER/0000 99328 .a.. r/rr-xr-xr-x 0 0 2015-128-3 /WINDOWS/system32/winscard.dll 6656 .a.. r/rr-xr-xr-x 0 0 2035-128-3 /WINDOWS/system32/msidle.dll 57856 .a.. r/rr-xr-xr-x 0 0 2036-128-3 /WINDOWS/system32/spoolsv.exe 132096 .a.. r/rr-xr-xr-x 0 0 2038-128-3 /WINDOWS/system32/wkssvc.dll 42496 .a.. r/rr-xr-xr-x 0 0 2040-128-3 /WINDOWS/system32/audiosrv.dll 150016 .a.. r/rr-xr-xr-x 0 0 2151-128-3 /WINDOWS/system32/rastls.dll 79872 .a.. r/rr-xr-xr-x 0 0 2152-128-3 /WINDOWS/system32/raschap.dll 192512 .a.. r/rr-xr-xr-x 0 0 5708-128-3 /WINDOWS/system32/schedsvc.dll Fri Jul 01 2011 14:50:48 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_BROWSER/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_CRYPTSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_ERSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_EVENTSYSTEM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_HELPSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_LANMANSERVER/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_MRXDAV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NETMAN/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_POLICYAGENT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_PROTECTEDSTORAGE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_REMOTEREGISTRY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SECLOGON/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SENS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SRSERVICE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SRV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_TRKWKS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_W32TIME/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WEBCLIENT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WINMGMT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WSCSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_WUAUSERV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/LanmanServer/Parameters 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_BROWSER/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_CRYPTSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_ERSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_EVENTSYSTEM/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_HELPSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_LANMANSERVER/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_MRXDAV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_NETMAN/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_POLICYAGENT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_PROTECTEDSTORAGE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_REMOTEREGISTRY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SECLOGON/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SENS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SRSERVICE/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SRV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_TRKWKS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_W32TIME/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WEBCLIENT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WINMGMT/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WSCSVC/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_WUAUSERV/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Services/LanmanServer/Parameters 256 ..c. d/drwxrwxrwx 0 0 10363-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files 56 ..c. d/drwxrwxrwx 0 0 10364-144-5 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5 16384 m... r/rr-xr-xr-x 0 0 10365-128-3 /Documents and Settings/LocalService/Cookies/index.dat 16384 m... r/rr-xr-xr-x 0 0 10366-128-3 /Documents and Settings/LocalService/Local Settings/History/History.IE5/index.dat 256 ..c. d/drwxrwxrwx 0 0 10369-144-1 /Documents and Settings/LocalService/Local Settings/History 256 ..c. d/drwxrwxrwx 0 0 10370-144-1 /Documents and Settings/LocalService/Local Settings/History/History.IE5 152 ..c. d/drwxrwxrwx 0 0 10371-144-1 /Documents and Settings/LocalService/Cookies 32768 m... r/rr-xr-xr-x 0 0 10414-128-3 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/index.dat 536 .a.. r/rrwxrwxrwx 0 0 11466-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/rp.log 180608 .a.. r/rr-xr-xr-x 0 0 1893-128-3 /WINDOWS/system32/drivers/mrxdav.sys 183808 .a.. r/rr-xr-xr-x 0 0 2044-128-3 /WINDOWS/system32/ipsecsvc.dll 270336 .a.. r/rr-xr-xr-x 0 0 2046-128-3 /WINDOWS/system32/oakley.dll 59904 .a.. r/rr-xr-xr-x 0 0 2047-128-3 /WINDOWS/system32/regsvc.dll 32256 .a.. r/rr-xr-xr-x 0 0 2048-128-3 /WINDOWS/system32/winipsec.dll 68096 .a.. r/rr-xr-xr-x 0 0 2050-128-3 /WINDOWS/system32/webclnt.dll 62464 .a.. r/rr-xr-xr-x 0 0 2051-128-3 /WINDOWS/system32/cryptsvc.dll 194560 .a.. r/rr-xr-xr-x 0 0 2052-128-3 /WINDOWS/system32/certcli.dll 34304 .a.. r/rr-xr-xr-x 0 0 2055-128-3 /WINDOWS/system32/pstorsvc.dll 96768 .a.. r/rr-xr-xr-x 0 0 2057-128-3 /WINDOWS/system32/psbase.dll 175104 .a.. r/rr-xr-xr-x 0 0 2061-128-3 /WINDOWS/system32/w32time.dll 90112 .a.. r/rr-xr-xr-x 0 0 2071-128-3 /WINDOWS/system32/trkwks.dll 18944 .a.. r/rr-xr-xr-x 0 0 2072-128-3 /WINDOWS/system32/seclogon.dll 96768 .a.. r/rr-xr-xr-x 0 0 2073-128-3 /WINDOWS/system32/srvsvc.dll 334848 .a.. r/rr-xr-xr-x 0 0 2075-128-3 /WINDOWS/system32/drivers/srv.sys 77824 .a.. r/rr-xr-xr-x 0 0 2077-128-3 /WINDOWS/system32/browser.dll 2843136 .a.. r/rr-xr-xr-x 0 0 2108-128-3 /WINDOWS/system32/msi.dll 430592 .a.. r/rr-xr-xr-x 0 0 2160-128-3 /WINDOWS/system32/vssapi.dll 734 .a.. r/rr-xr-xr-x 0 0 233-128-3 /WINDOWS/system32/drivers/etc/hosts 6784 .a.. r/rr-xr-xr-x 0 0 235-128-3 /WINDOWS/system32/drivers/parvdm.sys 171008 .a.. r/rr-xr-xr-x 0 0 236-128-3 /WINDOWS/system32/netmsg.dll 23040 .a.. r/rr-xr-xr-x 0 0 2464-128-3 /WINDOWS/system32/ersvc.dll 80896 .a.. r/rr-xr-xr-x 0 0 3180-128-3 /WINDOWS/system32/wscsvc.dll 144896 .a.. r/rr-xr-xr-x 0 0 4914-128-3 /WINDOWS/system32/wbem/wmisvc.dll 171008 .a.. r/rr-xr-xr-x 0 0 5759-128-3 /WINDOWS/system32/srsvc.dll 38400 .a.. r/rr-xr-xr-x 0 0 5777-128-3 /WINDOWS/pchealth/helpctr/binaries/pchsvc.dll 6656 .a.. r/rr-xr-xr-x 0 0 6058-128-3 /WINDOWS/system32/wuauserv.dll Fri Jul 01 2011 14:50:50 62 mac. r/rr-xr-xr-x 0 0 10530-128-3 /Documents and Settings/malware/Local Settings/desktop.ini 5632 .a.. r/rr-xr-xr-x 0 0 214-128-3 /WINDOWS/system32/kbdus.dll 1024 ma.. r/rr-xr-xr-x 0 0 3650-128-3 /WINDOWS/system32/config/SAM.LOG Fri Jul 01 2011 14:50:51 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Session Manager/Power 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SHAREDACCESS/0000 0 m... 0 0 0 0 REG_System_system/ControlSet002/Control/Session Manager/Power 0 m... 0 0 0 0 REG_System_system/ControlSet002/Enum/Root/LEGACY_SHAREDACCESS/0000 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Group Policy 36352 .a.. r/rr-xr-xr-x 0 0 2000-128-3 /WINDOWS/system32/ncobjapi.dll 58368 .a.. r/rr-xr-xr-x 0 0 2313-128-3 /WINDOWS/system32/clusapi.dll 66560 .a.. r/rr-xr-xr-x 0 0 2789-128-3 /WINDOWS/system32/mtxclu.dll 58880 .a.. r/rr-xr-xr-x 0 0 2954-128-3 /WINDOWS/system32/resutils.dll 70888 ma.. r/rr-xr-xr-x 0 0 3743-128-3 /WINDOWS/Debug/UserMode/userenv.log 247808 .a.. r/rr-xr-xr-x 0 0 4869-128-3 /WINDOWS/system32/wbem/esscli.dll 472064 .a.. r/rr-xr-xr-x 0 0 4870-128-3 /WINDOWS/system32/wbem/fastprox.dll 178176 .a.. r/rr-xr-xr-x 0 0 4883-128-3 /WINDOWS/system32/wbem/repdrvfs.dll 214528 .a.. r/rr-xr-xr-x 0 0 4890-128-3 /WINDOWS/system32/wbem/wbemcomn.dll 531456 .a.. r/rr-xr-xr-x 0 0 4892-128-3 /WINDOWS/system32/wbem/wbemcore.dll 273920 .a.. r/rr-xr-xr-x 0 0 4894-128-3 /WINDOWS/system32/wbem/wbemess.dll 18944 .a.. r/rr-xr-xr-x 0 0 4895-128-3 /WINDOWS/system32/wbem/wbemprox.dll 43520 .a.. r/rr-xr-xr-x 0 0 4896-128-3 /WINDOWS/system32/wbem/wbemsvc.dll 437248 .a.. r/rr-xr-xr-x 0 0 4911-128-3 /WINDOWS/system32/wbem/wmiprvsd.dll 95232 .a.. r/rr-xr-xr-x 0 0 4915-128-3 /WINDOWS/system32/wbem/wmiutils.dll 1267200 .a.. r/rr-xr-xr-x 0 0 4929-128-3 /WINDOWS/system32/comsvcs.dll 60416 .a.. r/rr-xr-xr-x 0 0 4937-128-3 /WINDOWS/system32/colbact.dll 20 m... r/rr-xr-xr-x 0 0 5547-128-1 /WINDOWS/system32/wbem/Repository/$WinMgmt.CFG Fri Jul 01 2011 14:50:52 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_ALG/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_FASTUSERSWITCHINGCOMPATIBILITY/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_NLA/0000 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/SharedAccess/Epoch 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/Desktop/Components/0 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 118784 .a.. r/rr-xr-xr-x 0 0 2037-128-3 /WINDOWS/system32/ntmarta.dll 102912 .a.. r/rr-xr-xr-x 0 0 2089-128-3 /WINDOWS/system32/dpcdll.dll 26112 .a.. r/rr-xr-xr-x 0 0 2090-128-3 /WINDOWS/system32/userinit.exe 135168 .a.. r/rr-xr-xr-x 0 0 2105-128-3 /WINDOWS/system32/desk.cpl 385536 .a.. r/rr-xr-xr-x 0 0 2106-128-3 /WINDOWS/system32/themeui.dll 44544 .a.. r/rr-xr-xr-x 0 0 2242-128-3 /WINDOWS/system32/alg.exe 13646 ma.. r/rr-xr-xr-x 0 0 237-128-3 /WINDOWS/system32/wpa.dbl 331264 .a.. r/rr-xr-xr-x 0 0 2578-128-3 /WINDOWS/system32/ipnathlp.dll 4190352 .a.. r/rr-xr-xr-x 0 0 2654-128-3 /WINDOWS/Resources/Themes/Luna/luna.msstyles 34816 .a.. r/rr-xr-xr-x 0 0 3048-128-3 /WINDOWS/system32/ssdpapi.dll 13824 .a.. r/rr-xr-xr-x 0 0 3177-128-3 /WINDOWS/system32/wscntfy.exe 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) SecurityCenter/1800_Info_ (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Application Layer Gateway Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Computer Browser - stopped (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Fast User Switching Compatibility - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_Network Location Awareness (NLA) - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Application Layer Gateway Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Fast User Switching Compatibility - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_Network Location Awareness (NLA) - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 1237 .a.. r/rr-xr-xr-x 0 0 3668-128-4 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 397 .a.. r/rr-xr-xr-x 0 0 3672-128-1 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c.Manifest 605 .a.. r/rr-xr-xr-x 0 0 3676-128-4 /WINDOWS/WinSxS/Policies/x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac/1.0.2600.5512.Policy 1883 .a.. r/rr-xr-xr-x 0 0 3689-128-4 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1187 .a.. r/rr-xr-xr-x 0 0 3693-128-4 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 460 .a.. r/rr-xr-xr-x 0 0 3697-128-4 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.Manifest 641 .a.. r/rr-xr-xr-x 0 0 3700-128-4 /WINDOWS/WinSxS/Policies/x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd/5.2.2.3.Policy 641 .a.. r/rr-xr-xr-x 0 0 3703-128-4 /WINDOWS/WinSxS/Policies/x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f/5.2.2.3.Policy 47104 .a.. r/rr-xr-xr-x 0 0 4878-128-3 /WINDOWS/system32/wbem/ncprov.dll 71680 .a.. r/rr-xr-xr-x 0 0 4891-128-3 /WINDOWS/system32/wbem/wbemcons.dll 430592 .a.. r/rr-xr-xr-x 0 0 6051-128-3 /WINDOWS/system32/wuapi.dll Fri Jul 01 2011 14:50:53 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_SSDPSRV/0000 0 m... 0 0 0 0 REG_User_malware 452608 .a.. r/rr-xr-xr-x 0 0 10650-128-4 /Documents and Settings/All Users/Application Data/VDPLtsHLVdsd.exe 36656 .a.. r/rr-xr-xr-x 0 0 208-128-3 /WINDOWS/Fonts/dosapp.fon 8368 .a.. r/rr-xr-xr-x 0 0 210-128-3 /WINDOWS/Fonts/ega40woa.fon 4304 .a.. r/rr-xr-xr-x 0 0 211-128-3 /WINDOWS/Fonts/cga80woa.fon 6336 .a.. r/rr-xr-xr-x 0 0 212-128-3 /WINDOWS/Fonts/cga40woa.fon 264832 .a.. r/rr-xr-xr-x 0 0 2530-128-3 /WINDOWS/system32/drivers/http.sys 71680 .a.. r/rr-xr-xr-x 0 0 3049-128-3 /WINDOWS/system32/ssdpsrv.dll 133632 .a.. r/rr-xr-xr-x 0 0 3126-128-3 /WINDOWS/system32/upnp.dll 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_SSDP Discovery Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_SSDP Discovery Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:50:54 308736 .a.. r/rr-xr-xr-x 0 0 11114-128-3 /WINDOWS/system32/wget.exe Fri Jul 01 2011 14:50:55 14848 .a.. r/rr-xr-xr-x 0 0 545-128-3 /WINDOWS/system32/fc.exe 9216 .a.. r/rr-xr-xr-x 0 0 551-128-3 /WINDOWS/system32/find.exe Fri Jul 01 2011 14:50:57 0 m... 0 0 0 0 REG_User_malware/Control Panel/Desktop 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/Desktop/Components 62 .a.. r/rr-xr-xr-x 0 0 10537-128-3 /Documents and Settings/malware/Application Data/desktop.ini 2128 mac. r/rr-xr-xr-x 0 0 10570-128-3 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer/Desktop.htt 899 .a.. r/rr-xr-xr-x 0 0 11116-128-3 /get.bat 0 .a.. r/rr-xr-xr-x 0 0 11453-128-3 /WINDOWS/system32/sandnet.exe 17408 .a.. r/rr-xr-xr-x 0 0 2087-128-3 /WINDOWS/system32/powrprof.dll 276480 .a.. r/rr-xr-xr-x 0 0 2134-128-3 /WINDOWS/system32/webcheck.dll 121856 .a.. r/rr-xr-xr-x 0 0 2154-128-3 /WINDOWS/system32/stobject.dll 29184 .a.. r/rr-xr-xr-x 0 0 2155-128-3 /WINDOWS/system32/batmeter.dll 830 .a.. r/rr-xr-xr-x 0 0 6225-128-3 /WINDOWS/Web/deskmovr.htt Fri Jul 01 2011 14:50:58 0 m... 0 0 0 0 REG_System_system/ControlSet001/Enum/Root/LEGACY_IMAPISERVICE/0000 0 m... 0 0 0 0 REG_User_malware/Software 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Discardable/PostSetup/Component Categories/{00021493-0000-0000-C000-000000000046}/Enum 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/Discardable/PostSetup/Component Categories/{00021494-0000-0000-C000-000000000046}/Enum 150 .ac. r/rr-xr-xr-x 0 0 10676-128-1 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/A0000135.ini 372736 m..b r/rr-xr-xr-x 0 0 11166-128-3 /Documents and Settings/All Users/Application Data/14147364.exe 827 .acb 0 0 0 11170 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../../../All Users/Application Data/14147364.exe [a rel. path str-a descr. str-SI ID exists-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk) 899 .acb 0 0 0 11171 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../../../All Users/Application Data/14147364.exe CMD arg: 1 [a rel. path str-cmd line args-a descr. str-SI ID exists-custom icon-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk) 815 .acb 0 0 0 11172 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Desktop/Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../All Users/Application Data/14147364.exe [a rel. path str-a descr. str-SI ID exists-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Desktop/Windows XP Repair.lnk) 98304 .a.. r/rr-xr-xr-x 0 0 2113-128-3 /WINDOWS/system32/actxprxy.dll 150528 .a.. r/rr-xr-xr-x 0 0 2126-128-3 /WINDOWS/system32/imapi.exe 90624 .a.. r/rr-xr-xr-x 0 0 2187-128-3 /WINDOWS/system32/mydocs.dll 658432 .a.. r/rr-xr-xr-x 0 0 2937-128-3 /WINDOWS/system32/rasdlg.dll 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_IMAPI CD-Burning COM Service - running (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 macb 0 S-1-5-18 0 3663 [Event Log] (Time generated/Time written) User: S-1-5-18 Service Control Manager/7035_Info_IMAPI CD-Burning COM Service - start (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 48 m... d/dr-xr-xr-x 0 0 72-144-6 /WINDOWS/Temp Fri Jul 01 2011 14:51:00 256 .a.. d/drwxrwxrwx 0 0 10302-144-1 /Documents and Settings/NetworkService/Local Settings/History 256 .a.. d/drwxrwxrwx 0 0 3664-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files Fri Jul 01 2011 14:51:04 1024 ma.. r/rr-xr-xr-x 0 0 10541-128-4 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG 336 m..b r/rr-xr-xr-x 0 0 11168-128-1 /Documents and Settings/All Users/Application Data/14147364 131072 macb 0 0 0 3663 [Event Log] (Time generated/Time written) Service Control Manager/7036_Info_IMAPI CD-Burning COM Service - stopped (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/15_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) 131072 m... 0 0 0 3663 [Event Log] (Time generated/Time written) b57w2k/9_Info_ - Broadcom NetXtreme Gigabit Ethernet (file: /media/sdb1/WINDOWS/system32/config/SysEvent.Evt) Fri Jul 01 2011 14:51:05 1024 ma.. r/rr-xr-xr-x 0 0 10394-128-4 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG 64000 .a.. r/rr-xr-xr-x 0 0 2308-128-3 /WINDOWS/system32/cleanmgr.exe Fri Jul 01 2011 14:51:06 1024 ma.. r/rr-xr-xr-x 0 0 10327-128-4 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG Fri Jul 01 2011 14:51:07 1033728 .a.. r/rr-xr-xr-x 0 0 2093-128-3 /WINDOWS/explorer.exe 176640 .a.. r/rr-xr-xr-x 0 0 2796-128-3 /WINDOWS/system32/napstat.exe Fri Jul 01 2011 14:51:08 827 m... 0 0 0 11170 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../../../All Users/Application Data/14147364.exe [a rel. path str-a descr. str-SI ID exists-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk) 899 m... 0 0 0 11171 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../../../All Users/Application Data/14147364.exe CMD arg: 1 [a rel. path str-cmd line args-a descr. str-SI ID exists-custom icon-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk) 815 m... 0 0 0 11172 [Shortcut LNK] (Modified/Access/Created) C:/Documents and Settings/All Users/Application Data/14147364.exe <-/media/sdb1/Documents and Settings/malware/Desktop/Windows XP Repair.lnk- which is stored on a local vol type - Fixed- SN 0xcac117b - Desc: Windows XP Repair Rel path: ../../All Users/Application Data/14147364.exe [a rel. path str-a descr. str-SI ID exists-points to a file or dir] - mod since last backup-hidden (file: /media/sdb1/Documents and Settings/malware/Desktop/Windows XP Repair.lnk) Fri Jul 01 2011 14:51:10 56 m... d/d--x--x--x 0 0 10444-144-5 /Documents and Settings/malware/Start Menu/Programs 288 m... d/dr-xr-xr-x 0 0 10471-144-1 /Documents and Settings/malware/Desktop 544 m..b d/dr-xr-xr-x 0 0 11169-144-1 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair 827 ma.b r/rr-xr-xr-x 0 0 11170-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk 899 ma.b r/rr-xr-xr-x 0 0 11171-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk 815 m..b r/rr-xr-xr-x 0 0 11172-128-4 /Documents and Settings/malware/Desktop/Windows XP Repair.lnk 39424 .a.. r/rr-xr-xr-x 0 0 2074-128-3 /WINDOWS/system32/sens.dll 62 .a.. r/rr-xr-xr-x 0 0 3849-128-1 /Documents and Settings/All Users/Application Data/desktop.ini 151 .a.. r/rr-xr-xr-x 0 0 4860-128-1 /Documents and Settings/All Users/Documents/My Videos/Desktop.ini 151 .a.. r/rr-xr-xr-x 0 0 5491-128-1 /Documents and Settings/All Users/Documents/My Music/Desktop.ini 150 .a.. r/rr-xr-xr-x 0 0 5613-128-1 /Documents and Settings/All Users/Documents/My Pictures/Desktop.ini Fri Jul 01 2011 14:51:11 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/WinTrust/Trust Providers/Software Publishing 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/MUICache 815 .a.. r/rr-xr-xr-x 0 0 11172-128-4 /Documents and Settings/malware/Desktop/Windows XP Repair.lnk 232 ...b r/rr-xr-xr-x 0 0 11173-128-4 /Documents and Settings/All Users/Application Data/~14147364 168 ma.b r/rr-xr-xr-x 0 0 11174-128-1 /Documents and Settings/All Users/Application Data/~14147364r 19968 .a.. r/rr-xr-xr-x 0 0 2117-128-3 /WINDOWS/system32/linkinfo.dll 143360 .a.. r/rr-xr-xr-x 0 0 2118-128-3 /WINDOWS/system32/ntshrui.dll 56 m... d/d--x--x--x 0 0 3736-144-6 /Documents and Settings/All Users/Application Data Fri Jul 01 2011 14:51:12 232 ma.. r/rr-xr-xr-x 0 0 11173-128-4 /Documents and Settings/All Users/Application Data/~14147364 Fri Jul 01 2011 14:51:18 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Print 0 m... 0 0 0 0 REG_System_system/ControlSet001/Control/Print/Providers 75264 .a.. r/rr-xr-xr-x 0 0 2091-128-3 /WINDOWS/system32/spoolss.dll 343040 .a.. r/rr-xr-xr-x 0 0 2095-128-3 /WINDOWS/system32/localspl.dll 47104 .a.. r/rr-xr-xr-x 0 0 2097-128-3 /WINDOWS/system32/cnbjmon.dll 8192 .a.. r/rr-xr-xr-x 0 0 4829-128-3 /WINDOWS/system32/wshirda.dll Fri Jul 01 2011 14:51:19 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows NT/CurrentVersion/Devices 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows NT/CurrentVersion/PrinterPorts 67072 .a.. r/rr-xr-xr-x 0 0 2004-128-3 /WINDOWS/system32/ntdsapi.dll 15360 .a.. r/rr-xr-xr-x 0 0 2098-128-3 /WINDOWS/system32/pjlmon.dll 45568 .a.. r/rr-xr-xr-x 0 0 2099-128-3 /WINDOWS/system32/tcpmon.dll 16896 .a.. r/rr-xr-xr-x 0 0 2100-128-3 /WINDOWS/system32/usbmon.dll 102400 .a.. r/rr-xr-xr-x 0 0 2103-128-3 /WINDOWS/system32/win32spl.dll 75264 .a.. r/rr-xr-xr-x 0 0 2104-128-3 /WINDOWS/system32/inetpp.dll Fri Jul 01 2011 14:51:24 1024 .a.. r/rr-xr-xr-x 0 0 10389-128-4 /Documents and Settings/LocalService/ntuser.dat.LOG Fri Jul 01 2011 14:51:25 1024 m... r/rr-xr-xr-x 0 0 10389-128-4 /Documents and Settings/LocalService/ntuser.dat.LOG Fri Jul 01 2011 14:51:36 0 m... 0 0 0 0 REG_System_system/ControlSet001/Services/Eventlog/Application/ESENT Fri Jul 01 2011 14:51:37 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/100_Info_wuauclt - 484 - - 5 - 01 - 2600 - 5512 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/102_Info_wuaueng.dll - 484 - SUS20ClientDataStore: - 0 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 14:51:39 1048472 mac. r/rrwxrwxrwx 0 0 10648-128-3 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12/change.log.3 416 m.c. d/drwxrwxrwx 0 0 11458-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12 Fri Jul 01 2011 14:51:51 20 .a.. r/rr-xr-xr-x 0 0 5547-128-1 /WINDOWS/system32/wbem/Repository/$WinMgmt.CFG 5300224 ma.. r/rr-xr-xr-x 0 0 5553-128-4 /WINDOWS/system32/wbem/Repository/FS/OBJECTS.DATA 999424 ma.. r/rr-xr-xr-x 0 0 5554-128-3 /WINDOWS/system32/wbem/Repository/FS/INDEX.BTR Fri Jul 01 2011 14:51:52 0 macb 0 0 0 10413 [XP Prefetch] (Last run) WUAUCLT.EXE-399A8E72.pf - [WUAUCLT.EXE] was executed - run count [14]- full path: [C:/WINDOWS/SYSTEM32/WUAUCLT.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/SHFOLDER.DLL - WINDOWS/SYSTEM32/WUAUENG.DLL - WINDOWS/SYSTEM32/ADVPACK.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/CABINET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/ESENT.DLL - WINDOWS/SYSTEM32/MSPATCHA.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/SFC.DLL - WINDOWS/SYSTEM32/SFC_OS.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/WINHTTP.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/MSIMG32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/WUPS.DLL} (file: /media/sdb1/WINDOWS/Prefetch/WUAUCLT.EXE-399A8E72.pf) 5120 .a.. r/rr-xr-xr-x 0 0 1989-128-3 /WINDOWS/system32/sfc.dll 14336 .a.. r/rr-xr-xr-x 0 0 2056-128-3 /WINDOWS/system32/drprov.dll 44032 .a.. r/rr-xr-xr-x 0 0 2058-128-3 /WINDOWS/system32/ntlanman.dll 80896 .a.. r/rr-xr-xr-x 0 0 2059-128-3 /WINDOWS/system32/netui0.dll 245760 .a.. r/rr-xr-xr-x 0 0 2060-128-3 /WINDOWS/system32/netui1.dll 11776 .a.. r/rr-xr-xr-x 0 0 2062-128-3 /WINDOWS/system32/netrap.dll 25088 .a.. r/rr-xr-xr-x 0 0 2064-128-3 /WINDOWS/system32/davclnt.dll 25088 .a.. r/rr-xr-xr-x 0 0 2076-128-3 /WINDOWS/system32/shfolder.dll 4608 .a.. r/rr-xr-xr-x 0 0 2107-128-3 /WINDOWS/system32/msimg32.dll 99840 .a.. r/rr-xr-xr-x 0 0 2115-128-3 /WINDOWS/system32/advpack.dll 29696 .a.. r/rr-xr-xr-x 0 0 2760-128-3 /WINDOWS/system32/mspatcha.dll 140288 .a.. r/rr-xr-xr-x 0 0 3005-128-3 /WINDOWS/system32/sfc_os.dll 3160 ma.. r/rr-xr-xr-x 0 0 5548-128-3 /WINDOWS/system32/wbem/Repository/FS/MAPPING1.MAP 4 ma.. r/rr-xr-xr-x 0 0 5550-128-1 /WINDOWS/system32/wbem/Repository/FS/MAPPING.VER 524 ma.. r/rr-xr-xr-x 0 0 5551-128-1 /WINDOWS/system32/wbem/Repository/FS/INDEX.MAP 2636 ma.. r/rr-xr-xr-x 0 0 5552-128-3 /WINDOWS/system32/wbem/Repository/FS/OBJECTS.MAP 32256 .a.. r/rr-xr-xr-x 0 0 6055-128-3 /WINDOWS/system32/wups.dll 1135616 .a.. r/rr-xr-xr-x 0 0 6056-128-3 /WINDOWS/system32/wuaueng.dll Fri Jul 01 2011 14:52:13 278154 mac. r/rrwxrwxrwx 0 0 10814-128-4 /WINDOWS/Prefetch/NTOSBOOT-B00DFAAD.pf 20948 mac. r/rrwxrwxrwx 0 0 3797-128-4 /WINDOWS/Prefetch/WUAUCLT.EXE-399A8E72.pf Fri Jul 01 2011 14:52:16 16384 .a.b r/rr-xr-xr-x 0 0 10296-128-3 /Documents and Settings/NetworkService/Cookies/index.dat 16384 .a.b r/rr-xr-xr-x 0 0 10298-128-3 /Documents and Settings/NetworkService/Local Settings/History/History.IE5/index.dat 256 ..c. d/drwxrwxrwx 0 0 10302-144-1 /Documents and Settings/NetworkService/Local Settings/History 256 mac. d/drwxrwxrwx 0 0 10303-144-1 /Documents and Settings/NetworkService/Local Settings/History/History.IE5 152 mac. d/drwxrwxrwx 0 0 10304-144-1 /Documents and Settings/NetworkService/Cookies 32768 ma.b r/rr-xr-xr-x 0 0 11180-128-3 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/index.dat 152 m.cb d/drwxrwxrwx 0 0 11181-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/GDEJ4DMF 67 macb r/rr-xr-xr-x 0 0 11182-128-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/GDEJ4DMF/desktop.ini 152 m.cb d/drwxrwxrwx 0 0 11183-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/W5M30XMF 67 macb r/rr-xr-xr-x 0 0 11184-128-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/W5M30XMF/desktop.ini 152 m.cb d/drwxrwxrwx 0 0 11185-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/4D63S16F 67 macb r/rr-xr-xr-x 0 0 11186-128-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/4D63S16F/desktop.ini 152 m.cb d/drwxrwxrwx 0 0 11187-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/8HYZ4L6Z 67 macb r/rr-xr-xr-x 0 0 11188-128-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/8HYZ4L6Z/desktop.ini 256 ..c. d/drwxrwxrwx 0 0 3664-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files 56 mac. d/drwxrwxrwx 0 0 4843-144-5 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5 Fri Jul 01 2011 14:52:21 1024 ma.. r/rr-xr-xr-x 0 0 10322-128-4 /Documents and Settings/NetworkService/ntuser.dat.LOG Fri Jul 01 2011 14:52:52 246272 .a.. r/rr-xr-xr-x 0 0 2042-128-3 /WINDOWS/system32/es.dll Fri Jul 01 2011 14:53:58 416 .a.. d/drwxrwxrwx 0 0 11458-144-5 /System Volume Information/_restore{A4323E41-9E96-4A95-B645-4A36ED086BEA}/RP12 Fri Jul 01 2011 14:53:59 152 .a.. d/drwxrwxrwx 0 0 11181-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/GDEJ4DMF 152 .a.. d/drwxrwxrwx 0 0 11183-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/W5M30XMF 152 .a.. d/drwxrwxrwx 0 0 11185-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/4D63S16F 152 .a.. d/drwxrwxrwx 0 0 11187-144-1 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/8HYZ4L6Z Fri Jul 01 2011 14:54:07 0 m... 0 0 0 0 REG_User_malware/AppEvents/Schemes/Apps/Explorer/Navigating/.Current 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/InformationBar 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/PhishingFilter 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Internet Explorer/Recovery 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/Internet Explorer 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/Internet Explorer/Recovery 0 macb 0 0 0 10413 [XP Prefetch] (Last run) REGEDIT.EXE-1B606482.pf - [REGEDIT.EXE] was executed - run count [2]- full path: [C:/WINDOWS/REGEDIT.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/COMDLG32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/AUTHZ.DLL - WINDOWS/SYSTEM32/ACLUI.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/ULIB.DLL - WINDOWS/SYSTEM32/CLB.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL} (file: /media/sdb1/WINDOWS/Prefetch/REGEDIT.EXE-1B606482.pf) 146432 .a.. r/rr-xr-xr-x 0 0 2109-128-3 /WINDOWS/regedit.exe 62464 .a.. r/rr-xr-xr-x 0 0 2110-128-3 /WINDOWS/system32/authz.dll 115712 .a.. r/rr-xr-xr-x 0 0 2111-128-3 /WINDOWS/system32/aclui.dll 10752 .a.. r/rr-xr-xr-x 0 0 238-128-3 /WINDOWS/system32/clb.dll Fri Jul 01 2011 14:54:08 12186 mac. r/rrwxrwxrwx 0 0 11119-128-4 /WINDOWS/Prefetch/REGEDIT.EXE-1B606482.pf Fri Jul 01 2011 14:54:11 59904 .a.. r/rr-xr-xr-x 0 0 1956-128-3 /WINDOWS/system32/mpr.dll 132608 .a.. r/rr-xr-xr-x 0 0 2011-128-3 /WINDOWS/system32/msv1_0.dll 146432 .a.. r/rr-xr-xr-x 0 0 2085-128-3 /WINDOWS/system32/winspool.drv 251904 .a.. r/rr-xr-xr-x 0 0 2542-128-3 /WINDOWS/system32/iepeers.dll 274432 .a.. r/rr-xr-xr-x 0 0 5699-128-3 /WINDOWS/system32/inetcfg.dll 16384 .a.. r/rr-xr-xr-x 0 0 6134-128-3 /WINDOWS/system32/icfgnt5.dll Fri Jul 01 2011 14:54:12 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/MenuOrder/Favorites/Links 7280 .a.. r/rr-xr-xr-x 0 0 204-128-3 /WINDOWS/Fonts/vgasys.fon Fri Jul 01 2011 14:54:27 997376 .a.. r/rr-xr-xr-x 0 0 1983-128-3 /WINDOWS/system32/msgina.dll 249856 .a.. r/rr-xr-xr-x 0 0 1984-128-3 /WINDOWS/system32/odbc32.dll 94208 .a.. r/rr-xr-xr-x 0 0 1986-128-3 /WINDOWS/system32/odbcint.dll 68096 .a.. r/rr-xr-xr-x 0 0 2177-128-3 /WINDOWS/system32/shgina.dll 304128 .a.. r/rr-xr-xr-x 0 0 2189-128-3 /WINDOWS/system32/duser.dll Fri Jul 01 2011 14:54:31 100 m..b r/rr-xr-xr-x 0 0 10317-128-1 /Documents and Settings/malware/Cookies/malware@64.111.211[1].txt 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.findfertile.org/go.php?userip=198.176.229.10&referer=http://www.findfertile.org/search.php?q=penguin&aid=531&sid=direc20&curl=http://64.111.211.158/c.php?s=eNolVNkOqkgQ_SAS6W627of7ACggArIo28uEVdlkERSJHz_emVRqSVUqdR7qnPqLGBbCL2bx17qYqxG4Q9b5tVmLf75gBwDH_Z_4LwIQAuEXBI5hyDdT_SVm_CG9_fnzJbjAkECcpgLHEZjkPCoBEQRSJCBNcvhPVrJlwhf8b5kTMjZBggAwk7HprySIkC_6WWH11uZ3SQZ6UbREf4hfzv01B77pZAfXLUrdqYbhpo80_UKZxBn49WYo_DpFSbnhDcfKldJoS17udJYLNKuwe55K1SZ6ej250pCJbDF8hi-eXNbbQ6OL-uRSQ6jT1So1z6kyXBFZ3EYqRb4bQ_vDotoGZdHKnjsu5iVsu_GEoZzJkXmXFM-F-FGv98fktGW0jG-BVzZnRi-37cXgUDqWW63IyK8mWVPNad76inUAuUtlMlN8e97mz3OalWDYO-u5M3W5r4hs16Jsf_QTe3t2XAVyOoEdh1627iiPHK75UkvnOzqpEb91lK2BZxmFERaPKHiH3o301K22x9HQfdA53N15SSnXeQgk7TPsqZGj3fcwHo4UnGcNlPeeKiTVDVDq8kquySY7pXvtrDTkqsBtmOfIPR_pYmLMghYmsXv4LRdk46K50nQ5G_Py1nVMVlOLUY_wklgIeBdfhvpDok-VEz2UjRueLf44pUmN_QmHr3IjvN0wriPmxV68r6oSzWFV-cD5lM8petjckb-6sRs1_HVSh4esDtEejJtsyPV9L9Pg2h_00umIROnU-IHauVSOCzg85uJ2qfRsPpTdYApth27oUxnJWZm0Uv59iKACaXy8ATXOH3o-GkeeJogXlnlg5L3_Wd1TGN-84vI2P4EprIL09Nbr0WLWbClB3TVuc6GuRu1GnoLqceHtOnflRArvh7BQANXCvtuU2Q6uABs8Lb454O2FJHoO5Cok3Msp8dVz1Mh5TOcWFB3l5ts1lvDyzhi4zRYKgJdn1kHDNQjPXWRM_Abj24iTB-t3j07lwwksoUb4J2f2b-U9qYexmVx813Joyx9V9KauyT8jSTyN0Q-j8uhX9ZP1LE1m2Z5B3dzGwPPt82S7XMAf93bntJYv7SHVzuVLHt_xwaJTe6kt3xNGyc9RO6hnScz946atZijTK_pR4pXPT8FOfROnxLshgRMV-clQSVDJWgs3qfRMwvZ5ihr6hyDcDNorzEG3YsE5VHs9WitCM7LUCK9TSebK1pfRtp0TdzJYeA1JP6VX9bU4xz6u5uORefP4aDUlazd26zXvn9RAgndQ4HcIkR0E3y_E7A5yP-eZHSTs928LfmOkzHFoMXGgbHGwgrzi5iSMh_TD1SkCP237z77MN2dyxuh-k87t4lAHSbC2Rkc-8d9jAhQYXPIpk6ZYIHnxYxJhScJkKWbLArLfFDA5LgWCQSGQjMs4gUnzIuG4pEAlEfJ_AdDxvDA&aid=531&sid=direc20 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:64.111.211.158/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 367112 .a.. r/rr-xr-xr-x 0 0 2169-128-3 /WINDOWS/Fonts/arial.ttf 352224 .a.. r/rr-xr-xr-x 0 0 2179-128-3 /WINDOWS/Fonts/arialbd.ttf Fri Jul 01 2011 14:54:32 5325 ma.b r/rr-xr-xr-x 0 0 10450-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CAG1AJ41.htm 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://search.happythat.com/results/?partnerid=113320&appid=150752&subid=23411&ip=198.176.229.10&cid=263890&entry=penguin&qs=JQwDFAMXaSFTVkVLSUVaSRpYUURuW0sTAwFFeFpUS0tCQF1fSFNAVTZUXV5cVBRzW0UWC01ER19fEhARdQofTVxLEHRdUkJfHhZUX0AREBBkW0scBQEdclZRR0tEQE8LAUxASD1UBQQYFQV2D0ZAH1VGDwgPTERSJAwMAwkJVDNADhsPGRtHDAFMBBM1TxwFCRdZeFoGQhxERQxdXxQRQDZcD0APU0Z1V1YRXwEAVF5dERgUZl5fQVRDSzJTER0XVhcCGFMHU0Q1VEsCAg4ddEgXAQoEFQ4GChwTFGNbVEheXAYiCwwGGBcdDVJcFBQUYk8YAgBYSDEaE1dKEVFbCUsTR0YyBAgDGwBBNgsPBg9eGQwZB04PQjwESEIKQBMjGxcfJhMVBB8PSEZPdloJQFRdQSAMPEdOQk1YXDETFxJrUF0vXVQTdlxTLUhFRF5aXH4TEmdYXFVeU1UxAzwBFgUGCgpLEkURa1EMFQ4GBXdYFgYULxkMCwdUTARgDV1IVARFJw== cache stored in: UPQVMROL/CAG1AJ41.htm - HTTP/1.1 200 OK - Content-Type: text/html_charset=ISO-8859-1 - Content-Length: 5325 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 361472 .a.. r/rr-xr-xr-x 0 0 321-128-3 /WINDOWS/Resources/Themes/Luna/Shell/NormalColor/shellstyle.dll Fri Jul 01 2011 14:54:33 92 ma.b r/rr-xr-xr-x 0 0 10316-128-1 /Documents and Settings/malware/Cookies/malware@search.happythat[1].txt 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://click.mygeek.com/presults.jsp?partnerid=113320&appid=150752&subid=23411&ip=198.176.229.10&cid=263890&entry=penguin&qs=JQwDFAMXaSFTVkVLSUVaSRpYUURuW0sTAwFFeFpUS0tCQF1fSFNAVTZUXV5cVBRzW0UWC01ER19fEhARdQofTVxLEHRdUkJfHhZUX0AREBBkW0scBQEdclZRR0tEQE8LAUxASD1UBQQYFQV2D0ZAH1VGDwgPTERSJAwMAwkJVDNADhsPGRtHDAFMBBM1TxwFCRdZeFoGQhxERQxdXxQRQDZcD0APU0Z1V1YRXwEAVF5dERgUZl5fQVRDSzJTER0XVhcCGFMHU0Q1VEsCAg4ddEgXAQoEFQ4GChwTFGNbVEheXAYiCwwGGBcdDVJcFBQUYk8YAgBYSDEaE1dKEVFbCUsTR0YyBAgDGwBBNgsPBg9eGQwZB04PQjwESEIKQBMjGxcfJhMVBB8PSEZPdloJQFRdQSAMPEdOQk1YXDETFxJrUF0vXVQTdlxTLUhFRF5aXH4TEmdYXFVeU1UxAzwBFgUGCgpLEkURa1EMFQ4GBXdYFgYULxkMCwdUTARgDV1IVARFJw==&REFERER=http://www.findfertile.org/ac3.php?q=penguin&aid=531&sid=direc20&POS=70x203&VIEWPORT=571x257&IFRAME=N&COOKIES=Y&RES=800x600 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:search.happythat.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 337 ...b r/rr-xr-xr-x 0 0 11274-128-1 /Documents and Settings/malware/Cookies/malware@gamesweaseltv.mevio[1].txt Fri Jul 01 2011 14:54:34 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:crux.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 95 m..b r/rr-xr-xr-x 0 0 11190-128-1 /Documents and Settings/malware/Cookies/malware@crux.mevio[1].txt 157999 m..b r/rr-xr-xr-x 0 0 11194-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/index[2].js 1604 m..b r/rr-xr-xr-x 0 0 11195-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ie6-fixes[2].css 26185 m..b r/rr-xr-xr-x 0 0 11196-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/index[1].css 27240 m..b r/rr-xr-xr-x 0 0 11197-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ga[2].js 33316 m..b r/rr-xr-xr-x 0 0 11199-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/shows[2].css 98741 m..b r/rr-xr-xr-x 0 0 11200-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showPage[2].js Fri Jul 01 2011 14:54:35 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/0d2/554/0d255467a252a80c4e44f87bf228b2b2cad29ad9.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/279595/large/gamesweaseltv-us-e.jpg?r=1304703565&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/0d255467a252a80c4e44f87bf228b2b2cad29ad9[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7359 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/117/3f0/1173f0fb86d4e0fa2148c92cb6c7898b68e2f916.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/285148/large/gamesweaseltv-us-e.jpg?r=1308320145&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/1173f0fb86d4e0fa2148c92cb6c7898b68e2f916[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 14531 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/28e/548/28e5489a6f7966d376209edd2e82a806c2abede1.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/269414/large/gamesweaseltv-us-e.jpg?r=1297964744&width=200&height=112&scheme=1 cache stored in: SLK18LSF/28e5489a6f7966d376209edd2e82a806c2abede1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7633 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/508/349/508349bb8d62027f2ec24c38724f2a1d940e3ac7.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/283402/large/gamesweaseltv-us-e.jpg?r=1307648820&width=200&height=112&scheme=1 cache stored in: SLK18LSF/508349bb8d62027f2ec24c38724f2a1d940e3ac7[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 6794 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/665/e57/665e57985dc43681a574bfcaee3a040978cd2d70.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/281481/large/gamesweaseltv-us-e.jpg?r=1306127545&width=200&height=112&scheme=1 cache stored in: SLK18LSF/665e57985dc43681a574bfcaee3a040978cd2d70[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 6370 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/9eb/89a/9eb89aef14a82357f61e8401668b2852b67e396c.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/276808/large/gamesweaseltv-us-e.jpg?r=1302889247&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/9eb89aef14a82357f61e8401668b2852b67e396c[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7751 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/abe/506/abe506872146a572ec53fc224421b675ec50c012.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/266842/large/gamesweaseltv-us-e.jpg?r=1297792699&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/abe506872146a572ec53fc224421b675ec50c012[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5851 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/b39/4b4/b394b4b644845918dfc3e6ea48d027c5553da117.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/271549/large/gamesweaseltv-us-e.jpg?r=1299259763&width=200&height=112&scheme=1 cache stored in: SLK18LSF/b394b4b644845918dfc3e6ea48d027c5553da117[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7338 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/b6b/075/b6b07589d76c009b1371fbf5d33c8bca2ff4b0dd.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/273494/large/gamesweaseltv-us-e.jpg?r=1300725657&width=200&height=112&scheme=1 cache stored in: UPQVMROL/b6b07589d76c009b1371fbf5d33c8bca2ff4b0dd[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 6229 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/c5f/e9f/c5fe9f22653f73f12988a9604d85a763cfa6eef3.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/286643/large/gamesweaseltv-us-e.jpg?r=1309448670&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/c5fe9f22653f73f12988a9604d85a763cfa6eef3[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 13932 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/eba/76b/eba76b89c2f2775d6f84bc382cb194af7e4e8fbc.jpg?url=http://origin.psstatic.podshow.com/images/shows/15992/episodes/275124/large/gamesweaseltv-us-e.jpg?r=1301936223&width=200&height=112&scheme=1 cache stored in: UPQVMROL/eba76b89c2f2775d6f84bc382cb194af7e4e8fbc[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 6019 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/442489/gallery/thumbs/218903.jpg cache stored in: UPQVMROL/218903[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3426 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/5825/gallery/thumbs/5028.jpg cache stored in: SLK18LSF/5028[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2856 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/7334/gallery/thumbs/4724.jpg cache stored in: UPQVMROL/4724[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3017 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 2132 m..b r/rr-xr-xr-x 0 0 11198-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/small-icons[1].png 999 m..b r/rr-xr-xr-x 0 0 11202-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/box-shadows[1].png 2680 m..b r/rr-xr-xr-x 0 0 11203-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/box-heading[1].png 11097 m..b r/rr-xr-xr-x 0 0 11204-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/logo-and-footer[1].jpg 610 m..b r/rr-xr-xr-x 0 0 11206-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/now-playing-bg[1].jpg 58767 m..b r/rr-xr-xr-x 0 0 11207-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/PromoRollV4[1].jpg 14531 ma.b r/rr-xr-xr-x 0 0 11208-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1173f0fb86d4e0fa2148c92cb6c7898b68e2f916[1].jpg 13932 ma.b r/rr-xr-xr-x 0 0 11209-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/c5fe9f22653f73f12988a9604d85a763cfa6eef3[1].jpg 6370 ma.b r/rr-xr-xr-x 0 0 11210-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/665e57985dc43681a574bfcaee3a040978cd2d70[1].jpg 6794 ma.b r/rr-xr-xr-x 0 0 11211-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/508349bb8d62027f2ec24c38724f2a1d940e3ac7[1].jpg 7751 ma.b r/rr-xr-xr-x 0 0 11212-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/9eb89aef14a82357f61e8401668b2852b67e396c[1].jpg 7359 ma.b r/rr-xr-xr-x 0 0 11213-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/0d255467a252a80c4e44f87bf228b2b2cad29ad9[1].jpg 6019 ma.b r/rr-xr-xr-x 0 0 11215-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/eba76b89c2f2775d6f84bc382cb194af7e4e8fbc[1].jpg 6229 ma.b r/rr-xr-xr-x 0 0 11216-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/b6b07589d76c009b1371fbf5d33c8bca2ff4b0dd[1].jpg 7338 ma.b r/rr-xr-xr-x 0 0 11217-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/b394b4b644845918dfc3e6ea48d027c5553da117[1].jpg 7633 ma.b r/rr-xr-xr-x 0 0 11218-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/28e5489a6f7966d376209edd2e82a806c2abede1[1].jpg 5851 ma.b r/rr-xr-xr-x 0 0 11219-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/abe506872146a572ec53fc224421b675ec50c012[1].jpg 1222 m..b r/rr-xr-xr-x 0 0 11220-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/default[1].jpg 5130 m..b r/rr-xr-xr-x 0 0 11221-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showicons[1].png 3017 ma.b r/rr-xr-xr-x 0 0 11222-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/4724[1].jpg 3426 ma.b r/rr-xr-xr-x 0 0 11223-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/218903[1].jpg 2705 m..b r/rr-xr-xr-x 0 0 11224-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/42861[1].jpg 2856 ma.b r/rr-xr-xr-x 0 0 11225-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5028[1].jpg Fri Jul 01 2011 14:54:36 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://farm6.static.flickr.com/5152/5841633479_acf151e7f0_s.jpg cache stored in: QJM5KT6J/5841633479_acf151e7f0_s[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 5397 - X-Cache: HIT from photocache603.flickr.gq1.yahoo.com - X-Cache-Lookup: HIT from photocache603.flickr.gq1.yahoo.com:83 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://farm6.static.flickr.com/5277/5883593413_6d272d0b28_s.jpg cache stored in: SLK18LSF/5883593413_6d272d0b28_s[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 4461 - X-Cache: HIT from photocache609.flickr.gq1.yahoo.com - X-Cache-Lookup: HIT from photocache609.flickr.gq1.yahoo.com:83 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://farm6.static.flickr.com/5318/5887355857_5541eb46b6_m.jpg cache stored in: SLK18LSF/5887355857_5541eb46b6_m[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 22492 - X-Cache: HIT from photocache602.flickr.gq1.yahoo.com - X-Cache-Lookup: HIT from photocache602.flickr.gq1.yahoo.com:83 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://farm7.static.flickr.com/6019/5887923130_547f50e74f_s.jpg cache stored in: QJM5KT6J/5887923130_547f50e74f_s[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 19084 - X-Cache: HIT from photocache710.flickr.ne1.yahoo.com - X-Cache-Lookup: HIT from photocache710.flickr.ne1.yahoo.com:83 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://farm7.static.flickr.com/6051/5884517406_700a6f2e88_s.jpg cache stored in: QJM5KT6J/5884517406_700a6f2e88_s[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 4084 - X-Cache: HIT from photocache701.flickr.ne1.yahoo.com - X-Cache-Lookup: HIT from photocache701.flickr.ne1.yahoo.com:83 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/Eastbay.png cache stored in: SLK18LSF/Eastbay[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 20753 - X-Varnish: 1033994539 1033958766 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/Facebook.png cache stored in: QJM5KT6J/Facebook[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 2303 - X-Varnish: 1033994574 1033959989 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/Footlocker.png cache stored in: UPQVMROL/Footlocker[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 18385 - X-Varnish: 1033994559 1033959021 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/Twitter.png cache stored in: UPQVMROL/Twitter[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 1906 - X-Varnish: 1033994580 1033959521 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/YouTube.png cache stored in: YZCXGNW1/YouTube[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 2677 - X-Varnish: 1033994582 1033961743 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/Zazzle.png cache stored in: YZCXGNW1/Zazzle[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 7165 - X-Varnish: 1033994550 1033959325 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/iTunes.png cache stored in: QJM5KT6J/iTunes[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 4195 - X-Varnish: 1033994597 1033961726 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/rss.png cache stored in: SLK18LSF/rss[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 2928 - X-Varnish: 1033994572 1033963195 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/About.png cache stored in: YZCXGNW1/About[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 669 - X-Varnish: 1033994567 1033962366 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/Buy_Now.gif cache stored in: UPQVMROL/Buy_Now[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - Content-Length: 1704 - X-Varnish: 1033994521 1033954574 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/Latest_Reviews.png cache stored in: UPQVMROL/Latest_Reviews[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 1042 - X-Varnish: 1033994503 1033966649 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/Matt_Cuttle.png cache stored in: QJM5KT6J/Matt_Cuttle[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 70578 - X-Varnish: 1033994594 1033963225 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/News.png cache stored in: YZCXGNW1/News[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 1477 - X-Varnish: 1033994560 1033963171 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/Offers.png cache stored in: UPQVMROL/Offers[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 646 - X-Varnish: 1033994526 1033955930 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweasel.com/wp-content/themes/gamesweasel-10/images/showpage/s.png cache stored in: YZCXGNW1/s[1].png - HTTP/1.1 200 OK - Content-Type: image/png - Content-Length: 96 - X-Varnish: 1033994504 1033963203 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/15992/shows/thumbs/gamesweaseltv.jpg?r=1281038478 cache stored in: UPQVMROL/gamesweaseltv[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4138 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/1016/gallery/thumbs/94614.jpg cache stored in: YZCXGNW1/94614[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3384 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/15071/gallery/thumbs/9433.jpg cache stored in: SLK18LSF/9433[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2301 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/159/gallery/thumbs/343.jpg cache stored in: UPQVMROL/343[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2737 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/1845/gallery/thumbs/3277.jpg cache stored in: SLK18LSF/3277[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2588 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/29968/gallery/thumbs/18465.jpg cache stored in: QJM5KT6J/18465[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3108 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/39460/gallery/med/29096.jpg cache stored in: QJM5KT6J/29096[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 17704 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/6058/gallery/thumbs/4176.jpg cache stored in: QJM5KT6J/4176[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2793 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/97/gallery/thumbs/34526.jpg cache stored in: QJM5KT6J/34526[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3598 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 3108 ma.b r/rr-xr-xr-x 0 0 11205-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/18465[1].jpg 2903 ma.b r/rr-xr-xr-x 0 0 11214-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/2510[1].jpg 2901 m..b r/rr-xr-xr-x 0 0 11226-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/4197dfa1f28d2d77f56f6f8e1eb334e36a0bd5a6[1].jpg 3471 m..b r/rr-xr-xr-x 0 0 11227-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/12129[1].jpg 2793 ma.b r/rr-xr-xr-x 0 0 11228-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/4176[1].jpg 1042 ma.b r/rr-xr-xr-x 0 0 11229-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Latest_Reviews[1].png 2900 ma.b r/rr-xr-xr-x 0 0 11230-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/147123[1].jpg 96 ma.b r/rr-xr-xr-x 0 0 11231-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/s[1].png 4461 ma.b r/rr-xr-xr-x 0 0 11232-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5883593413_6d272d0b28_s[1].jpg 22492 ma.b r/rr-xr-xr-x 0 0 11233-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5887355857_5541eb46b6_m[1].jpg 2301 ma.b r/rr-xr-xr-x 0 0 11234-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/9433[1].jpg 4084 ma.b r/rr-xr-xr-x 0 0 11235-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5884517406_700a6f2e88_s[1].jpg 19084 ma.b r/rr-xr-xr-x 0 0 11236-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5887923130_547f50e74f_s[1].jpg 3598 ma.b r/rr-xr-xr-x 0 0 11237-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/34526[1].jpg 2737 ma.b r/rr-xr-xr-x 0 0 11241-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/343[1].jpg 5397 ma.b r/rr-xr-xr-x 0 0 11242-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5841633479_acf151e7f0_s[1].jpg 3637 m..b r/rr-xr-xr-x 0 0 11243-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/277295[1].jpg 1704 ma.b r/rr-xr-xr-x 0 0 11244-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Buy_Now[1].gif 2931 m..b r/rr-xr-xr-x 0 0 11245-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/2372[1].jpg 3384 ma.b r/rr-xr-xr-x 0 0 11246-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/94614[1].jpg 646 ma.b r/rr-xr-xr-x 0 0 11247-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Offers[1].png 9295 m..b r/rr-xr-xr-x 0 0 11248-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/3831[1].png 20753 ma.b r/rr-xr-xr-x 0 0 11249-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/Eastbay[1].png 4138 ma.b r/rr-xr-xr-x 0 0 11250-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/gamesweaseltv[1].jpg 7165 ma.b r/rr-xr-xr-x 0 0 11251-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Zazzle[1].png 17704 ma.b r/rr-xr-xr-x 0 0 11252-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/29096[1].jpg 18385 ma.b r/rr-xr-xr-x 0 0 11254-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Footlocker[1].png 7011 m..b r/rr-xr-xr-x 0 0 11255-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hotoff-us-e[1].jpg 1477 ma.b r/rr-xr-xr-x 0 0 11256-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/News[1].png 794 m..b r/rr-xr-xr-x 0 0 11257-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/joinNow25high[1].gif 669 ma.b r/rr-xr-xr-x 0 0 11259-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/About[1].png 2928 ma.b r/rr-xr-xr-x 0 0 11261-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/rss[1].png 2303 ma.b r/rr-xr-xr-x 0 0 11262-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Facebook[1].png 1906 ma.b r/rr-xr-xr-x 0 0 11263-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Twitter[1].png 2677 ma.b r/rr-xr-xr-x 0 0 11264-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/YouTube[1].png 2588 ma.b r/rr-xr-xr-x 0 0 11265-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/3277[1].jpg 70578 ma.b r/rr-xr-xr-x 0 0 11266-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Matt_Cuttle[1].png 4195 ma.b r/rr-xr-xr-x 0 0 11267-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/iTunes[1].png 78342 m..b r/rr-xr-xr-x 0 0 11268-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_htdocs[1].js Fri Jul 01 2011 14:54:38 3447 m..b r/rr-xr-xr-x 0 0 11253-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/beacon[2].js 20356 m..b r/rr-xr-xr-x 0 0 11258-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_player[2].js 3493 m..b r/rr-xr-xr-x 0 0 11260-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_comments[2].js 65677 m..b r/rr-xr-xr-x 0 0 11269-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tpl_shows[2].js Fri Jul 01 2011 14:54:39 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:gamesweaseltv.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 950 m..b r/rr-xr-xr-x 0 0 11272-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dropdown-arrows[2].png 337 ma.. r/rr-xr-xr-x 0 0 11274-128-1 /Documents and Settings/malware/Cookies/malware@gamesweaseltv.mevio[1].txt 295610 ...b r/rr-xr-xr-x 0 0 11275-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/MevioBPFX[1].swf 3320 m..b r/rr-xr-xr-x 0 0 6834-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/mevio-m-neverback-24x24[1].gif Fri Jul 01 2011 14:54:40 665 m..b r/rr-xr-xr-x 0 0 11192-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/client_restserver[1].htm 295610 ma.. r/rr-xr-xr-x 0 0 11275-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/MevioBPFX[1].swf 3681 m..b r/rr-xr-xr-x 0 0 11279-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/player-icons[2].png Fri Jul 01 2011 14:54:41 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://www.facebook.com/extern/login_status.php?api_key=c99345b4de38e993c64ef4654ac9164b&extern=0&channel=http://gamesweaseltv.mevio.com/rest/facebook/xd_receiver.php&locale=en_US cache stored in: UPQVMROL/login_status[1].htm - HTTP/1.1 200 OK - Content-Length: 1207 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 1207 ma.b r/rr-xr-xr-x 0 0 11280-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/login_status[1].htm Fri Jul 01 2011 14:54:42 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://gamesweaseltv.mevio.com/rest/facebook/xd_receiver.php cache stored in: YZCXGNW1/xd_receiver[1].htm - HTTP/1.1 200 OK - Content-Length: 591 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 591 ma.b r/rr-xr-xr-x 0 0 11284-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/xd_receiver[1].htm 3386 m..b r/rr-xr-xr-x 0 0 11286-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/XdCommReceiver[2].js Fri Jul 01 2011 14:54:43 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:quantserve.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 4575 ma.b r/rr-xr-xr-x 0 0 11287-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[1].js 92 m..b r/rr-xr-xr-x 0 0 11289-128-1 /Documents and Settings/malware/Cookies/malware@quantserve[1].txt Fri Jul 01 2011 14:54:44 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adi/N5271.159469.AOD-INVITE/B5501350.4_sz=728x90_pc=[TPAS_ID]_click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDsOxCAQQ68STR0khvlBbrOEUEXbpYr27msqvyfZfkmEjq3V4rJvJAXiql4ZxhDqXsXnPNMZ0pJmk_SJPtK8Rumah1W5aE1XuYVwLFs_DWlI7AKowO9z30AHspVs_PsDBqUbsQ--&redirectURL=_ord=b6836ffc-c739-4053-a7bd-fed2b40d583e? cache stored in: YZCXGNW1/pixel[1].htm - HTTP/1.1 200 OK - Content-Length: 6857 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://g-pixel.invitemedia.com/gmatcher?id=E0 cache stored in: QJM5KT6J/gmatcher[1].gif - HTTP/1.0 200 OK - P3P: policyref="/w3c/p3p.xml"- CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" - Content-Type: image/gif - Pragma: no-cache - Content-Length: 43 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://r.nexac.com/e/getdata.xgi?dt=fi&fn=adrider&pkey=tubw72p3ncbzv&repequal=-&reppipe=&code= cache stored in: YZCXGNW1/getdata[1].xgi - HTTP/1.1 200 OK - Transfer-Encoding: chunked - Pragma: no-cache - P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml"- CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE" - X-Powered-By: Jigawatts - Content-type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:tap2-cdn.rubiconproject.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 43 ma.b r/rr-xr-xr-x 0 0 11290-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/gmatcher[1].gif 6621 m..b r/rr-xr-xr-x 0 0 11297-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/emily[1].htm 6857 ma.b r/rr-xr-xr-x 0 0 11298-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/pixel[1].htm 297 m..b r/rr-xr-xr-x 0 0 11303-128-1 /Documents and Settings/malware/Cookies/malware@tap2-cdn.rubiconproject[1].txt 801 m..b r/rr-xr-xr-x 0 0 11304-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/flashwrite_1_2[2].js 12 ma.b r/rr-xr-xr-x 0 0 11310-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/getdata[1].xgi Fri Jul 01 2011 14:54:45 2205 ma.b r/rr-xr-xr-x 0 0 11306-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-15[1].js 2310 m..b r/rr-xr-xr-x 0 0 11314-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-2[1].js 15168 m..b r/rr-xr-xr-x 0 0 11315-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/aceUAC[1].js Fri Jul 01 2011 14:54:46 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.turn.com/server/bid/fan.bid?pub=10063193&cch=10063206&l=728x90&requestId=C1Bf9Po4Ws7K.b2Bf9Po4Ws7K&ref=http://fan-ugc-foxaudiencenetwork.com&rand=1309557286359 cache stored in: YZCXGNW1/fan[1].bid - HTTP/1.1 200 OK - Content-Type: application/json - Content-Length: 1060 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:yahoo.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 2234 m..b r/rr-xr-xr-x 0 0 11293-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[2].js 2008 m..b r/rr-xr-xr-x 0 0 11294-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[1].js 2008 m..b r/rr-xr-xr-x 0 0 11308-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[1].js 2310 .a.. r/rr-xr-xr-x 0 0 11314-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-2[1].js 7951 ma.b r/rr-xr-xr-x 0 0 11316-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[1].htm 83 ma.b r/rr-xr-xr-x 0 0 11318-128-1 /Documents and Settings/malware/Cookies/malware@yahoo[1].txt 688 ma.b r/rr-xr-xr-x 0 0 11320-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[1] 1060 ma.b r/rr-xr-xr-x 0 0 11323-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/fan[1].bid 9359 ...b r/rrwxrwxrwx 0 0 11990-128-4 /Documents and Settings/malware/Cookies/malware@adnxs[1].txt Fri Jul 01 2011 14:54:47 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N5914.126262.AOLPERFORMANCENETWO/B5640868.3_sz=728x90_click=http://r1-ads.ace.advertising.com/click/site=0000795578/mnum=0001040606/cstr=26399007=_4e0e4204-8870257073-795578^1040606^1183^0-1_/xsxdata=$xsxdata/bnum=26399007/optn=64?trg=_ord=8870257073? cache stored in: QJM5KT6J/optn=64[2] - HTTP/1.1 200 OK - Content-Length: 6190 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/2660564/CNTL11-578_Q2_DRAboutYou_FreeActivation_728x90.jpg cache stored in: UPQVMROL/CNTL11-578_Q2_DRAboutYou_FreeActivation_728x90[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Content-Type-Options: nosniff - Content-Length: 39725 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/mevio/ros/728x90/jx/ss/a/1879480817 URL:Top1 cache stored in: YZCXGNW1/1879480817@Top1[1] - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 687 - Keep-Alive: timeout=60 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 2234 .a.. r/rr-xr-xr-x 0 0 11293-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[2].js 2008 .a.. r/rr-xr-xr-x 0 0 11294-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[1].js 2008 .a.. r/rr-xr-xr-x 0 0 11308-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[1].js 684 ma.b r/rr-xr-xr-x 0 0 11317-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/imp[1] 39725 ma.b r/rr-xr-xr-x 0 0 11319-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CNTL11-578_Q2_DRAboutYou_FreeActivation_728x90[1].jpg 6190 ma.b r/rr-xr-xr-x 0 0 11322-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/optn=64[2] 607 ma.b r/rr-xr-xr-x 0 0 11325-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/dref=http%3A%2F%2Fgamesweasel[2].com%2F%3Futm_campaign%3D088aeb_572913_263890_113320_150752_23411%26utm_source%3D088aebc%26utm_medium%3D088aeb 687 ma.b r/rr-xr-xr-x 0 0 11330-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1879480817@Top1[1] 2030 ma.b r/rr-xr-xr-x 0 0 11336-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dk[1].js 12576 m..b r/rr-xr-xr-x 0 0 11339-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/tags[2].js 60 m..b r/rr-xr-xr-x 0 0 11342-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/displayAd[2].js 166 ...b r/rr-xr-xr-x 0 0 11505-128-1 /Documents and Settings/malware/Cookies/malware@realmedia[1].txt 434176 .a.. r/rr-xr-xr-x 0 0 3142-128-3 /WINDOWS/system32/vbscript.dll Fri Jul 01 2011 14:54:48 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://adadvisor.net/adscores/g.js?sid=9239766368 cache stored in: QJM5KT6J/g[1].js - HTTP/1.1 200 OK - P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml"-CP="NOI NID" - Content-Length: 271 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cdn5.tribalfusion.com/media/2516896//frm.html cache stored in: YZCXGNW1/frm[1].htm - HTTP/1.1 200 OK - Content-Length: 1378 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://tags.expo9.exponential.com/tags/Targus/ROS/tags.js cache stored in: UPQVMROL/tags[2].js - HTTP/1.1 200 OK - Content-Length: 12575 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://tf.nexac.com/media/1809966/na.html cache stored in: QJM5KT6J/na[1].htm - HTTP/1.1 200 OK - P3P: CP="NOI DEVo TAIa OUR BUS" - X-Function: 301 - Content-Type: text/html - Content-Length: 762 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:imrworldwide.com/cgi-bin (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 ma.b r/rr-xr-xr-x 0 0 11296-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAIFOHQD.ad 1332 ma.b r/rr-xr-xr-x 0 0 11345-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CAO3Q5OT.ad 1378 ma.b r/rr-xr-xr-x 0 0 11350-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/frm[1].htm 762 ma.b r/rr-xr-xr-x 0 0 11351-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/na[1].htm 45 ma.b r/rr-xr-xr-x 0 0 11353-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/rd[1] 271 ma.b r/rr-xr-xr-x 0 0 11354-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/g[1].js 12575 ma.b r/rr-xr-xr-x 0 0 11355-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tags[2].js 2572 ma.b r/rr-xr-xr-x 0 0 11356-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAFJPXKE.htm 214 ma.b r/rr-xr-xr-x 0 0 11357-128-1 /Documents and Settings/malware/Cookies/malware@cgi-bin[2].txt 32284 m..b r/rr-xr-xr-x 0 0 11359-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/118ed178-986a-4c57-9d20-0870639fdad0[1].jpg 24385 m..b r/rr-xr-xr-x 0 0 11360-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/StdBanner[2].js 7905 m..b r/rr-xr-xr-x 0 0 11365-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tracking_only[2].js Fri Jul 01 2011 14:54:49 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/a.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309557288828_t=1309557288843 cache stored in: SLK18LSF/a[1].gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n10.panthercdn.com - ETag: "3c04c-2b-edb95b80" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/f.gif?cd=4_cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309557288828_t=1309557288843f.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309557288828_t=1309557288843 cache stored in: YZCXGNW1/CAS5SJW3.gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n10.panthercdn.com - ETag: "3c050-2b-edb95b80" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/i.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309557288828_t=1309557288843 cache stored in: QJM5KT6J/i[1].gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n10.panthercdn.com - ETag: "3c051-2b-775728c0" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://b3.mookie1.com/2/B3DM/DLX/1 URL:x71 cache stored in: QJM5KT6J/1@x71[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 1423 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://b3.mookie1.com/2/TribalFusionB3/Motorola/2011Q2_Atrix/CN/728/11217442856 URL:x90 cache stored in: YZCXGNW1/11217442856@x90[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 519 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://dm.de.mookie1.com/2/B3DM/2010DM/1730591662 URL:x23?USNetwork/Moto_2011Q2_Atrix_TF_CN_728 cache stored in: SLK18LSF/1730591662@x23[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 2421 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://mig.nexac.com/2/B3DM/DLX/1 URL:x96 cache stored in: UPQVMROL/1@x96[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 1391 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:nexac.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 1391 ma.b r/rr-xr-xr-x 0 0 11309-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1@x96[1].htm 43 ma.b r/rr-xr-xr-x 0 0 11362-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAS5SJW3.gif 43 ma.b r/rr-xr-xr-x 0 0 11366-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/a[1].gif 43 ma.b r/rr-xr-xr-x 0 0 11367-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/i[1].gif 519 ma.b r/rr-xr-xr-x 0 0 11368-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/11217442856@x90[1].htm 2421 ma.b r/rr-xr-xr-x 0 0 11370-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1730591662@x23[1].htm 1423 ma.b r/rr-xr-xr-x 0 0 11371-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/1@x71[1].htm 144 ma.b r/rr-xr-xr-x 0 0 11372-128-1 /Documents and Settings/malware/Cookies/malware@nexac[2].txt Fri Jul 01 2011 14:54:50 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://su.addthis.com/red/usync?pid=2&puid=422217505559544-xrDlCk4OQgUADp2C cache stored in: QJM5KT6J/usync[1].png - HTTP/1.1 200 OK - P3P: policyref="/w3c/p3p.xml"- CP="NON ADM OUR DEV IND COM STA" - Content-Type: image/png - Content-Length: 67 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://dm.de.mookie1.com/2/B3DM/DLX/ URL:x94 cache stored in: YZCXGNW1/@x94[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 666 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://premium.mookie1.com/2/PAM_DM/2011Generic URL:Bottom3 cache stored in: SLK18LSF/2011Generic@Bottom3[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 77 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:addthis.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 666 ma.b r/rr-xr-xr-x 0 0 11373-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/@x94[1].htm 77 ma.b r/rr-xr-xr-x 0 0 11374-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/2011Generic@Bottom3[1].htm 122 ma.b r/rr-xr-xr-x 0 0 11375-128-1 /Documents and Settings/malware/Cookies/malware@addthis[1].txt 67 ma.b r/rr-xr-xr-x 0 0 11376-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/usync[1].png 177 ...b r/rr-xr-xr-x 0 0 11378-128-1 /Documents and Settings/malware/Cookies/malware@contextweb[2].txt Fri Jul 01 2011 14:54:51 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:contextweb.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 177 ma.. r/rr-xr-xr-x 0 0 11378-128-1 /Documents and Settings/malware/Cookies/malware@contextweb[2].txt 0 macb 0 0 0 5544 [WMIprov Log file] (Time Written) Entry in log file: WDM call returned error: 4200 (file: /media/sdb1/WINDOWS/system32/wbem/Logs/wmiprov.log) 1004 ma.. r/rr-xr-xr-x 0 0 5544-128-3 /WINDOWS/system32/wbem/Logs/wmiprov.log Fri Jul 01 2011 14:55:15 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/262/fa4/262fa4472ddaa4727cbc48ac93bd48d4800bf0ed.jpg?url=http://origin.psstatic.podshow.com/images/shows/21273/episodes/285822/large/itcouldbeworse-us-e.jpg?r=1308841571&width=200&height=112&scheme=1 cache stored in: SLK18LSF/262fa4472ddaa4727cbc48ac93bd48d4800bf0ed[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 26741 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/47a/c16/47ac163b368a40b309220a8ae16626c1874f24e6.jpg?url=http://origin.psstatic.podshow.com/images/shows/19008/episodes/237946/large/okinsider-us-e.jpg?r=1279595181&width=200&height=112&scheme=1 cache stored in: UPQVMROL/47ac163b368a40b309220a8ae16626c1874f24e6[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10803 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/bcf/8b2/bcf8b2846ded8223ba1a5e2b0b3867956aa61201.jpg?url=http://origin.psstatic.podshow.com/images/shows/26298/episodes/248763/large/pop17-us-e.jpg?r=1284498840&width=200&height=112&scheme=1 cache stored in: SLK18LSF/bcf8b2846ded8223ba1a5e2b0b3867956aa61201[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10772 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/bed/f96/bedf96242983dac037168b9a38c6c2710ff91108.jpg?url=http://origin.psstatic.podshow.com/images/shows/23974/episodes/286738/large/reformschool-us-e.jpg?r=1309473395&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/bedf96242983dac037168b9a38c6c2710ff91108[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 12452 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/869922/channels/small/890024.jpg?r=38841 cache stored in: UPQVMROL/890024[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7811 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/869922/gallery/thumbs/279738.jpg?r=38841 cache stored in: UPQVMROL/279738[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 1560 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.mevio.com/channels/?cId=890024 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 18839 ma.b r/rr-xr-xr-x 0 0 11191-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/channels[1].css 10803 ma.b r/rr-xr-xr-x 0 0 11283-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/47ac163b368a40b309220a8ae16626c1874f24e6[1].jpg 307 ...b r/rr-xr-xr-x 0 0 11285-128-1 /Documents and Settings/malware/Cookies/malware@www.mevio[1].txt 7811 ma.b r/rr-xr-xr-x 0 0 11292-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/890024[1].jpg 1560 ma.b r/rr-xr-xr-x 0 0 11312-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/279738[1].jpg 26741 ma.b r/rr-xr-xr-x 0 0 11338-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/262fa4472ddaa4727cbc48ac93bd48d4800bf0ed[1].jpg 10772 ma.b r/rr-xr-xr-x 0 0 11346-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/bcf8b2846ded8223ba1a5e2b0b3867956aa61201[1].jpg 2132 ma.b r/rr-xr-xr-x 0 0 11347-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/actionBar[1].png 435 ma.b r/rr-xr-xr-x 0 0 11348-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/play-trans[1].png 23216 ma.b r/rr-xr-xr-x 0 0 11349-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/default[2].jpg 12452 ma.b r/rr-xr-xr-x 0 0 11379-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/bedf96242983dac037168b9a38c6c2710ff91108[1].jpg 11533 ...b r/rr-xr-xr-x 0 0 11382-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/8ef336c6e2b72b5c3a6bf5fc573ca5f798cb4e98[1].jpg 7834 ma.b r/rr-xr-xr-x 0 0 11384-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_channels[2].js 40014 ...b r/rr-xr-xr-x 0 0 11385-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/a4b6dbea7c7d1ad5affc22280b968759abac5fe8[1].png Fri Jul 01 2011 14:55:16 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/380/686/380686a9e245b6c9588ee47a4374fa8c6aeaf28d.jpg?url=http://origin.thumbs.mevio.com/media/23473/episodes/246022/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/380686a9e245b6c9588ee47a4374fa8c6aeaf28d[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4649 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/576/17b/57617b115751f9587dfd6e7c97e652757d9a158f.png?url=http://origin.psstatic.podshow.com/images/shows/21754/episodes/233419/large/hairbangersball-us-e.png?r=1274996283&width=200&height=112&scheme=1 cache stored in: UPQVMROL/57617b115751f9587dfd6e7c97e652757d9a158f[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 43391 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/5ab/272/5ab27290d55e31c8cdf1ccd41a1df4466760db63.jpg?url=http://origin.psstatic.podshow.com/images/shows/23436/episodes/234509/large/theradreport-us-e.jpg?r=1275681955&width=200&height=112&scheme=1 cache stored in: UPQVMROL/5ab27290d55e31c8cdf1ccd41a1df4466760db63[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 7424 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/8ef/336/8ef336c6e2b72b5c3a6bf5fc573ca5f798cb4e98.jpg?url=http://origin.psstatic.podshow.com/images/shows/26453/episodes/252363/large/alist-us-e.jpg?r=1286490665&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/8ef336c6e2b72b5c3a6bf5fc573ca5f798cb4e98[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 11533 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/a4b/6db/a4b6dbea7c7d1ad5affc22280b968759abac5fe8.png?url=http://origin.psstatic.podshow.com/images/shows/22243/episodes/198494/large/emogirltv-us-e.png?r=1258745063&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/a4b6dbea7c7d1ad5affc22280b968759abac5fe8[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 40014 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:www.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 7424 ma.b r/rr-xr-xr-x 0 0 11277-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5ab27290d55e31c8cdf1ccd41a1df4466760db63[1].jpg 307 ma.. r/rr-xr-xr-x 0 0 11285-128-1 /Documents and Settings/malware/Cookies/malware@www.mevio[1].txt 11533 ma.. r/rr-xr-xr-x 0 0 11382-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/8ef336c6e2b72b5c3a6bf5fc573ca5f798cb4e98[1].jpg 4649 ma.b r/rr-xr-xr-x 0 0 11383-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/380686a9e245b6c9588ee47a4374fa8c6aeaf28d[1].jpg 40014 ma.. r/rr-xr-xr-x 0 0 11385-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/a4b6dbea7c7d1ad5affc22280b968759abac5fe8[1].png 43391 ma.b r/rr-xr-xr-x 0 0 11386-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/57617b115751f9587dfd6e7c97e652757d9a158f[1].png Fri Jul 01 2011 14:55:17 1107 ...b r/rrwxrwxrwx 0 0 11324-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/login_status[1].htm 1023 ma.b r/rr-xr-xr-x 0 0 11389-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ctrl-vert-scroll[1].png Fri Jul 01 2011 14:55:22 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/mevio/ros/728x90/jx/ss/a/1240890821 URL:Top1 cache stored in: SLK18LSF/1240890821@Top1[1] - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 687 - Keep-Alive: timeout=60 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 687 m..b r/rr-xr-xr-x 0 0 11329-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1240890821@Top1[1] 2234 ma.b r/rr-xr-xr-x 0 0 11393-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26317-2[1].js Fri Jul 01 2011 14:55:23 1201 ma.b r/rr-xr-xr-x 0 0 11313-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/adopt[1].htm 687 .a.. r/rr-xr-xr-x 0 0 11329-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1240890821@Top1[1] 430 ...b r/rr-xr-xr-x 0 0 11337-128-1 /Documents and Settings/malware/Cookies/malware@serving-sys[1].txt 2322 ma.b r/rr-xr-xr-x 0 0 11344-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26318-2[1].js 2952 ma.b r/rr-xr-xr-x 0 0 11352-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CASPE981.htm 2030 ma.b r/rr-xr-xr-x 0 0 11395-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dk[1].js 684 ma.b r/rr-xr-xr-x 0 0 11398-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[1] 688 ma.b r/rr-xr-xr-x 0 0 11399-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/imp[1] 4348 m..b r/rr-xr-xr-x 0 0 11402-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/fp[1].js Fri Jul 01 2011 14:55:24 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log30.doubleverify.com/visitor.aspx?query=agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895815&advid=796804&sid=Fox%20Audience%20Network&adid=&&num=201&srcurl=http://www.mevio.com/channels/?cId=890024&random=0.5607829497620708 cache stored in: QJM5KT6J/CAA2739W.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 38604 m..b r/rr-xr-xr-x 0 0 11397-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/785e48fd-311d-4f0e-be8f-e511ecfdeeb9[1].jpg 24385 m..b r/rr-xr-xr-x 0 0 11404-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/StdBanner[2].js 2914 m..b r/rr-xr-xr-x 0 0 11405-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/script201[2].js 0 ma.b r/rr-xr-xr-x 0 0 11406-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CAA2739W.jpg Fri Jul 01 2011 14:56:26 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.mevio.com/episode/237946/lilo-rocks-up-10-hours-late-okinsiderepisode74 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) Fri Jul 01 2011 14:56:27 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/11/shows/thumbs/lifespring.jpg?r=1138742130 cache stored in: YZCXGNW1/lifespring[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4578 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/1530/shows/thumbs/atc.jpg?r=1156305678 cache stored in: UPQVMROL/atc[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 1964 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/4561/shows/thumbs/scrapcast.jpg?r=1165957395 cache stored in: QJM5KT6J/scrapcast[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3616 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 1964 ma.b r/rr-xr-xr-x 0 0 11380-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/atc[1].jpg 4578 ma.b r/rr-xr-xr-x 0 0 11381-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/lifespring[1].jpg 1039 ma.b r/rr-xr-xr-x 0 0 11388-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/success-checkmark[1].png 3616 ma.b r/rr-xr-xr-x 0 0 11410-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/scrapcast[1].jpg 398372 .a.. r/rr-xr-xr-x 0 0 2188-128-3 /WINDOWS/Fonts/timesbd.ttf Fri Jul 01 2011 14:56:28 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.findfertile.org/go.php?userip=198.176.229.10&referer=http://www.findfertile.org/search.php?q=book&aid=531&sid=direc20&curl=http://64.111.211.158/c.php?s=eNollMeuq0gQhh_I0oHuJjSLuwBzyNFg0mZEzmBjGxvEw4_vjH5VUNW_KZX0dQdEFAAHpvBh-ebHCC-3fAw6s-P_HOQPSdL0_4U5IAkAyX4TS9MIH_HIren7z5-DTmmGRQzJsBiyAJI5Zqi8RHRWpDmqKvqfAqIUMxmCJAZZSqUMk9IVB6via8dpjg_4VWnNVt-V3kzyPC8Rv8ZD22W3c2I1cHTjnUyCeF4rCrK6t9SQQVk1oRNYgw0T5DsitmX95BNDphV1o4kzONkpHSUvRctN8eFMcpuullVdxCtB6GNtNNIHZNpbnLKSXeG2A1qJ1HOQDdewLTqgVPdFoLFcFoaYJi_AmSed19Bp38LE04mnGwzSJ3IFeGGfO8y7Uve89fEbJ451W-LCWLP59fxsvhGvMrRFKs6RLu0F985r19Xju8AoiSDw4CaLdxkrzElkHB2Tly7qC29SiTYQowfSelHPoLVwoU0-gUgX9rCcxQhenFwuuTctMzanoW2pmBAO9MI4fMwjpK_qrMl3W6DHN05kdRRWOux0z6w7Vbb892SH-hhAZhS-D63b0tPdc8h57rmr-A7K4ENdNGYkncpeplrLrvNHODtL5KiJ_1peamraF8qJAm_wqlEoGX-I5Xv16bkhoyWhvLIwfzLm8yaXMOvhb_9RwGWk8FosJ-uKXuC5PazfZw6DM6HrYcdcf_eXH5UXVeXdKxdBNHMm1MqLU1_OtiLgbYHtqhlTda7DFLK3aXshSNgOTSgAjYPPozksb_rTivdcljixem-yv5HFqVbjnG66bPcUM1JPxEy6_PByejuezCiZA8pdlHK5tsONKNwlOBmUYZvOEmR3L7vyxB03DWrr5mT60-_Tb2YXciHvVk7bqDwPukJ6OCG73AXBBHwdVtZ5Bnrfk8pnH42HlKrBHr_hQ2iC9om968wodq2I_Pse75dANnRVpDopAJC4MrRjpQ83vpIUim6WocaZR62kdHeh4j27KMJD0NtZ3puq61kS6S8tyjLyMfVu3W5UHL87bgzvwSN0iWKs1NiIxspupF3K55yH_FsFYTrTZwvLrB-f5jhQxpGZkNU6JNffWdzgqDoZcbjUWuGbdyvhIFueVNg16OIOvOFrOwuCyfHV8uFiwk_7thnNoCmenSf4UUoykRTJ0d6uv2pr80vXNynbVNU8kiIq6daRRoJzX--rS9zuYTwNyqgXfdJnex2Pj-bm7qCgejN5kdRYBmrzvXU-cR-spb-YPwCHfwDL_EDI_QDyOACmfgD9DQb9AI46_o7AkY1Bk48fupCb4dujfKOfSZTcso3uMkh-WfafDnQUqEDG-N2MlzGJNDINP4Mxclvyl2UsYBGuvqzKMsxyRQnJlKO4FOUZpqoSUMeXdZjimCwHRYEZnP3FHEQYYTpl2RLhfwEYHbRi&aid=531&sid=direc20 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) Fri Jul 01 2011 14:56:29 5325 ma.b r/rr-xr-xr-x 0 0 10318-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA6RCHER.htm 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://search.chillcow.com/results/?partnerid=113320&appid=150752&subid=23411&ip=198.176.229.10&cid=264123&entry=book&qs=JQwDFAMXaSFTVkVLSUVaSRpYUURuW0sTAwFFeFpUS05EQFpcSFNAVTZUXV5cVBRzW0UWC01ER19fEhARdQofTVxLEHRdUkJfHhZUX0AREBBkW0scBQEdclZRR0xCR08LAUxASD1UBQQYFQV2D0ZAH1VGDwELQFNNKh0FFQIAVzZADhcPGRtHDAFMBBM1TxwFCRdZeFoGQhxERlxWX0BCQDZcD0APU0Z1CAUXXwEAVF5dERgUZl5eQ1tDSzJTER0XVhcCGFMHU0Q1VEsCAg4ddEgXAQoEFQ4GChwTFGNbVEheXAYiCwwGGBcdDVJcFBQUYk8YAgBYSDEaE1dKEVFbCUsTR082CB8cFRFIIAAGBQpeGQwZB04PQjwESEIKQBMjGxcfJhMVBB8PSEZPdloJQg1WEXMMPEdOQk1YXDETFxViW14vXVQTdlxTLUhFRF5aXH4TEmdYXFVeU1UxAzwBFgUGCgpLEkUTMlpcRg5AEnMbFx8mHRENBhtMBBI3WwxDXVNC cache stored in: UPQVMROL/CA6RCHER.htm - HTTP/1.1 200 OK - Content-Type: text/html_charset=ISO-8859-1 - Content-Length: 5325 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:bidsystem.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 97 ma.b r/rr-xr-xr-x 0 0 11403-128-1 /Documents and Settings/malware/Cookies/malware@bidsystem[2].txt Fri Jul 01 2011 14:56:30 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://click.mygeek.com/presults.jsp?partnerid=113320&appid=150752&subid=23411&ip=198.176.229.10&cid=264123&entry=book&qs=JQwDFAMXaSFTVkVLSUVaSRpYUURuW0sTAwFFeFpUS05EQFpcSFNAVTZUXV5cVBRzW0UWC01ER19fEhARdQofTVxLEHRdUkJfHhZUX0AREBBkW0scBQEdclZRR0xCR08LAUxASD1UBQQYFQV2D0ZAH1VGDwELQFNNKh0FFQIAVzZADhcPGRtHDAFMBBM1TxwFCRdZeFoGQhxERlxWX0BCQDZcD0APU0Z1CAUXXwEAVF5dERgUZl5eQ1tDSzJTER0XVhcCGFMHU0Q1VEsCAg4ddEgXAQoEFQ4GChwTFGNbVEheXAYiCwwGGBcdDVJcFBQUYk8YAgBYSDEaE1dKEVFbCUsTR082CB8cFRFIIAAGBQpeGQwZB04PQjwESEIKQBMjGxcfJhMVBB8PSEZPdloJQg1WEXMMPEdOQk1YXDETFxViW14vXVQTdlxTLUhFRF5aXH4TEmdYXFVeU1UxAzwBFgUGCgpLEkUTMlpcRg5AEnMbFx8mHRENBhtMBBI3WwxDXVNC&REFERER=http://www.findfertile.org/ac3.php?q=book&aid=531&sid=direc20&POS=99x232&VIEWPORT=571x257&IFRAME=N&COOKIES=Y&RES=800x600 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:search.chillcow.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 591 ...b r/rrwxrwxrwx 0 0 11390-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/xd_receiver[1].htm 91 ma.b r/rr-xr-xr-x 0 0 11407-128-1 /Documents and Settings/malware/Cookies/malware@search.chillcow[1].txt 338 ...b r/rr-xr-xr-x 0 0 11413-128-1 /Documents and Settings/malware/Cookies/malware@nearlythenews.mevio[1].txt Fri Jul 01 2011 14:56:32 6032 ma.b r/rr-xr-xr-x 0 0 11167-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/86da2433b2d7e89bb87cbdcc717e6542abb5c1a5[1].jpg 5809 ma.b r/rr-xr-xr-x 0 0 11415-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/b0942feb76caea4b6a8c2ffc50ab58f850ca2752[1].jpg 5938 ma.b r/rr-xr-xr-x 0 0 11416-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/7fa9503afac135886b3d295e77e3f699db2f088f[1].jpg 5844 ma.b r/rr-xr-xr-x 0 0 11417-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/8d367ca2c0dcb81af9870cc8e0bf2c0b56939bb5[1].jpg 5896 ma.b r/rr-xr-xr-x 0 0 11418-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/b76f4ae429bac02e5b95d4afd5dc2c1c5847b385[1].jpg 5119 ma.b r/rr-xr-xr-x 0 0 11419-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/4644591fb077b95a495d2a1e2dbf4da947677a5e[1].jpg 5175 ma.b r/rr-xr-xr-x 0 0 11420-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/08e4f12711259da87a650a1d16e6c2292ca0d974[1].jpg 5409 ma.b r/rr-xr-xr-x 0 0 11421-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/9c4d6af299cc5b76bc81135f01e5eeb8ce626fe4[1].jpg 5748 ma.b r/rr-xr-xr-x 0 0 11422-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ad3a99d40cfdbfe6e897921568dd671a78a625dd[1].jpg 3416 m..b r/rr-xr-xr-x 0 0 11423-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/156954[1].gif 2229 m..b r/rr-xr-xr-x 0 0 11424-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5521[1].jpg 2441 m..b r/rr-xr-xr-x 0 0 11425-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/2661[1].jpg 5500 m..b r/rr-xr-xr-x 0 0 11426-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3184c21120c91ede3333550f5d45b4c65cfb834b[1].jpg 5766 m..b r/rr-xr-xr-x 0 0 11427-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/fe428692e79c6adf1b2850d38470a7c7dc8616a3[1].jpg 2833 m..b r/rr-xr-xr-x 0 0 11428-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/1667[1].jpg 2973 m..b r/rr-xr-xr-x 0 0 11429-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3860[1].jpg 2472 m..b r/rr-xr-xr-x 0 0 11430-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5842[1].jpg 2887 m..b r/rr-xr-xr-x 0 0 11431-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/261456[1].jpg 7467 m..b r/rr-xr-xr-x 0 0 11432-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5205[1].png 3482 m..b r/rr-xr-xr-x 0 0 11433-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1781[1].jpg 3539 m..b r/rr-xr-xr-x 0 0 11434-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/35930[1].jpg 2754 m..b r/rr-xr-xr-x 0 0 11435-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/29096[1].jpg 2513 m..b r/rr-xr-xr-x 0 0 11436-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7620[1].jpg 2589 m..b r/rr-xr-xr-x 0 0 11437-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/16566[1].jpg 4140 m..b r/rr-xr-xr-x 0 0 11438-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7601[1].jpg 2537 m..b r/rr-xr-xr-x 0 0 11439-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4091[1].jpg 17283 m..b r/rr-xr-xr-x 0 0 11441-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/280455[1].jpg 4106 m..b r/rr-xr-xr-x 0 0 11443-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/nearlythenews[1].jpg Fri Jul 01 2011 14:56:34 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:nearlythenews.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 338 ma.. r/rr-xr-xr-x 0 0 11413-128-1 /Documents and Settings/malware/Cookies/malware@nearlythenews.mevio[1].txt Fri Jul 01 2011 14:56:35 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5564961.8_sz=728x90_pc=[TPAS_ID]_click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/mevio/ros/728x90/jx/ss/a/L24/1010486149/Top1/USNetwork/BCN2011060146_002_Nissan/nissan_may25_728.html/7872446c436b344f51675141422f2b71?_ord=1010486149? cache stored in: YZCXGNW1/7872446c436b344f51675141422f2b71[1] - HTTP/1.1 200 OK - Content-Length: 38282 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/mevio/ros/728x90/jx/ss/a/1522405056 URL:Top1 cache stored in: YZCXGNW1/1522405056@Top1[1] - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 1062 - Keep-Alive: timeout=60 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 2197 m..b r/rr-xr-xr-x 0 0 11343-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[2].js 1062 ma.b r/rr-xr-xr-x 0 0 11396-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1522405056@Top1[1] 2234 ma.b r/rr-xr-xr-x 0 0 11440-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[3].js 688 ma.b r/rr-xr-xr-x 0 0 11448-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[2] 38282 ma.b r/rr-xr-xr-x 0 0 11455-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7872446c436b344f51675141422f2b71[1] 49 ...b r/rr-xr-xr-x 0 0 11691-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tap[2].gif Fri Jul 01 2011 14:56:36 30061 ma.b r/rr-xr-xr-x 0 0 11189-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/PID_1666481_K2335_NAS_OM_728x90[1].jpg 2197 .a.. r/rr-xr-xr-x 0 0 11343-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[2].js 688 ...b r/rr-xr-xr-x 0 0 11414-128-4 /Documents and Settings/malware/Cookies/malware@insightexpressai[2].txt 3067866 ...b r/rr-xr-xr-x 0 0 11447-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/swflash[1].cab 2008 m..b r/rr-xr-xr-x 0 0 11456-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[1].js 10 m..b r/rr-xr-xr-x 0 0 11461-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/adServerESI[1].aspx Fri Jul 01 2011 14:56:37 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://pixel.rubiconproject.com/tap.php?v=7249&nid=2146&put=e1psppomnjrpttd68kf4fbae6jh7bppq&expires=30 cache stored in: QJM5KT6J/tap[2].gif - HTTP/1.1 200 OK - X-Powered-By: PHP/5.1.6 - P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" - Content-Length: 49 - Keep-Alive: timeout=45- max=441 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:tag.admeld.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 688 ma.b r/rr-xr-xr-x 0 0 11331-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[3] 49 ma.b r/rr-xr-xr-x 0 0 11445-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/tap[2].gif 591 ...b r/rr-xr-xr-x 0 0 11450-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/xd_receiver[2].htm 2008 .a.. r/rr-xr-xr-x 0 0 11456-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[1].js 10 .a.. r/rr-xr-xr-x 0 0 11461-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/adServerESI[1].aspx 2793 m..b r/rr-xr-xr-x 0 0 11500-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/aceUACping[1].htm 109 ma.b r/rr-xr-xr-x 0 0 11502-128-1 /Documents and Settings/malware/Cookies/malware@tag.admeld[1].txt Fri Jul 01 2011 14:56:38 448 m... d/dr-xr-xr-x 0 0 10337-144-1 /WINDOWS/SoftwareDistribution/DataStore/Logs 131072 ma.. r/rr-xr-xr-x 0 0 10355-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/edb.log 8192 ma.. r/rr-xr-xr-x 0 0 10468-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/edb.chk 1056768 ma.. r/rr-xr-xr-x 0 0 10502-128-4 /WINDOWS/SoftwareDistribution/DataStore/DataStore.edb 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:yieldmanager.net/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 96 ma.b r/rr-xr-xr-x 0 0 11503-128-1 /Documents and Settings/malware/Cookies/malware@yieldmanager[1].txt 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/101_Info_wuauclt - 484 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) ESENT/103_Info_wuaueng.dll - 484 - SUS20ClientDataStore: - 0 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 14:56:40 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N3340.247realmedia.com/B5564961.8_sz=728x90_pc=[TPAS_ID]_click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/mevio/ros/728x90/jx/ss/a/L24/1203465651/Top1/USNetwork/BCN2011060146_002_Nissan/nissan_may25_728.html/7872446c436b344f51675141422f2b71?_ord=1203465651? cache stored in: YZCXGNW1/7872446c436b344f51675141422f2b71[3] - HTTP/1.1 200 OK - Content-Length: 38282 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/1361550/PID_1666481_K2335_NAS_OM_728x90.jpg cache stored in: UPQVMROL/PID_1666481_K2335_NAS_OM_728x90[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Content-Type-Options: nosniff - Content-Length: 30061 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/mevio/ros/728x90/jx/ss/a/1898557958 URL:Top1 cache stored in: SLK18LSF/1898557958@Top1[1] - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 1062 - Keep-Alive: timeout=60 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:insightexpressai.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:realmedia.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 8 ma.b r/rr-xr-xr-x 0 0 11326-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/adServerESI[1].aspx 1062 ma.b r/rr-xr-xr-x 0 0 11328-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1898557958@Top1[1] 688 ma.. r/rr-xr-xr-x 0 0 11414-128-4 /Documents and Settings/malware/Cookies/malware@insightexpressai[2].txt 2234 ma.b r/rr-xr-xr-x 0 0 11504-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[4].js 166 ma.. r/rr-xr-xr-x 0 0 11505-128-1 /Documents and Settings/malware/Cookies/malware@realmedia[1].txt 688 ma.b r/rr-xr-xr-x 0 0 11506-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[2] 38282 ma.b r/rr-xr-xr-x 0 0 11509-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7872446c436b344f51675141422f2b71[3] Fri Jul 01 2011 14:56:41 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N5552.159462.AOL.COM/B5330190.12_sz=728x90_click=http://r1-ads.ace.advertising.com/click/site=0000788695/mnum=0001039554/cstr=69825578=_4e0e4276-6276807620-788695^1039554^82^0-1_/xsxdata=$xsxdata/bnum=69825578/optn=64?trg=_ord=6276807620? cache stored in: YZCXGNW1/optn=64[2] - HTTP/1.1 200 OK - Content-Length: 6962 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/2784032/MoreMore_Game_728x90_BW.jpg cache stored in: YZCXGNW1/MoreMore_Game_728x90_BW[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Content-Type-Options: nosniff - Content-Length: 11280 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:simpli.fi/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 2008 ma.b r/rr-xr-xr-x 0 0 11451-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26271-15[1].js 684 ma.b r/rr-xr-xr-x 0 0 11484-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[3] 594 ma.b r/rr-xr-xr-x 0 0 11501-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dref=http%3A%2F%2Fnearlythenew[1].com%2F%3Futm_campaign%3D2a316b_572913_264123_113320_150752_23411%26utm_source%3D2a316b%26utm_medium%3D2a316b 11280 ma.b r/rr-xr-xr-x 0 0 11510-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/MoreMore_Game_728x90_BW[1].jpg 2034 ma.b r/rr-xr-xr-x 0 0 11514-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26270-2[1].js 2197 ma.b r/rr-xr-xr-x 0 0 11515-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[3].js 90 ma.b r/rr-xr-xr-x 0 0 11517-128-1 /Documents and Settings/malware/Cookies/malware@simpli[1].txt 6962 ma.b r/rr-xr-xr-x 0 0 11520-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/optn=64[2] Fri Jul 01 2011 14:56:42 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N3671.AOL/B5229711.9_sz=728x90_pc=[TPAS_ID]_click=http://r1-ads.ace.advertising.com/click/site=0000788695/mnum=0000973883/cstr=22439947=_4e0e4277-7818048843-788695^973883^82^0-1_/xsxdata=$xsxdata/bnum=22439947/optn=64?trg=_ord=7818048843? cache stored in: QJM5KT6J/optn=64[3] - HTTP/1.1 200 OK - Content-Length: 6666 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cdn.doubleverify.com/script152.js?agnc=563308&cmp=5229711&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=59781785&advid=998766&sid=320821&adid= cache stored in: UPQVMROL/script152[2].js - HTTP/1.1 200 OK - Content-Length: 2914 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cdn.doubleverify.com/script201.js?agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895816&advid=796804&sid=Fox Audience Network&adid= cache stored in: QJM5KT6J/script201[2].js - HTTP/1.1 200 OK - Content-Length: 2914 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js?ai=5823481 cache stored in: SLK18LSF/StdBanner[3].js - HTTP/1.1 200 OK - Content-Length: 24385 - Content-Type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingRes///Site-15895/Type-0/acc3c2fa-4748-40de-b9ea-57356529ba23.jpg cache stored in: UPQVMROL/acc3c2fa-4748-40de-b9ea-57356529ba23[1].jpg - HTTP/1.1 200 OK - Content-Length: 39662 - Content-Type: image/jpeg (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log50.doubleverify.com/visitor.aspx?query=agnc=563308&cmp=5229711&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=59781785&advid=998766&sid=320821&adid=&&num=152&srcurl=http://nearlythenews.mevio.com/?utm_campaign=2a316b_572913_264123_113320_150752_23411&utm_source=2a316b&utm_medium=2a316b&random=0.9287394558228015 cache stored in: YZCXGNW1/CAB99BDB.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/998766/1061_728x90_Promo_FreePhone_Smartphone_Static.jpg cache stored in: UPQVMROL/1061_728x90_Promo_FreePhone_Smartphone_Static[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Content-Type-Options: nosniff - Content-Length: 23346 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:demr.opt.fimserve.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 2325 ma.b r/rr-xr-xr-x 0 0 11175-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[2].js 594 ma.b r/rr-xr-xr-x 0 0 11341-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dref=http%3A%2F%2Fnearlythenew[2].com%2F%3Futm_campaign%3D2a316b_572913_264123_113320_150752_23411%26utm_source%3D2a316b%26utm_medium%3D2a316b 115 ma.b r/rr-xr-xr-x 0 0 11400-128-1 /Documents and Settings/malware/Cookies/malware@demr.opt.fimserve[1].txt 2197 ma.b r/rr-xr-xr-x 0 0 11516-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-2[1].js 39662 ma.b r/rr-xr-xr-x 0 0 11523-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/acc3c2fa-4748-40de-b9ea-57356529ba23[1].jpg 23346 ma.b r/rr-xr-xr-x 0 0 11528-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1061_728x90_Promo_FreePhone_Smartphone_Static[1].jpg 6666 ma.b r/rr-xr-xr-x 0 0 11529-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/optn=64[3] 2914 ma.b r/rr-xr-xr-x 0 0 11531-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/script152[2].js 1020 ma.b r/rr-xr-xr-x 0 0 11532-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[2].htm 2958 ma.b r/rr-xr-xr-x 0 0 11533-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CACRDZIA.htm 0 ma.b r/rr-xr-xr-x 0 0 11534-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAB99BDB.jpg 24385 ma.b r/rr-xr-xr-x 0 0 11536-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/StdBanner[3].js 2914 ma.b r/rr-xr-xr-x 0 0 11537-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/script201[2].js Fri Jul 01 2011 14:56:43 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log30.doubleverify.com/visitor.aspx?query=agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895816&advid=796804&sid=Fox%20Audience%20Network&adid=&&num=201&srcurl=http://nearlythenews.mevio.com/?utm_campaign=2a316b_572913_264123_113320_150752_23411&utm_source=2a316b&utm_medium=2a316b&random=0.9039394999754498 cache stored in: QJM5KT6J/CA9UNXPU.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 ma.b r/rr-xr-xr-x 0 0 11512-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CA9UNXPU.jpg Fri Jul 01 2011 14:56:58 5168 .a.. r/rr-xr-xr-x 0 0 187-128-3 /WINDOWS/Fonts/vgaoem.fon Fri Jul 01 2011 14:57:14 44032 .a.. r/rr-xr-xr-x 0 0 1018-128-3 /WINDOWS/system32/msxml3r.dll 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://nearlythenews.mevio.com/?utm_campaign=2a316b_572913_264123_113320_150752_23411&utm_source=2a316b&utm_medium=2a316b (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 9432 ...b r/rr-xr-xr-x 0 0 11408-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/nearlythenews.mevio[1].htm Fri Jul 01 2011 14:57:16 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/Bags/8/Shell Fri Jul 01 2011 14:57:17 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://nearlythenews.mevio.com/?format=show-episodes cache stored in: UPQVMROL/nearlythenews.mevio[1].htm - HTTP/1.1 200 OK - Content-Length: 9432 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 9432 ma.. r/rr-xr-xr-x 0 0 11408-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/nearlythenews.mevio[1].htm Fri Jul 01 2011 14:57:19 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Internet Settings Fri Jul 01 2011 14:57:21 2034 ma.b r/rr-xr-xr-x 0 0 11511-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[1].js Fri Jul 01 2011 14:57:22 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Ext/Stats 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{D27CDB6E-AE6D-11CF-96B8-444553540000} 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/cm.appnexus/wireless_ron_sz=300x250_app=wireless_ron_click0=http://ib.adnxs.com/click?VC9thbH28D-rsBngguztPwAAAAAAAPg_FM_ZAkKr9T_FILByaJH4P3yXNNM_ozxHomJy4l6FLVGfQg5OAAAAAEG7BwDLAQAANwEAAAIAAABtLwcAzwkBAAEAAABVU0QAVVNEACwB-gCkIJ8DvgwBAQUCAQQAAAAAvyMXyQAAAAA./cnd=!4gRBKAi9gQYQ7d4cGM-TBCAA/referrer=http://nearlythenews.mevio.com/?utm_campaign=2a316b_572913_264123_113320_150752_23411&utm_source=2a316b&utm_medium=2a316b/clickenc=_ord=1309557407? cache stored in: QJM5KT6J/CA31HNIE. - HTTP/1.1 200 OK - Content-Length: 10453 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://data.aggregateknowledge.com/pixel!t=650!?che=556622&camid=5629905&plaid=65638121&creid=42724427&adgid=242743000 cache stored in: YZCXGNW1/pixel!t=650![1].gif - HTTP/1.1 200 OK - P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" - ETag: W/"43-1308732886000" - Content-Type: image/gif - Content-Language: en-US - Content-Length: 43 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log50.doubleverify.com/visitor.aspx?query=agnc=2981993&cmp=5629905&crt=42724427&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=65638121&advid=2981993&sid=457626&adid=242743000&&srcurl=http://qydjuk.com/fw-nonplayer-banner.php?w=300&h=250&fwcsid=home&btf=1&is_ex=clean&btype=1&zone=shows&num=7&random=0.9811074200216594 cache stored in: SLK18LSF/CA69WXAV.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 2197 ma.b r/rr-xr-xr-x 0 0 11526-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[4].js 0 ma.b r/rr-xr-xr-x 0 0 11535-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CA69WXAV.jpg 2515 ma.b r/rr-xr-xr-x 0 0 11542-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[2].js 803 ma.b r/rr-xr-xr-x 0 0 11543-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CAQV4XUR 10453 ma.b r/rr-xr-xr-x 0 0 11547-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CA31HNIE 30302 ma.b r/rr-xr-xr-x 0 0 11549-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/300x250_062011_NATL_PROMO_INCREDIBLE2_v2[1].swf 40021 ma.b r/rr-xr-xr-x 0 0 11550-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/script7[2].js 43 ma.b r/rr-xr-xr-x 0 0 11552-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/pixel!t=650![1].gif 350 ...b r/rrwxrwxrwx 0 0 11774-128-1 /Documents and Settings/malware/Cookies/malware@aggregateknowledge[2].txt Fri Jul 01 2011 14:57:23 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://spe.atdmt.com/images/pixel.gif cache stored in: SLK18LSF/pixel[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - Content-Length: 42 - Allow: GET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:atdmt.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 42 .a.. r/rr-xr-xr-x 0 0 10626-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/pixel[1].gif 180 ma.b r/rr-xr-xr-x 0 0 11449-128-1 /Documents and Settings/malware/Cookies/malware@atdmt[2].txt Fri Jul 01 2011 14:57:38 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ad.doubleclick.net/adj/N4300.AOL/B5501146.4_sz=728x90_pc=[TPAS_ID]_click=http://r1-ads.ace.advertising.com/click/site=0000788695/mnum=0001034404/cstr=63918538=_4e0e42af-6202258152-788695^1034404^82^0-1_/xsxdata=$xsxdata/bnum=63918538/optn=64?trg=_ord=6202258152? cache stored in: SLK18LSF/optn=64[2] - HTTP/1.1 200 OK - Content-Length: 6439 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://s0.2mdn.net/1326154/Hyatt_Leisure_National_728x90 Concept 1.gif cache stored in: QJM5KT6J/Hyatt_Leisure_National_728x90 Concept 1[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - X-Content-Type-Options: nosniff - Content-Length: 8147 - X-XSS-Protection: 1_ mode=block (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 136 ...b r/rr-xr-xr-x 0 0 11288-128-1 /Documents and Settings/malware/Cookies/malware@r1-ads.ace.advertising[1].txt 801 .a.. r/rr-xr-xr-x 0 0 11304-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/flashwrite_1_2[2].js 8147 ma.b r/rr-xr-xr-x 0 0 11541-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Hyatt_Leisure_National_728x90 Concept 1[1].gif 6439 ma.b r/rr-xr-xr-x 0 0 11555-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/optn=64[2] Fri Jul 01 2011 14:57:48 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/1308/shows/thumbs/otrcomedypodshowcom.jpg?r=1154989918 cache stored in: YZCXGNW1/otrcomedypodshowcom[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4327 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/14391/shows/thumbs/striptaculous1.jpg?r=1283618372 cache stored in: YZCXGNW1/striptaculous1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4375 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/16840/shows/thumbs/centurymediapodcast.jpg?r=1206661968 cache stored in: SLK18LSF/centurymediapodcast[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2748 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/20235/shows/thumbs/masterinthemix.jpg?r=1283149266 cache stored in: SLK18LSF/masterinthemix[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 1595 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/20980/shows/thumbs/curtisandtarashow.jpg?r=1258141571 cache stored in: YZCXGNW1/curtisandtarashow[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4249 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/21570/shows/thumbs/mymhmaudio.png?r=1243481220 cache stored in: SLK18LSF/mymhmaudio[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 4822 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/21749/shows/thumbs/newbrew.png?r=1278034223 cache stored in: UPQVMROL/newbrew[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 9312 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/23028/shows/thumbs/staticradioshow.jpg?r=1251935290 cache stored in: SLK18LSF/staticradioshow[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4324 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/23436/shows/thumbs/theradreport.png?r=1282075428 cache stored in: QJM5KT6J/theradreport[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 3501 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/24182/shows/thumbs/thesmellcast.jpg?r=1263072074 cache stored in: QJM5KT6J/thesmellcast[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3510 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/24236/shows/thumbs/artsidercast1.jpg?r=1262969425 cache stored in: UPQVMROL/artsidercast1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2258 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/24890/shows/thumbs/btpcast.jpg?r=1302321229 cache stored in: YZCXGNW1/btpcast[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3715 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/25598/shows/thumbs/podmdm.jpg?r=1276651611 cache stored in: QJM5KT6J/podmdm[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3053 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/26478/shows/thumbs/tripdspodcast.png?r=1285819529 cache stored in: UPQVMROL/tripdspodcast[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 11719 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27109/shows/thumbs/hotoff.jpg?r=1303772318 cache stored in: QJM5KT6J/hotoff[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3002 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27187/shows/thumbs/telekidsforever.png?r=1299877060 cache stored in: QJM5KT6J/telekidsforever[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 13332 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27371/shows/thumbs/hotoffuk.png?r=1305045586 cache stored in: UPQVMROL/hotoffuk[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 3375 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/6207/shows/thumbs/wwwscraptimeca.jpg?r=1203985872 cache stored in: UPQVMROL/wwwscraptimeca[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2830 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/6589/shows/thumbs/theultimate.jpg?r=1176130123 cache stored in: SLK18LSF/theultimate[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3838 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/7/shows/thumbs/mostpeoplearedjs.jpg?r=1157480139 cache stored in: QJM5KT6J/mostpeoplearedjs[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3274 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/8270/shows/thumbs/michebelzhollywood.jpg?r=1290208813 cache stored in: YZCXGNW1/michebelzhollywood[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3884 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/combined/directory.css?r=38841 cache stored in: SLK18LSF/directory[2].css - HTTP/1.1 200 OK - Content-Length: 1954 - Content-Type: text/css (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/js/tpl_directory.js?r=38841 cache stored in: YZCXGNW1/tpl_directory[1].js - HTTP/1.1 200 OK - Content-Length: 3164 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.mevio.com/directory (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 3053 ma.b r/rr-xr-xr-x 0 0 11327-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/podmdm[1].jpg 1954 ma.b r/rr-xr-xr-x 0 0 11391-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/directory[2].css 3274 ma.b r/rr-xr-xr-x 0 0 11392-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mostpeoplearedjs[1].jpg 18913 m..b r/rr-xr-xr-x 0 0 11409-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/default[1].jpg 1595 ma.b r/rr-xr-xr-x 0 0 11442-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/masterinthemix[1].jpg 4324 ma.b r/rr-xr-xr-x 0 0 11467-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/staticradioshow[1].jpg 2748 ma.b r/rr-xr-xr-x 0 0 11499-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/centurymediapodcast[1].jpg 3715 ma.b r/rr-xr-xr-x 0 0 11553-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/btpcast[1].jpg 13332 ma.b r/rr-xr-xr-x 0 0 11556-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/telekidsforever[1].png 2258 ma.b r/rr-xr-xr-x 0 0 11557-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/artsidercast1[1].jpg 3375 ma.b r/rr-xr-xr-x 0 0 11558-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hotoffuk[1].png 239 ma.b r/rr-xr-xr-x 0 0 11559-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/bg-pager[1].png 4327 ma.b r/rr-xr-xr-x 0 0 11560-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/otrcomedypodshowcom[1].jpg 3164 ma.b r/rr-xr-xr-x 0 0 11561-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_directory[1].js 261 ma.b r/rr-xr-xr-x 0 0 11562-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/action-img-map[1].png 9312 ma.b r/rr-xr-xr-x 0 0 11563-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/newbrew[1].png 2027 m..b r/rr-xr-xr-x 0 0 11564-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26317-15[1].js 3884 ma.b r/rr-xr-xr-x 0 0 11565-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/michebelzhollywood[1].jpg 3501 ma.b r/rr-xr-xr-x 0 0 11566-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/theradreport[1].png 2830 ma.b r/rr-xr-xr-x 0 0 11567-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/wwwscraptimeca[1].jpg 3002 ma.b r/rr-xr-xr-x 0 0 11568-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/hotoff[1].jpg 11719 ma.b r/rr-xr-xr-x 0 0 11569-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tripdspodcast[1].png 3510 ma.b r/rr-xr-xr-x 0 0 11570-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/thesmellcast[1].jpg 4375 ma.b r/rr-xr-xr-x 0 0 11571-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/striptaculous1[1].jpg 4249 ma.b r/rr-xr-xr-x 0 0 11572-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/curtisandtarashow[1].jpg 4822 ma.b r/rr-xr-xr-x 0 0 11575-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/mymhmaudio[1].png 3838 ma.b r/rr-xr-xr-x 0 0 11576-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/theultimate[1].jpg Fri Jul 01 2011 14:57:49 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/1238/shows/thumbs/compcon.jpg?r=1155081665 cache stored in: YZCXGNW1/compcon[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2778 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/13817/shows/thumbs/twotimesvideo.jpg?r=1195843321 cache stored in: UPQVMROL/twotimesvideo[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2550 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/17716/shows/thumbs/themagicnewswire.png?r=1212507337 cache stored in: SLK18LSF/themagicnewswire[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 11713 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/19817/shows/thumbs/ayultp.png?r=1226416368 cache stored in: QJM5KT6J/ayultp[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 2658 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/201/shows/thumbs/themusicianscooler.jpg?r=1145333607 cache stored in: SLK18LSF/themusicianscooler[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3714 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/22248/shows/thumbs/icmusic.png?r=1246554450 cache stored in: SLK18LSF/icmusic[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 6475 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/22496/shows/thumbs/themalthursdayshow.jpg?r=1298584598 cache stored in: QJM5KT6J/themalthursdayshow[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4000 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/23018/shows/thumbs/authorsrevealed.jpg?r=1269276961 cache stored in: QJM5KT6J/authorsrevealed[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2681 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/24372/shows/thumbs/riptheknobsoff.jpg?r=1263852026 cache stored in: UPQVMROL/riptheknobsoff[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 1993 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/25609/shows/thumbs/scottsigler.jpg?r=1276550854 cache stored in: QJM5KT6J/scottsigler[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3625 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/25801/shows/thumbs/coffeecoffeecoffee.jpg?r=1278725601 cache stored in: YZCXGNW1/coffeecoffeecoffee[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2409 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/26727/shows/thumbs/dearprudence.jpg?r=1288889631 cache stored in: UPQVMROL/dearprudence[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4090 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/26834/shows/thumbs/podcastpipocaenanquim.jpg?r=1289918241 cache stored in: YZCXGNW1/podcastpipocaenanquim[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4370 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/2700/shows/thumbs/broadway.jpg?r=1161182084 cache stored in: QJM5KT6J/broadway[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3461 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27408/shows/thumbs/tuishow.png?r=1306208405 cache stored in: YZCXGNW1/tuishow[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 4607 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27412/shows/thumbs/expertdrinking.png?r=1306306165 cache stored in: UPQVMROL/expertdrinking[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 8888 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27423/shows/thumbs/forkthis.jpg?r=1306491544 cache stored in: UPQVMROL/forkthis[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3063 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27472/shows/thumbs/thestevesanchezshowmeviocom.jpg?r=1307659790 cache stored in: SLK18LSF/thestevesanchezshowmeviocom[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 1940 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27479/shows/thumbs/beatlesaramatv.jpg?r=1307920636 cache stored in: UPQVMROL/beatlesaramatv[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4138 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27480/shows/thumbs/erkfmmetalmonday.jpg?r=1307955572 cache stored in: UPQVMROL/erkfmmetalmonday[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3089 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27486/shows/thumbs/creativecastpodcast.png?r=1308060668 cache stored in: YZCXGNW1/creativecastpodcast[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 1968 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/5717/shows/thumbs/gemmasplayhouse.jpg?r=1168831208 cache stored in: YZCXGNW1/gemmasplayhouse[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2596 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/723/shows/thumbs/musicalworldpodshow.jpg?r=1249957809 cache stored in: QJM5KT6J/musicalworldpodshow[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3178 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/9683/shows/thumbs/nation.jpg?r=1176143423 cache stored in: YZCXGNW1/nation[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3030 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 2681 ma.b r/rr-xr-xr-x 0 0 11358-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/authorsrevealed[1].jpg 4090 ma.b r/rr-xr-xr-x 0 0 11508-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/dearprudence[1].jpg 2778 ma.b r/rr-xr-xr-x 0 0 11522-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/compcon[1].jpg 2027 .a.. r/rr-xr-xr-x 0 0 11564-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26317-15[1].js 4138 ma.b r/rr-xr-xr-x 0 0 11577-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/beatlesaramatv[1].jpg 2550 ma.b r/rr-xr-xr-x 0 0 11578-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/twotimesvideo[1].jpg 2409 ma.b r/rr-xr-xr-x 0 0 11580-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/coffeecoffeecoffee[1].jpg 1968 ma.b r/rr-xr-xr-x 0 0 11581-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/creativecastpodcast[1].png 3625 ma.b r/rr-xr-xr-x 0 0 11582-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/scottsigler[1].jpg 1993 ma.b r/rr-xr-xr-x 0 0 11583-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/riptheknobsoff[1].jpg 11713 ma.b r/rr-xr-xr-x 0 0 11584-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/themagicnewswire[1].png 3178 ma.b r/rr-xr-xr-x 0 0 11586-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/musicalworldpodshow[1].jpg 4370 ma.b r/rr-xr-xr-x 0 0 11588-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/podcastpipocaenanquim[1].jpg 1940 ma.b r/rr-xr-xr-x 0 0 11589-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/thestevesanchezshowmeviocom[1].jpg 2658 ma.b r/rr-xr-xr-x 0 0 11590-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ayultp[1].png 3089 ma.b r/rr-xr-xr-x 0 0 11591-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/erkfmmetalmonday[1].jpg 3030 ma.b r/rr-xr-xr-x 0 0 11592-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/nation[1].jpg 3714 ma.b r/rr-xr-xr-x 0 0 11593-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/themusicianscooler[1].jpg 3461 ma.b r/rr-xr-xr-x 0 0 11594-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/broadway[1].jpg 4000 ma.b r/rr-xr-xr-x 0 0 11595-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/themalthursdayshow[1].jpg 3063 ma.b r/rr-xr-xr-x 0 0 11596-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/forkthis[1].jpg 2596 ma.b r/rr-xr-xr-x 0 0 11597-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/gemmasplayhouse[1].jpg 6475 ma.b r/rr-xr-xr-x 0 0 11598-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/icmusic[1].png 8888 ma.b r/rr-xr-xr-x 0 0 11599-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/expertdrinking[1].png 4607 ma.b r/rr-xr-xr-x 0 0 11600-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tuishow[1].png Fri Jul 01 2011 14:57:50 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/images/action-img-map.png?r=38841 cache stored in: SLK18LSF/action-img-map[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 261 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/css/images/bg-pager.png?r=38841 cache stored in: YZCXGNW1/bg-pager[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 239 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 14:57:55 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://bannerfarm.ace.advertising.com/bannerfarm/174467/7CSG_JJF_IGO_20110315_fillForm_728x90.swf?clickTag=http://r1-ads.ace.advertising.com/click/site=0000805400/mnum=0001036330/cstr=42339116=_4e0e42c1-0815660348-805400^1036330^1183^0-1_/xsxdata=$xsxdata/bnum=42339116/optn=64?trg=&siteValue=0000805400 cache stored in: YZCXGNW1/7CSG_JJF_IGO_20110315_fillForm_728x90[1].swf - HTTP/1.1 200 OK - ETag: "4b5bdc-86b6-4a20013c1a480" - Content-Length: 34486 - Content-Type: application/x-shockwave-flash (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://bannerfarm.ace.advertising.com/bannerfarm/84352/siteIDs.txt cache stored in: QJM5KT6J/siteIDs[1].txt - HTTP/1.1 200 OK - ETag: "b333e-49f4-4a4196d326700" - Content-Length: 18932 - Content-Type: text/plain_ charset=UTF-8 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 .acb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:r1-ads.ace.advertising.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 136 m... r/rr-xr-xr-x 0 0 11288-128-1 /Documents and Settings/malware/Cookies/malware@r1-ads.ace.advertising[1].txt 18932 ma.b r/rr-xr-xr-x 0 0 11311-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/siteIDs[1].txt 34486 ma.b r/rr-xr-xr-x 0 0 11585-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7CSG_JJF_IGO_20110315_fillForm_728x90[1].swf 2034 ma.b r/rr-xr-xr-x 0 0 11587-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26317-2[1].js 2197 ma.b r/rr-xr-xr-x 0 0 11604-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26318-2[1].js 1621 ma.b r/rr-xr-xr-x 0 0 11608-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/dref=http%3A%2F%2Fwww.mevio[2].com%2Fdirectory%2F Fri Jul 01 2011 14:58:25 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.mevio.com/episode/286404/lebron-james-talks-to-god-and-sarah (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) Fri Jul 01 2011 14:58:26 18453 m..b r/rr-xr-xr-x 0 0 11401-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/connect[2].php Fri Jul 01 2011 14:58:32 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://trgj.opt.fimserve.com/fp.js cache stored in: SLK18LSF/fp[1].js - HTTP/1.1 200 OK - Content-Type: application/x-javascript - Content-Length: 4348 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 1201 ma.b r/rr-xr-xr-x 0 0 11334-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[3].htm 4348 .a.. r/rr-xr-xr-x 0 0 11402-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/fp[1].js 2034 ma.b r/rr-xr-xr-x 0 0 11519-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26270-2[1].js 5627 ma.b r/rr-xr-xr-x 0 0 11548-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/view[1].htm 2199 ma.b r/rr-xr-xr-x 0 0 11579-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-15[2].js 2322 ma.b r/rr-xr-xr-x 0 0 11603-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[5].js 608 ma.b r/rr-xr-xr-x 0 0 11607-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/dref=http%3A%2F%2Fwww.mevio[1].com%2Fepisode%2F286404%2Flebron-james-talks-to-god-and-sarah 680 ma.b r/rr-xr-xr-x 0 0 11613-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[4] 313 ...b r/rrwxrwxrwx 0 0 11618-128-1 /Documents and Settings/malware/Cookies/malware@by.adshuffle[2].txt Fri Jul 01 2011 14:58:33 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js?ai=5823403 cache stored in: UPQVMROL/StdBanner[2].js - HTTP/1.1 200 OK - Content-Length: 24385 - Content-Type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingRes///Site-15895/Type-0/785e48fd-311d-4f0e-be8f-e511ecfdeeb9.jpg cache stored in: SLK18LSF/785e48fd-311d-4f0e-be8f-e511ecfdeeb9[1].jpg - HTTP/1.1 200 OK - Content-Length: 38604 - Content-Type: image/jpeg (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log30.doubleverify.com/visitor.aspx?query=agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895815&advid=796804&sid=Fox%20Audience%20Network&adid=&&num=201&srcurl=http://www.mevio.com/episode/286404/lebron-james-talks-to-god-and-sarah&random=0.8429479316712722 cache stored in: UPQVMROL/CA49WFL9.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://media2.adshuffle.com/images/unknown/792ba3334fd24139982578813025e0a7.gif cache stored in: UPQVMROL/792ba3334fd24139982578813025e0a7[1].gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n1.panthercdn.com - ETag: "b6a2555d1ef6cb1:2aa9" - P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" - Content-Length: 39607 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 38604 .a.. r/rr-xr-xr-x 0 0 11397-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/785e48fd-311d-4f0e-be8f-e511ecfdeeb9[1].jpg 24385 .a.. r/rr-xr-xr-x 0 0 11404-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/StdBanner[2].js 2951 ma.b r/rr-xr-xr-x 0 0 11521-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAGLQNGB.htm 39607 ma.b r/rr-xr-xr-x 0 0 11540-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/792ba3334fd24139982578813025e0a7[1].gif 0 ma.b r/rr-xr-xr-x 0 0 11544-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA49WFL9.jpg 1748 ma.b r/rr-xr-xr-x 0 0 11574-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/asSwfObj13[2].js Fri Jul 01 2011 14:59:45 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/08e/4f1/08e4f12711259da87a650a1d16e6c2292ca0d974.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/283276/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: UPQVMROL/08e4f12711259da87a650a1d16e6c2292ca0d974[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5175 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/318/4c2/3184c21120c91ede3333550f5d45b4c65cfb834b.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/280891/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/3184c21120c91ede3333550f5d45b4c65cfb834b[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5500 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/464/459/4644591fb077b95a495d2a1e2dbf4da947677a5e.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/284281/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/4644591fb077b95a495d2a1e2dbf4da947677a5e[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5119 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/7fa/950/7fa9503afac135886b3d295e77e3f699db2f088f.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/286076/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: SLK18LSF/7fa9503afac135886b3d295e77e3f699db2f088f[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5938 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/86d/a24/86da2433b2d7e89bb87cbdcc717e6542abb5c1a5.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/283290/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: UPQVMROL/86da2433b2d7e89bb87cbdcc717e6542abb5c1a5[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 6032 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/8d3/67c/8d367ca2c0dcb81af9870cc8e0bf2c0b56939bb5.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/284694/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: SLK18LSF/8d367ca2c0dcb81af9870cc8e0bf2c0b56939bb5[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5844 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/9c4/d6a/9c4d6af299cc5b76bc81135f01e5eeb8ce626fe4.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/283270/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/9c4d6af299cc5b76bc81135f01e5eeb8ce626fe4[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5409 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/ad3/a99/ad3a99d40cfdbfe6e897921568dd671a78a625dd.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/281215/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/ad3a99d40cfdbfe6e897921568dd671a78a625dd[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5748 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/b09/42f/b0942feb76caea4b6a8c2ffc50ab58f850ca2752.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/286404/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/b0942feb76caea4b6a8c2ffc50ab58f850ca2752[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5809 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/b76/f4a/b76f4ae429bac02e5b95d4afd5dc2c1c5847b385.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/284351/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/b76f4ae429bac02e5b95d4afd5dc2c1c5847b385[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5896 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/fe4/286/fe428692e79c6adf1b2850d38470a7c7dc8616a3.jpg?url=http://origin.thumbs.mevio.com/media/27056/episodes/281211/thumbnail.jpg&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/fe428692e79c6adf1b2850d38470a7c7dc8616a3[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 5766 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/27056/shows/thumbs/nearlythenews.jpg?r=1298320684 cache stored in: QJM5KT6J/nearlythenews[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4106 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/12737/gallery/thumbs/7620.jpg cache stored in: YZCXGNW1/7620[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2513 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/19430/gallery/thumbs/261456.jpg cache stored in: SLK18LSF/261456[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2887 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/2271/gallery/thumbs/277295.jpg cache stored in: QJM5KT6J/277295[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3637 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/2756/gallery/thumbs/1781.jpg cache stored in: UPQVMROL/1781[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3482 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/3075/gallery/thumbs/5521.jpg cache stored in: YZCXGNW1/5521[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2229 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/3125/gallery/thumbs/16566.jpg cache stored in: UPQVMROL/16566[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2589 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/3743/gallery/thumbs/2661.jpg cache stored in: SLK18LSF/2661[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2441 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/39460/gallery/thumbs/29096.jpg cache stored in: SLK18LSF/29096[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2754 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/530/gallery/med/280455.jpg cache stored in: QJM5KT6J/280455[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 17283 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/5703/gallery/thumbs/3831.png cache stored in: SLK18LSF/3831[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 9295 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/5894/gallery/thumbs/3860.jpg cache stored in: QJM5KT6J/3860[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2973 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/5985/gallery/thumbs/4091.jpg cache stored in: SLK18LSF/4091[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2537 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/761/gallery/thumbs/156954.gif cache stored in: YZCXGNW1/156954[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - X-Cache: HIT - Content-Length: 3416 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/7796/gallery/thumbs/35930.jpg cache stored in: SLK18LSF/35930[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3539 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/9692/gallery/thumbs/5842.jpg cache stored in: UPQVMROL/5842[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2472 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://nearlythenews.mevio.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 3637 .a.. r/rr-xr-xr-x 0 0 11243-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/277295[1].jpg 9295 .a.. r/rr-xr-xr-x 0 0 11248-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/3831[1].png 3416 .a.. r/rr-xr-xr-x 0 0 11423-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/156954[1].gif 2229 .a.. r/rr-xr-xr-x 0 0 11424-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5521[1].jpg 2441 .a.. r/rr-xr-xr-x 0 0 11425-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/2661[1].jpg 5500 .a.. r/rr-xr-xr-x 0 0 11426-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3184c21120c91ede3333550f5d45b4c65cfb834b[1].jpg 5766 .a.. r/rr-xr-xr-x 0 0 11427-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/fe428692e79c6adf1b2850d38470a7c7dc8616a3[1].jpg 2833 .a.. r/rr-xr-xr-x 0 0 11428-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/1667[1].jpg 2973 .a.. r/rr-xr-xr-x 0 0 11429-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3860[1].jpg 2472 .a.. r/rr-xr-xr-x 0 0 11430-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5842[1].jpg 2887 .a.. r/rr-xr-xr-x 0 0 11431-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/261456[1].jpg 3482 .a.. r/rr-xr-xr-x 0 0 11433-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1781[1].jpg 3539 .a.. r/rr-xr-xr-x 0 0 11434-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/35930[1].jpg 2754 .a.. r/rr-xr-xr-x 0 0 11435-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/29096[1].jpg 2513 .a.. r/rr-xr-xr-x 0 0 11436-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7620[1].jpg 2589 .a.. r/rr-xr-xr-x 0 0 11437-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/16566[1].jpg 2537 .a.. r/rr-xr-xr-x 0 0 11439-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4091[1].jpg 17283 .a.. r/rr-xr-xr-x 0 0 11441-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/280455[1].jpg 4106 .a.. r/rr-xr-xr-x 0 0 11443-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/nearlythenews[1].jpg Fri Jul 01 2011 14:59:46 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://www.facebook.com/extern/login_status.php?api_key=c99345b4de38e993c64ef4654ac9164b&extern=2&channel=http://nearlythenews.mevio.com/rest/facebook/xd_receiver.php&locale=en_US cache stored in: QJM5KT6J/login_status[1].htm - HTTP/1.1 200 OK - Content-Length: 1117 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 1117 ma.b r/rr-xr-xr-x 0 0 11387-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/login_status[1].htm Fri Jul 01 2011 14:59:47 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://nearlythenews.mevio.com/rest/facebook/xd_receiver.php cache stored in: QJM5KT6J/xd_receiver[2].htm - HTTP/1.1 200 OK - Content-Length: 591 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 591 ma.. r/rr-xr-xr-x 0 0 11450-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/xd_receiver[2].htm Fri Jul 01 2011 14:59:52 2034 ma.b r/rr-xr-xr-x 0 0 11459-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[2].js 3129 ma.b r/rr-xr-xr-x 0 0 11621-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[3].js 2197 ma.b r/rr-xr-xr-x 0 0 11622-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[6].js Fri Jul 01 2011 14:59:53 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://18rockets.com/js/popup.js cache stored in: QJM5KT6J/popup[1].js - HTTP/1.1 200 OK - ETag: "6609907-17f-49f5377737580" - Content-Length: 383 - Content-Type: application/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://acuityplatform.com:8080/Adserver/banner?Project=215&SizeID=3&CampaignID=3&SiteID=10013187&Bid=1.18&Position=3&Price=E0A7B0C432216639&ReqId=f6a1e59a37b591851d0f45077b91678df01450d8&GeoCode=1&ExID=2&AgentCode=20&Test=0&ts=130e7b68edb&Xc=0-0&UrlTopic=1&BannerID=468&Term1=[20701-26437-Free+Online+Printable+Coupons-1.22143-7.0]&Term2=[20701-26426-Free+Coupons-1.5551-7.0]&Term3=[20588-25607-Bf+Goodrich+Tire+Promotions-1.36-7.0]&Term4=[20701-26431-Online+Coupons-1.28571-7.0]&Term5=[20588-25613-Buy+Bf+Goodrich+Tires+Online-1.36-7.0]&Term6=[20588-25619-Best+Tires-1.36-7.0]&ip=c6b0e50a&jk= cache stored in: YZCXGNW1/CAGBEHGB.0]&ip=c6b0e50a&jk= - HTTP/1.1 200 OK - P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" - Content-Length: 6192 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=1-0&expires=3652 cache stored in: SLK18LSF/tap[1].gif - HTTP/1.1 200 OK - X-Powered-By: PHP/5.1.6 - P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" - Content-Length: 49 - Keep-Alive: timeout=45- max=491 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:acuityplatform.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 383 ma.b r/rr-xr-xr-x 0 0 11335-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/popup[1].js 6192 ma.b r/rr-xr-xr-x 0 0 11554-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAGBEHGB.0]&ip=c6b0e50a&jk= 49 ma.b r/rr-xr-xr-x 0 0 11614-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tap[1].gif 78 ma.b r/rr-xr-xr-x 0 0 11626-128-1 /Documents and Settings/malware/Cookies/malware@acuityplatform[1].txt Fri Jul 01 2011 15:00:42 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAC /CupdTime 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAC /CurrVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAC /OldVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAC /OupdTime 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAI /CupdTime 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAI /CurrVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAI /OldVal 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/Policy/Secrets/SAI /OupdTime 0 m... 0 0 0 0 REG_System_SECURITYSECURITY/RXACT Fri Jul 01 2011 15:00:47 1024 .a.. r/rr-xr-xr-x 0 0 3649-128-3 /WINDOWS/system32/config/SECURITY.LOG Fri Jul 01 2011 15:00:48 1024 m... r/rr-xr-xr-x 0 0 3649-128-3 /WINDOWS/system32/config/SECURITY.LOG Fri Jul 01 2011 15:02:21 135984 .a.. r/rr-xr-xr-x 0 0 563-128-3 /WINDOWS/Fonts/framd.ttf 152844 .a.. r/rr-xr-xr-x 0 0 564-128-3 /WINDOWS/Fonts/framdit.ttf Fri Jul 01 2011 15:02:32 0 macb 0 0 0 10413 [XP Prefetch] (Last run) IPCONFIG.EXE-2395F30B.pf - [IPCONFIG.EXE] was executed - run count [11]- full path: [C:/WINDOWS/SYSTEM32/IPCONFIG.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/NETMAN.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/MPRAPI.DLL - WINDOWS/SYSTEM32/ACTIVEDS.DLL - WINDOWS/SYSTEM32/ADSLDPC.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/ATL.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/SAMLIB.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/NETSHELL.DLL - WINDOWS/SYSTEM32/CREDUI.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/DOT3API.DLL - WINDOWS/SYSTEM32/DOT3DLG.DLL - WINDOWS/SYSTEM32/ONEX.DLL - WINDOWS/SYSTEM32/WTSAPI32.DLL - WINDOWS/SYSTEM32/WINSTA.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/EAPPCFG.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/EAPPPRXY.DLL - WINDOWS/SYSTEM32/RASAPI32.DLL - WINDOWS/SYSTEM32/RASMAN.DLL - WINDOWS/SYSTEM32/TAPI32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WZCSAPI.DLL - WINDOWS/SYSTEM32/WZCSVC.DLL - WINDOWS/SYSTEM32/WMI.DLL - WINDOWS/SYSTEM32/DHCPCSVC.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/EAPOLQEC.DLL - WINDOWS/SYSTEM32/QUTIL.DLL - WINDOWS/SYSTEM32/ESENT.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/IPCONFIG.EXE-2395F30B.pf) 53760 .a.. r/rr-xr-xr-x 0 0 1974-128-3 /WINDOWS/system32/winsta.dll 64000 .a.. r/rr-xr-xr-x 0 0 2003-128-3 /WINDOWS/system32/samlib.dll 126976 .a.. r/rr-xr-xr-x 0 0 2024-128-3 /WINDOWS/system32/dhcpcsvc.dll 18432 .a.. r/rr-xr-xr-x 0 0 2031-128-3 /WINDOWS/system32/wtsapi32.dll 1082368 .a.. r/rr-xr-xr-x 0 0 2054-128-3 /WINDOWS/system32/esent.dll 87040 .a.. r/rr-xr-xr-x 0 0 2068-128-3 /WINDOWS/system32/mprapi.dll 193536 .a.. r/rr-xr-xr-x 0 0 2069-128-3 /WINDOWS/system32/activeds.dll 143360 .a.. r/rr-xr-xr-x 0 0 2070-128-3 /WINDOWS/system32/adsldpc.dll 55808 .a.. r/rr-xr-xr-x 0 0 2127-128-3 /WINDOWS/system32/ipconfig.exe 198144 .a.. r/rr-xr-xr-x 0 0 2128-128-3 /WINDOWS/system32/netman.dll 5632 .a.. r/rr-xr-xr-x 0 0 2148-128-3 /WINDOWS/system32/wmi.dll 1703936 .a.. r/rr-xr-xr-x 0 0 2149-128-3 /WINDOWS/system32/netshell.dll 163840 .a.. r/rr-xr-xr-x 0 0 2157-128-3 /WINDOWS/system32/credui.dll 26112 .a.. r/rr-xr-xr-x 0 0 2393-128-3 /WINDOWS/system32/dot3api.dll 9216 .a.. r/rr-xr-xr-x 0 0 2395-128-3 /WINDOWS/system32/dot3dlg.dll 30720 .a.. r/rr-xr-xr-x 0 0 2452-128-3 /WINDOWS/system32/eapolqec.dll 126976 .a.. r/rr-xr-xr-x 0 0 2456-128-3 /WINDOWS/system32/eappcfg.dll 40960 .a.. r/rr-xr-xr-x 0 0 2458-128-3 /WINDOWS/system32/eappprxy.dll 144384 .a.. r/rr-xr-xr-x 0 0 2883-128-3 /WINDOWS/system32/onex.dll 76800 .a.. r/rr-xr-xr-x 0 0 2934-128-3 /WINDOWS/system32/qutil.dll 52736 .a.. r/rr-xr-xr-x 0 0 3197-128-3 /WINDOWS/system32/wzcsapi.dll 483840 .a.. r/rr-xr-xr-x 0 0 3198-128-3 /WINDOWS/system32/wzcsvc.dll Fri Jul 01 2011 15:02:33 22116 mac. r/rrwxrwxrwx 0 0 11121-128-4 /WINDOWS/Prefetch/IPCONFIG.EXE-2395F30B.pf Fri Jul 01 2011 15:02:43 622592 .a.. r/rr-xr-xr-x 0 0 2805-128-3 /WINDOWS/system32/netcfgx.dll Fri Jul 01 2011 15:03:11 64656 .a.. r/rr-xr-xr-x 0 0 221-128-3 /WINDOWS/Fonts/sserife.fon Fri Jul 01 2011 15:03:27 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:https://secure.paymentsadd.com/defragmenter?product_sku=DEFRAG_WIN_BASIC-DEFRAG_WIN_PREMIUM&default_sku=1&view_eds=1&check_eds=1&affiliate_id=531&affiliate_sid=01&guid=333484643333922833342332 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 144384 .a.. r/rr-xr-xr-x 0 0 2005-128-3 /WINDOWS/system32/schannel.dll Fri Jul 01 2011 15:03:29 56 m.c. d/drwxrwxrwx 0 0 10474-144-6 /Documents and Settings/malware/Application Data/Microsoft 248 m.cb d/drwxrwxrwx 0 0 11627-144-1 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache 56 ...b d/drwxrwxrwx 0 0 11628-144-5 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/MetaData 56 ...b d/drwxrwxrwx 0 0 11629-144-5 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/Content 216 macb r/rrwxrwxrwx 0 0 11630-128-1 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/MetaData/2BF68F4714092295550497DD56F57004 18 macb r/rrwxrwxrwx 0 0 11631-128-1 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/Content/2BF68F4714092295550497DD56F57004 216 macb r/rrwxrwxrwx 0 0 11632-128-1 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/MetaData/94308059B57B3142E455B38A6EB92015 45039 macb r/rrwxrwxrwx 0 0 11633-128-4 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015 138752 .a.. r/rr-xr-xr-x 0 0 2065-128-3 /WINDOWS/system32/dssenh.dll 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/1_Info_CN=GeoTrust Global CA- O=GeoTrust Inc.- C=US - DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/2_Info_http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/4_Info_http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/7_Info_http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 15:03:30 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js cache stored in: SLK18LSF/jquery.min[1].js - HTTP/1.1 200 OK - Content-Length: 72174 - Content-Type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/sale/index/affiliate_id/531/affiliate_sid/01/product_sku/DEFRAG_WIN_BASIC,DEFRAG_WIN_PREMIUM/default_sku/1/guid/333484643333922833342332/view_eds/1/check_eds/1 cache stored in: YZCXGNW1/1[1].htm - HTTP/1.1 200 OK - Content-Length: 35539 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/scripts/jquery.bgiframe.js cache stored in: UPQVMROL/jquery.bgiframe[1].js - HTTP/1.1 200 OK - Content-Type: application/x-javascript - Content-Length: 1728 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/styles/layout.css cache stored in: QJM5KT6J/layout[1].css - HTTP/1.1 200 OK - Content-Type: text/css - Content-Length: 23392 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://clicknaperville.org/customers/buy.php?pid=DEFRAG_WIN_BASIC&id=531&subid=01&guid=333484643333922833342332 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 35539 ma.b r/rr-xr-xr-x 0 0 11634-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1[1].htm 72174 ma.b r/rr-xr-xr-x 0 0 11635-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/jquery.min[1].js 23392 ma.b r/rr-xr-xr-x 0 0 11636-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/layout[1].css 1728 ma.b r/rr-xr-xr-x 0 0 11637-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/jquery.bgiframe[1].js Fri Jul 01 2011 15:03:31 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/hit.php?id=531&sid=01 cache stored in: UPQVMROL/hit[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - Transfer-Encoding: chunked (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/30days.jpg cache stored in: YZCXGNW1/30days[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 3164 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/bg.jpg cache stored in: QJM5KT6J/bg[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 11596 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/header.jpg cache stored in: QJM5KT6J/header[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 22488 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/lock.jpg cache stored in: SLK18LSF/lock[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 12002 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/titile_1.jpg cache stored in: YZCXGNW1/titile_1[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 16905 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/titile_2.jpg cache stored in: UPQVMROL/titile_2[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 14697 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/visacvv.gif cache stored in: YZCXGNW1/visacvv[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - Content-Length: 10292 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/wait.gif cache stored in: SLK18LSF/wait[1].gif - HTTP/1.1 200 OK - Content-Type: image/gif - Content-Length: 1924 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:secure.paymentsadd.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 10292 ma.b r/rr-xr-xr-x 0 0 11638-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/visacvv[1].gif 1924 ma.b r/rr-xr-xr-x 0 0 11639-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/wait[1].gif 22488 ma.b r/rr-xr-xr-x 0 0 11640-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/header[1].jpg 11596 ma.b r/rr-xr-xr-x 0 0 11641-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/bg[1].jpg 14697 ma.b r/rr-xr-xr-x 0 0 11642-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/titile_2[1].jpg 16905 ma.b r/rr-xr-xr-x 0 0 11643-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/titile_1[1].jpg 12002 ma.b r/rr-xr-xr-x 0 0 11644-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/lock[1].jpg 81 ma.b r/rr-xr-xr-x 0 0 11645-128-1 /Documents and Settings/malware/Cookies/malware@secure.paymentsadd[1].txt 0 ma.b r/rr-xr-xr-x 0 0 11646-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hit[1].gif 3164 ma.b r/rr-xr-xr-x 0 0 11647-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/30days[1].jpg 226748 .a.. r/rr-xr-xr-x 0 0 250-128-3 /WINDOWS/Fonts/arialbi.ttf Fri Jul 01 2011 15:03:32 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/safe.jpg cache stored in: QJM5KT6J/safe[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 20744 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:https://secure.paymentsadd.com/images/weaccept.jpg cache stored in: SLK18LSF/weaccept[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - Content-Length: 12878 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:https://secure.paymentsadd.com/sale/index/affiliate_id/531/affiliate_sid/01/product_sku/DEFRAG_WIN_BASIC,DEFRAG_WIN_PREMIUM/default_sku/1/guid/333484643333922833342332/view_eds/1/check_eds/1 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 macb 0 0 0 10638 [Internet Explorer] (Last Access) User: malware URL::Host: secure.paymentsadd.com (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702/index.dat) 0 macb 0 0 0 10638 [Internet Explorer] (Last Access) User: malware URL:https://secure.paymentsadd.com/sale/index/affiliate_id/531/affiliate_sid/01/product_sku/DEFRAG_WIN_BASIC,DEFRAG_WIN_PREMIUM/default_sku/1/guid/333484643333922833342332/view_eds/1/check_eds/1 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702/index.dat) 12878 ma.b r/rr-xr-xr-x 0 0 11648-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/weaccept[1].jpg 20744 ma.b r/rr-xr-xr-x 0 0 11649-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/safe[1].jpg Fri Jul 01 2011 15:03:36 1024 ma.. r/rr-xr-xr-x 0 0 3639-128-3 /WINDOWS/system32/config/default.LOG Fri Jul 01 2011 15:04:48 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Explorer/UserAssist/{75048700-EF1F-11D0-9888-006097DEACF9}/Count 0 macb 0 0 0 10413 [XP Prefetch] (Last run) CMD.EXE-087B4001.pf - [CMD.EXE] was executed - run count [8]- full path: [C:/WINDOWS/SYSTEM32/CMD.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/URLMON.DLL} (file: /media/sdb1/WINDOWS/Prefetch/CMD.EXE-087B4001.pf) 293376 .a.. r/rr-xr-xr-x 0 0 1967-128-3 /WINDOWS/system32/winsrv.dll 389120 .a.. r/rr-xr-xr-x 0 0 2116-128-3 /WINDOWS/system32/cmd.exe Fri Jul 01 2011 15:04:53 0 macb 0 0 0 10413 [XP Prefetch] (Last run) PING.EXE-31216D26.pf - [PING.EXE] was executed - run count [16]- full path: [C:/WINDOWS/SYSTEM32/PING.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/MSWSOCK.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/RASADHLP.DLL - WINDOWS/SYSTEM32/HNETCFG.DLL - WINDOWS/SYSTEM32/WSHTCPIP.DLL} (file: /media/sdb1/WINDOWS/Prefetch/PING.EXE-31216D26.pf) 17920 .a.. r/rr-xr-xr-x 0 0 2912-128-3 /WINDOWS/system32/ping.exe Fri Jul 01 2011 15:04:58 17368 mac. r/rrwxrwxrwx 0 0 10993-128-4 /WINDOWS/Prefetch/CMD.EXE-087B4001.pf 13022 mac. r/rrwxrwxrwx 0 0 11394-128-4 /WINDOWS/Prefetch/PING.EXE-31216D26.pf Fri Jul 01 2011 15:05:30 111104 .a.. r/rr-xr-xr-x 0 0 6052-128-3 /WINDOWS/system32/wuauclt.exe Fri Jul 01 2011 15:05:34 162304 .a.. r/rr-xr-xr-x 0 0 6054-128-3 /WINDOWS/system32/wuaucpl.cpl Fri Jul 01 2011 15:05:39 0 macb 0 0 0 10413 [XP Prefetch] (Last run) 14147364.EXE-0E2D1000.pf - [14147364.EXE] was executed - run count [1]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.2600.5512_X-WW_DFB54E0C/GDIPLUS.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/MFC42U.DLL - WINDOWS/SYSTEM32/MSVCP60.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL} (file: /media/sdb1/WINDOWS/Prefetch/14147364.EXE-0E2D1000.pf) 372736 .a.. r/rr-xr-xr-x 0 0 11166-128-3 /Documents and Settings/All Users/Application Data/14147364.exe 413696 .a.. r/rr-xr-xr-x 0 0 2063-128-3 /WINDOWS/system32/msvcp60.dll 981760 .a.. r/rr-xr-xr-x 0 0 2678-128-3 /WINDOWS/system32/mfc42u.dll 1724416 .a.. r/rr-xr-xr-x 0 0 3670-128-3 /WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c/GdiPlus.dll Fri Jul 01 2011 15:05:43 336 .a.. r/rr-xr-xr-x 0 0 11168-128-1 /Documents and Settings/All Users/Application Data/14147364 Fri Jul 01 2011 15:05:44 56 m... d/dr-xr-xr-x 0 0 10413-144-6 /WINDOWS/Prefetch 13196 macb r/rrwxrwxrwx 0 0 11444-128-4 /WINDOWS/Prefetch/14147364.EXE-0E2D1000.pf Fri Jul 01 2011 15:05:58 56 .a.. d/drwxrwxrwx 0 0 10474-144-6 /Documents and Settings/malware/Application Data/Microsoft 248 .a.. d/drwxrwxrwx 0 0 11627-144-1 /Documents and Settings/malware/Application Data/Microsoft/CryptnetUrlCache Fri Jul 01 2011 15:07:03 1104896 .a.. r/rr-xr-xr-x 0 0 2784-128-3 /WINDOWS/system32/msxml3.dll Fri Jul 01 2011 15:07:06 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/Windows/ShellNoRoam/BagMRU 0 macb 0 0 0 10413 [XP Prefetch] (Last run) IEXPLORE.EXE-27122324.pf - [IEXPLORE.EXE] was executed - run count [4]- full path: [C:/PROGRAM FILES/INTERNET EXPLORER/IEXPLORE.EXE] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHDOCVW.DLL - WINDOWS/SYSTEM32/CRYPT32.DLL - WINDOWS/SYSTEM32/MSASN1.DLL - WINDOWS/SYSTEM32/CRYPTUI.DLL - WINDOWS/SYSTEM32/NETAPI32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/WININET.DLL - WINDOWS/SYSTEM32/WINTRUST.DLL - WINDOWS/SYSTEM32/IMAGEHLP.DLL - WINDOWS/SYSTEM32/WLDAP32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/RICHED20.DLL - WINDOWS/SYSTEM32/WS2_32.DLL - WINDOWS/SYSTEM32/WS2HELP.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/RPCSS.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/SYSTEM32/BROWSEUI.DLL - WINDOWS/SYSTEM32/BROWSELC.DLL - WINDOWS/SYSTEM32/APPHELP.DLL - WINDOWS/SYSTEM32/CLBCATQ.DLL - WINDOWS/SYSTEM32/COMRES.DLL - WINDOWS/SYSTEM32/CSCUI.DLL - WINDOWS/SYSTEM32/CSCDLL.DLL - WINDOWS/SYSTEM32/SETUPAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/XPSP2RES.DLL - WINDOWS/SYSTEM32/SXS.DLL - WINDOWS/SYSTEM32/URLMON.DLL - WINDOWS/SYSTEM32/SHDOCLC.DLL - WINDOWS/SYSTEM32/MLANG.DLL - WINDOWS/SYSTEM32/WSOCK32.DLL - WINDOWS/SYSTEM32/MSWSOCK.DLL - WINDOWS/SYSTEM32/HNETCFG.DLL - WINDOWS/SYSTEM32/WSHTCPIP.DLL - WINDOWS/SYSTEM32/RASAPI32.DLL - WINDOWS/SYSTEM32/RASMAN.DLL - WINDOWS/SYSTEM32/TAPI32.DLL - WINDOWS/SYSTEM32/RTUTILS.DLL - WINDOWS/SYSTEM32/SENSAPI.DLL - WINDOWS/SYSTEM32/DNSAPI.DLL - WINDOWS/SYSTEM32/RASADHLP.DLL - WINDOWS/SYSTEM32/MSHTML.DLL - WINDOWS/SYSTEM32/MSLS31.DLL - WINDOWS/SYSTEM32/PSAPI.DLL - WINDOWS/SYSTEM32/MSIMTF.DLL - WINDOWS/SYSTEM32/MSCTF.DLL - WINDOWS/SYSTEM32/IMM32.DLL - WINDOWS/SYSTEM32/URL.DLL - WINDOWS/SYSTEM32/JSCRIPT.DLL - WINDOWS/SYSTEM32/WINRNR.DLL - WINDOWS/SYSTEM32/IPHLPAPI.DLL - WINDOWS/SYSTEM32/IEPEERS.DLL - WINDOWS/SYSTEM32/COMDLG32.DLL - WINDOWS/SYSTEM32/IMGUTIL.DLL - WINDOWS/SYSTEM32/PNGFILT.DLL - WINDOWS/SYSTEM32/MSHTMLED.DLL - WINDOWS/SYSTEM32/INETCFG.DLL - WINDOWS/SYSTEM32/MPR.DLL - WINDOWS/SYSTEM32/ICFGNT5.DLL - WINDOWS/SYSTEM32/MSV1_0.DLL - WINDOWS/SYSTEM32/SCHANNEL.DLL} (file: /media/sdb1/WINDOWS/Prefetch/IEXPLORE.EXE-27122324.pf) 256 .ac. d/drwxrwxrwx 0 0 10455-144-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files 672 .ac. d/drwxrwxrwx 0 0 10456-144-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5 256 .ac. d/drwxrwxrwx 0 0 10462-144-1 /Documents and Settings/malware/Local Settings/History 496 .ac. d/drwxrwxrwx 0 0 10463-144-1 /Documents and Settings/malware/Local Settings/History/History.IE5 49152 m... r/rr-xr-xr-x 0 0 10534-128-4 /Documents and Settings/malware/Cookies/index.dat 276992 .a.. r/rr-xr-xr-x 0 0 1937-128-3 /WINDOWS/system32/comdlg32.dll 144384 .a.. r/rr-xr-xr-x 0 0 1939-128-3 /WINDOWS/system32/imagehlp.dll 619520 .a.. r/rr-xr-xr-x 0 0 1948-128-3 /WINDOWS/system32/urlmon.dll 666112 .a.. r/rr-xr-xr-x 0 0 1951-128-3 /WINDOWS/system32/wininet.dll 172032 .a.. r/rr-xr-xr-x 0 0 1952-128-3 /WINDOWS/system32/wldap32.dll 599040 .a.. r/rr-xr-xr-x 0 0 1959-128-3 /WINDOWS/system32/crypt32.dll 57344 .a.. r/rr-xr-xr-x 0 0 1961-128-3 /WINDOWS/system32/msasn1.dll 1845632 .a.. r/rr-xr-xr-x 0 0 1962-128-3 /WINDOWS/system32/win32k.sys 507904 .a.. r/rr-xr-xr-x 0 0 1971-128-3 /WINDOWS/system32/winlogon.exe 337408 .a.. r/rr-xr-xr-x 0 0 1976-128-3 /WINDOWS/system32/netapi32.dll 82432 .a.. r/rr-xr-xr-x 0 0 1978-128-3 /WINDOWS/system32/ws2_32.dll 19968 .a.. r/rr-xr-xr-x 0 0 1979-128-3 /WINDOWS/system32/ws2help.dll 713216 .a.. r/rr-xr-xr-x 0 0 1985-128-3 /WINDOWS/system32/sxs.dll 985088 .a.. r/rr-xr-xr-x 0 0 1988-128-3 /WINDOWS/system32/setupapi.dll 176640 .a.. r/rr-xr-xr-x 0 0 1990-128-3 /WINDOWS/system32/wintrust.dll 125952 .a.. r/rr-xr-xr-x 0 0 1992-128-3 /WINDOWS/system32/apphelp.dll 147968 .a.. r/rr-xr-xr-x 0 0 2002-128-3 /WINDOWS/system32/dnsapi.dll 399360 .a.. r/rr-xr-xr-x 0 0 2019-128-3 /WINDOWS/system32/rpcss.dll 245248 .a.. r/rr-xr-xr-x 0 0 2020-128-3 /WINDOWS/system32/mswsock.dll 19456 .a.. r/rr-xr-xr-x 0 0 2021-128-3 /WINDOWS/system32/wshtcpip.dll 94720 .a.. r/rr-xr-xr-x 0 0 2023-128-3 /WINDOWS/system32/iphlpapi.dll 16896 .a.. r/rr-xr-xr-x 0 0 2025-128-3 /WINDOWS/system32/winrnr.dll 7680 .a.. r/rr-xr-xr-x 0 0 2026-128-3 /WINDOWS/system32/rasadhlp.dll 44032 .a.. r/rr-xr-xr-x 0 0 2029-128-3 /WINDOWS/system32/rtutils.dll 22528 .a.. r/rr-xr-xr-x 0 0 2066-128-3 /WINDOWS/system32/wsock32.dll 237056 .a.. r/rr-xr-xr-x 0 0 2079-128-3 /WINDOWS/system32/rasapi32.dll 61440 .a.. r/rr-xr-xr-x 0 0 2080-128-3 /WINDOWS/system32/rasman.dll 181760 .a.. r/rr-xr-xr-x 0 0 2081-128-3 /WINDOWS/system32/tapi32.dll 7168 .a.. r/rr-xr-xr-x 0 0 2082-128-3 /WINDOWS/system32/sensapi.dll 101888 .a.. r/rr-xr-xr-x 0 0 2083-128-3 /WINDOWS/system32/cscdll.dll 326656 .a.. r/rr-xr-xr-x 0 0 2086-128-3 /WINDOWS/system32/cscui.dll 1025024 .a.. r/rr-xr-xr-x 0 0 2094-128-3 /WINDOWS/system32/browseui.dll 1499136 .a.. r/rr-xr-xr-x 0 0 2096-128-3 /WINDOWS/system32/shdocvw.dll 512512 .a.. r/rr-xr-xr-x 0 0 2143-128-3 /WINDOWS/system32/cryptui.dll 433664 .a.. r/rr-xr-xr-x 0 0 2144-128-3 /WINDOWS/system32/riched20.dll 344064 .a.. r/rr-xr-xr-x 0 0 2153-128-3 /WINDOWS/system32/hnetcfg.dll 63488 .a.. r/rr-xr-xr-x 0 0 2181-128-3 /WINDOWS/system32/browselc.dll 792064 .a.. r/rr-xr-xr-x 0 0 2324-128-3 /WINDOWS/system32/comres.dll 586240 .a.. r/rr-xr-xr-x 0 0 2685-128-3 /WINDOWS/system32/mlang.dll 549376 .a.. r/rr-xr-xr-x 0 0 3010-128-3 /WINDOWS/system32/shdoclc.dll 2897920 .a.. r/rr-xr-xr-x 0 0 3313-128-3 /WINDOWS/system32/xpsp2res.dll 498688 .a.. r/rr-xr-xr-x 0 0 4926-128-3 /WINDOWS/system32/clbcatq.dll 22512 .a.. r/rr-xr-xr-x 0 0 7539-128-4 /WINDOWS/Registration/R000000000007.clb Fri Jul 01 2011 15:07:07 105 ...b r/rrwxrwxrwx 0 0 10315-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ac3[1].htm 110080 .a.. r/rr-xr-xr-x 0 0 2009-128-3 /WINDOWS/system32/imm32.dll 23040 .a.. r/rr-xr-xr-x 0 0 2146-128-3 /WINDOWS/system32/psapi.dll 3066880 .a.. r/rr-xr-xr-x 0 0 2186-128-3 /WINDOWS/system32/mshtml.dll 512000 .a.. r/rr-xr-xr-x 0 0 2608-128-3 /WINDOWS/system32/jscript.dll 297984 .a.. r/rr-xr-xr-x 0 0 3263-128-3 /WINDOWS/system32/MSCTF.dll 159232 .a.. r/rr-xr-xr-x 0 0 3269-128-3 /WINDOWS/system32/MSIMTF.dll 1695232 .a.. r/rr-xr-xr-x 0 0 5485-128-3 /Program Files/Messenger/msmsgs.exe 146432 .a.. r/rr-xr-xr-x 0 0 993-128-3 /WINDOWS/system32/msls31.dll Fri Jul 01 2011 15:07:09 409280 .a.. r/rr-xr-xr-x 0 0 2190-128-3 /WINDOWS/Fonts/times.ttf Fri Jul 01 2011 15:07:16 62692 mac. r/rrwxrwxrwx 0 0 10760-128-4 /WINDOWS/Prefetch/IEXPLORE.EXE-27122324.pf Fri Jul 01 2011 15:07:25 100 .a.. r/rr-xr-xr-x 0 0 10317-128-1 /Documents and Settings/malware/Cookies/malware@64.111.211[1].txt 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://www.findfertile.org/go.php?userip=198.176.229.10&referer=http://www.findfertile.org/search.php?q=exotic+cars&aid=531&sid=direc20&curl=http://64.111.211.158/c.php?s=eNodk0uzgjgUhH-QVZKQAMniLhAExIBeEHlspggPEcELgigWP36cWZxedH29Ot31IiIJKIuMyeKenDcLvS5rz7VTqz8LWAMg_6-KtIgAQqB8hQAZ4SWJqik3m3pnulV2d34WhaQFlzIEeJHTLyFxpYQIpDglsAAF-UekHOdIoTSlJSYSFTGChOcU50WRQywvlCx4Kdw_FxjF_HdTVdVRTzh2Kt1UzrBKL_tdfRO2B28T3_X9wQIrrPwKmY1X0_Hz-mzv12d-ZHrlXY7Ifs6JQOWyc0v0IIrQFWd7KD98w5qrPcgq-3sGjsb_sGucNL-wyJwEZ3fs4D52YG2E_WXyG-mq5oXWUm5r90CAkv1-HA613VR9KMfGZ589zH2OprhJ5J6AqXn-UaMXoiAag_b6YOMmHOD4KroquG3CLSA1rvy9PRUVreANtaBmImMAZ7oMy2Ab5bj1B8mhefYiiq57WRfsRff0ttWOeYr86FDGMrlgxVF9wt3v5fp-V6hJnyU8YPX6K2pm7OvsPf6V4kEUVj5pj5Gx2kSdzwaOqjEdjOH7Ydu4rjwnuvQfFk710Q8U8H7dfEti4WjOriMYRhvXw0eT-q-dS-Yd94mV5tb4Snqw0l-CdiW55W0ueJOdpszsJdNyNXO4bjdO1cSuM16EAxoEfo4nO4zex_sUdhbxdqLuHJ_dr1LSSE9qX2RbcT7zzZ7xCk5MPW75ePsNLdevys8jedH7qsKuCLVSLLms8905U9zGthRDY7EEzLnm6DLZ3_D9JQFRlyTZLPpPp39Crek7IZW3SfdAu-YoDelWgQ_fDww2yZP_ov1-lif-LSad7qLHBvsFz41c3NJtY9zeBEWwuBz1XIvgibZo28bQsAmk_ZPlby-xr9lk28CYHvvAt-QZDtSWLEH14grS4GeBlKyhIq9Fka4hWBZI8BpK35PRGlK8_GfBhYdnMQ3pmEduF6OkS8zzlM3SmERJx2ep5iL4FnuHDydndi4_P4uEEVn-C6MlRzli7ZdrvTaJbJCG74a1dE5eX06BCiKlzBHnRKF5IYKUYpqijBNcFhAvaQlSSDNKMcxLjEqaQgnIhUK--y4AIP8Chj9Mpg&aid=531&sid=direc20 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:64.111.211.158/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:64.188.52.125/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 99 ma.b r/rr-xr-xr-x 0 0 11412-128-1 /Documents and Settings/malware/Cookies/malware@64.188.52[1].txt Fri Jul 01 2011 15:07:26 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://fraud-screening.com/mtest.php?r=bjo0OntmOjE6InAiO2Y6OTk6InVnZ2M6Ly96cml2YnpoZnZwaXZxcmJmLnpyaXZiLnBiei8_aGd6X2ZiaGVwcj00MTc4cDMmaGd6X3BuemNudnRhPTQxNzhwM18yMTctMjM1MDctMSZoZ3pfenJxdmh6PXBjcCI7ZjoxOiJnIjtmOjQ6IjJfcTEiO2Y6MjoidnEiO3Y6MTY2Mjc5MDtmOjE6Im8iO3Y6NDA7fQ cache stored in: QJM5KT6J/mtest[1].htm - HTTP/1.1 200 OK - Content-Type: text/html - Transfer-Encoding: chunked (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 3181 ma.b r/rr-xr-xr-x 0 0 11446-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mtest[1].htm Fri Jul 01 2011 15:08:08 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://fraud-screening.com/mred.php?r=bjo0OntmOjE6InAiO2Y6OTk6InVnZ2M6Ly96cml2YnpoZnZwaXZxcmJmLnpyaXZiLnBiei8_aGd6X2ZiaGVwcj00MTc4cDMmaGd6X3BuemNudnRhPTQxNzhwM18yMTctMjM1MDctMSZoZ3pfenJxdmh6PXBjcCI7ZjoxOiJnIjtmOjQ6IjJfcTEiO2Y6MjoidnEiO3Y6MTY2Mjc5MDtmOjE6Im8iO3Y6NDA7fQ&x=-1&y=-1&f=-1&i=-1&s=0 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 1351168 .a.. r/rr-xr-xr-x 0 0 2740-128-3 /WINDOWS/system32/mshtml.tlb 832872 .a.. r/rr-xr-xr-x 0 0 6093-128-3 /WINDOWS/system32/Macromed/Flash/flash.ocx Fri Jul 01 2011 15:08:09 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://fraud-screening.com/test.swf cache stored in: UPQVMROL/test[1].swf - HTTP/1.1 200 OK - Content-Type: application/x-shockwave-flash - Content-Length: 169 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10527 [Internet Explorer] (Last Access) User: malware URL:http://fraud-screening.com/mred.php?r=bjo0OntmOjE6InAiO2Y6OTk6InVnZ2M6Ly96cml2YnpoZnZwaXZxcmJmLnpyaXZiLnBiei8_aGd6X2ZiaGVwcj00MTc4cDMmaGd6X3BuemNudnRhPTQxNzhwM18yMTctMjM1MDctMSZoZ3pfenJxdmh6PXBjcCI7ZjoxOiJnIjtmOjQ6IjJfcTEiO2Y6MjoidnEiO3Y6MTY2Mjc5MDtmOjE6Im8iO3Y6NDA7fQ&x=588&y=257&f=1&i=0&s=1 (file: /media/sdb1/Documents and Settings/malware/Local Settings/History/History.IE5/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:crux.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 95 .a.. r/rr-xr-xr-x 0 0 11190-128-1 /Documents and Settings/malware/Cookies/malware@crux.mevio[1].txt 157999 .a.. r/rr-xr-xr-x 0 0 11194-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/index[2].js 1604 .a.. r/rr-xr-xr-x 0 0 11195-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ie6-fixes[2].css 26185 .a.. r/rr-xr-xr-x 0 0 11196-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/index[1].css 27240 .a.. r/rr-xr-xr-x 0 0 11197-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ga[2].js 2132 .a.. r/rr-xr-xr-x 0 0 11198-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/small-icons[1].png 33316 .a.. r/rr-xr-xr-x 0 0 11199-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/shows[2].css 98741 .a.. r/rr-xr-xr-x 0 0 11200-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showPage[2].js 999 .a.. r/rr-xr-xr-x 0 0 11202-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/box-shadows[1].png 2680 .a.. r/rr-xr-xr-x 0 0 11203-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/box-heading[1].png 11097 .a.. r/rr-xr-xr-x 0 0 11204-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/logo-and-footer[1].jpg 610 .a.. r/rr-xr-xr-x 0 0 11206-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/now-playing-bg[1].jpg 169 ma.b r/rr-xr-xr-x 0 0 11282-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/test[1].swf 346 ...b r/rr-xr-xr-x 0 0 11513-128-1 /Documents and Settings/malware/Cookies/malware@meviomusicvideos.mevio[1].txt 72704 .a.. r/rr-xr-xr-x 0 0 2522-128-3 /WINDOWS/system32/hlink.dll 35840 .a.. r/rr-xr-xr-x 0 0 2554-128-3 /WINDOWS/system32/imgutil.dll 449024 .a.. r/rr-xr-xr-x 0 0 2741-128-3 /WINDOWS/system32/mshtmled.dll 39424 .a.. r/rr-xr-xr-x 0 0 2913-128-3 /WINDOWS/system32/pngfilt.dll Fri Jul 01 2011 15:08:10 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/38a/445/38a4455f2ab8b48ae8b7989684b9fefbe86a74c4.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286382/large/meviomusicvideos-us-e.jpg?r=1309284353&width=200&height=112&scheme=1 cache stored in: UPQVMROL/38a4455f2ab8b48ae8b7989684b9fefbe86a74c4[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10750 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/576/402/576402c013369ada43b03805b1ee8f85efe6bab2.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/285203/large/meviomusicvideos-us-e.jpg?r=1308348460&width=200&height=112&scheme=1 cache stored in: UPQVMROL/576402c013369ada43b03805b1ee8f85efe6bab2[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 9401 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/5a4/580/5a458020a8c95e20363153d191a0748701307b5a.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286410/large/meviomusicvideos-us-e.jpg?r=1309297607&width=200&height=112&scheme=1 cache stored in: UPQVMROL/5a458020a8c95e20363153d191a0748701307b5a[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 11756 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/5be/046/5be046bbf1571cbc0992bf977c4aeb36fe0bbfe2.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/285204/large/meviomusicvideos-us-e.jpg?r=1308349122&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/5be046bbf1571cbc0992bf977c4aeb36fe0bbfe2[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 11857 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/6e6/a01/6e6a0112e4c93ee32e29655c48de42b3f0d7b310.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286375/large/meviomusicvideos-us-e.jpg?r=1309281211&width=200&height=112&scheme=1 cache stored in: SLK18LSF/6e6a0112e4c93ee32e29655c48de42b3f0d7b310[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 11391 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/70c/4ea/70c4ea8c569d118f0d0058b9beea05a469166b2a.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286216/large/meviomusicvideos-us-e.jpg?r=1309194443&width=200&height=112&scheme=1 cache stored in: SLK18LSF/70c4ea8c569d118f0d0058b9beea05a469166b2a[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 8028 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/9cc/492/9cc4923ca535dba1931fa11b1f6bd84dcc7e6dc9.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286018/large/meviomusicvideos-us-e.jpg?r=1308962688&width=200&height=112&scheme=1 cache stored in: UPQVMROL/9cc4923ca535dba1931fa11b1f6bd84dcc7e6dc9[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10036 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/a80/ca0/a80ca036690e47436bec21d0d63ccfc3c17d4552.png?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/285198/large/meviomusicvideos-us-e.png?r=1308758741&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/a80ca036690e47436bec21d0d63ccfc3c17d4552[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 35293 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/ad5/164/ad51643e2a4d3bc8ed990def3267b92603dbd754.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286203/large/meviomusicvideos-us-e.jpg?r=1309184585&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/ad51643e2a4d3bc8ed990def3267b92603dbd754[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10893 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/cec/453/cec453d28b67092f80601ab4e425a38c43ef51b2.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/285663/large/meviomusicvideos-us-e.jpg?r=1308703343&width=200&height=112&scheme=1 cache stored in: YZCXGNW1/cec453d28b67092f80601ab4e425a38c43ef51b2[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10030 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://img.mevio.com/images/fb1/df8/fb1df8b71f80b980a70d8f0f7b7e19a553978da8.jpg?url=http://origin.psstatic.podshow.com/images/shows/19560/episodes/286218/large/meviomusicvideos-us-e.jpg?r=1309195367&width=200&height=112&scheme=1 cache stored in: QJM5KT6J/fb1df8b71f80b980a70d8f0f7b7e19a553978da8[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 10998 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/1799/shows/thumbs/fullerecords.jpg?r=1160926022 cache stored in: YZCXGNW1/fullerecords[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2278 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/19560/shows/thumbs/meviomusicvideos.png?r=1241165388 cache stored in: QJM5KT6J/meviomusicvideos[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 7135 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/shows/22047/shows/thumbs/cattitude.jpg?r=1282942633 cache stored in: UPQVMROL/cattitude[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3170 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/10014/gallery/thumbs/6024.jpg cache stored in: YZCXGNW1/6024[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3723 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/1097/gallery/thumbs/avatar.png cache stored in: SLK18LSF/avatar[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 9948 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/1217/gallery/thumbs/274367.jpg cache stored in: UPQVMROL/274367[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3697 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/12733/gallery/thumbs/7601.jpg cache stored in: YZCXGNW1/7601[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 4140 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/13460/gallery/thumbs/21042.jpg cache stored in: QJM5KT6J/21042[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2720 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/17251/gallery/thumbs/12129.jpg cache stored in: SLK18LSF/12129[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3471 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/194/gallery/thumbs/avatar.png cache stored in: QJM5KT6J/avatar[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 11896 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/201/gallery/thumbs/407.jpg cache stored in: SLK18LSF/407[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3060 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/2098/gallery/thumbs/avatar.png cache stored in: YZCXGNW1/avatar[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 8731 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/300/gallery/thumbs/8683.jpg cache stored in: SLK18LSF/8683[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2595 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/3434/gallery/thumbs/2372.jpg cache stored in: YZCXGNW1/2372[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2931 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/3458/gallery/thumbs/183998.jpg cache stored in: UPQVMROL/183998[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 3284 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/357975/gallery/med/169203.jpg cache stored in: QJM5KT6J/169203[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 21303 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/554/gallery/thumbs/646.jpg cache stored in: QJM5KT6J/646[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2364 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/68834/gallery/thumbs/42861.jpg cache stored in: YZCXGNW1/42861[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 2705 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://psstatic.podshow.com/images/users/8292/gallery/thumbs/5205.png cache stored in: UPQVMROL/5205[1].png - HTTP/1.1 200 OK - Content-Type: image/png - X-Cache: HIT - Content-Length: 7467 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://static.podshow.com/profiles/BackgroundFiles/MEVIOmusic.jpg cache stored in: SLK18LSF/MEVIOmusic[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 137195 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ui.mevio.com/static/us/images/defaults/shows/thumbs/default.jpg cache stored in: QJM5KT6J/default[1].jpg - HTTP/1.1 200 OK - Content-Type: image/jpeg - X-Cache: HIT - Content-Length: 18913 (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 58767 .a.. r/rr-xr-xr-x 0 0 11207-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/PromoRollV4[1].jpg 1222 .a.. r/rr-xr-xr-x 0 0 11220-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/default[1].jpg 5130 .a.. r/rr-xr-xr-x 0 0 11221-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showicons[1].png 2705 .a.. r/rr-xr-xr-x 0 0 11224-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/42861[1].jpg 2901 .a.. r/rr-xr-xr-x 0 0 11226-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/4197dfa1f28d2d77f56f6f8e1eb334e36a0bd5a6[1].jpg 3471 .a.. r/rr-xr-xr-x 0 0 11227-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/12129[1].jpg 2931 .a.. r/rr-xr-xr-x 0 0 11245-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/2372[1].jpg 7011 .a.. r/rr-xr-xr-x 0 0 11255-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hotoff-us-e[1].jpg 794 .a.. r/rr-xr-xr-x 0 0 11257-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/joinNow25high[1].gif 20356 .a.. r/rr-xr-xr-x 0 0 11258-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_player[2].js 3493 .a.. r/rr-xr-xr-x 0 0 11260-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_comments[2].js 78342 .a.. r/rr-xr-xr-x 0 0 11268-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_htdocs[1].js 65677 .a.. r/rr-xr-xr-x 0 0 11269-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tpl_shows[2].js 18913 .a.. r/rr-xr-xr-x 0 0 11409-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/default[1].jpg 7467 .a.. r/rr-xr-xr-x 0 0 11432-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5205[1].png 4140 .a.. r/rr-xr-xr-x 0 0 11438-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7601[1].jpg 10998 ma.b r/rr-xr-xr-x 0 0 11573-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/fb1df8b71f80b980a70d8f0f7b7e19a553978da8[1].jpg 11756 ma.b r/rr-xr-xr-x 0 0 11602-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5a458020a8c95e20363153d191a0748701307b5a[1].jpg 10750 ma.b r/rr-xr-xr-x 0 0 11605-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/38a4455f2ab8b48ae8b7989684b9fefbe86a74c4[1].jpg 137195 ma.b r/rr-xr-xr-x 0 0 11609-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/MEVIOmusic[1].jpg 11391 ma.b r/rr-xr-xr-x 0 0 11610-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/6e6a0112e4c93ee32e29655c48de42b3f0d7b310[1].jpg 9948 ma.b r/rr-xr-xr-x 0 0 11619-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/avatar[1].png 8028 ma.b r/rr-xr-xr-x 0 0 11620-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/70c4ea8c569d118f0d0058b9beea05a469166b2a[1].jpg 3060 ma.b r/rr-xr-xr-x 0 0 11650-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/407[1].jpg 2734 ma.b r/rr-xr-xr-x 0 0 11652-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/photo_default[1].jpg 8731 ma.b r/rr-xr-xr-x 0 0 11653-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/avatar[1].png 10893 ma.b r/rr-xr-xr-x 0 0 11654-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ad51643e2a4d3bc8ed990def3267b92603dbd754[1].jpg 10036 ma.b r/rr-xr-xr-x 0 0 11655-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/9cc4923ca535dba1931fa11b1f6bd84dcc7e6dc9[1].jpg 5012 ma.b r/rr-xr-xr-x 0 0 11657-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mevio-megahit[1].jpg 2720 ma.b r/rr-xr-xr-x 0 0 11658-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/21042[1].jpg 3284 ma.b r/rr-xr-xr-x 0 0 11659-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/183998[1].jpg 11896 ma.b r/rr-xr-xr-x 0 0 11660-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/avatar[1].png 10030 ma.b r/rr-xr-xr-x 0 0 11661-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/cec453d28b67092f80601ab4e425a38c43ef51b2[1].jpg 11857 ma.b r/rr-xr-xr-x 0 0 11662-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5be046bbf1571cbc0992bf977c4aeb36fe0bbfe2[1].jpg 3723 ma.b r/rr-xr-xr-x 0 0 11663-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/6024[1].jpg 9401 ma.b r/rr-xr-xr-x 0 0 11664-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/576402c013369ada43b03805b1ee8f85efe6bab2[1].jpg 3697 ma.b r/rr-xr-xr-x 0 0 11665-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/274367[1].jpg 35293 ma.b r/rr-xr-xr-x 0 0 11666-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/a80ca036690e47436bec21d0d63ccfc3c17d4552[1].png 2364 ma.b r/rr-xr-xr-x 0 0 11667-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/646[1].jpg 2595 ma.b r/rr-xr-xr-x 0 0 11668-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/8683[1].jpg 7135 ma.b r/rr-xr-xr-x 0 0 11669-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/meviomusicvideos[1].png 21303 ma.b r/rr-xr-xr-x 0 0 11670-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/169203[1].jpg 3170 ma.b r/rr-xr-xr-x 0 0 11671-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/cattitude[1].jpg 2278 ma.b r/rr-xr-xr-x 0 0 11672-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/fullerecords[1].jpg 58880 .a.. r/rr-xr-xr-x 0 0 2053-128-3 /WINDOWS/system32/atl.dll 477 .a.. r/rr-xr-xr-x 0 0 224-128-1 /WINDOWS/win.ini 8704 .a.. r/rr-xr-xr-x 0 0 2351-128-3 /WINDOWS/system32/dciman32.dll 279552 .a.. r/rr-xr-xr-x 0 0 2353-128-3 /WINDOWS/system32/ddraw.dll 27136 .a.. r/rr-xr-xr-x 0 0 2354-128-3 /WINDOWS/system32/ddrawex.dll 357888 .a.. r/rr-xr-xr-x 0 0 2441-128-3 /WINDOWS/system32/dxtmsft.dll 205312 .a.. r/rr-xr-xr-x 0 0 2442-128-3 /WINDOWS/system32/dxtrans.dll 81000 .a.. r/rr-xr-xr-x 0 0 274-128-3 /WINDOWS/Fonts/wingding.ttf 689152 .a.. r/rr-xr-xr-x 0 0 3339-128-3 /WINDOWS/system32/xpsp3res.dll 93184 .a.. r/rr-xr-xr-x 0 0 5615-128-3 /Program Files/Internet Explorer/IEXPLORE.EXE Fri Jul 01 2011 15:08:11 950 .a.. r/rr-xr-xr-x 0 0 11272-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dropdown-arrows[2].png 3681 .a.. r/rr-xr-xr-x 0 0 11279-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/player-icons[2].png 3320 .a.. r/rr-xr-xr-x 0 0 6834-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/mevio-m-neverback-24x24[1].gif Fri Jul 01 2011 15:08:12 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://meviomusicvideos.mevio.com/rest/facebook/xd_receiver.php cache stored in: YZCXGNW1/xd_receiver[2].htm - HTTP/1.1 200 OK - Content-Length: 591 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://www.facebook.com/extern/login_status.php?api_key=c99345b4de38e993c64ef4654ac9164b&extern=2&channel=http://meviomusicvideos.mevio.com/rest/facebook/xd_receiver.php&locale=en_US cache stored in: YZCXGNW1/login_status[2].htm - HTTP/1.1 200 OK - Content-Length: 1188 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:meviomusicvideos.mevio.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 665 .a.. r/rr-xr-xr-x 0 0 11192-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/client_restserver[1].htm 18453 ma.b r/rr-xr-xr-x 0 0 11273-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/en_US[1] 14288 ma.b r/rr-xr-xr-x 0 0 11278-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/connect-css[1].css 3386 .a.. r/rr-xr-xr-x 0 0 11286-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/XdCommReceiver[2].js 18453 .a.. r/rr-xr-xr-x 0 0 11401-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/connect[2].php 346 ma.. r/rr-xr-xr-x 0 0 11513-128-1 /Documents and Settings/malware/Cookies/malware@meviomusicvideos.mevio[1].txt 591 ma.b r/rr-xr-xr-x 0 0 11611-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/xd_receiver[2].htm 211318 ma.b r/rr-xr-xr-x 0 0 11651-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/XFBML[2] 1188 ma.b r/rr-xr-xr-x 0 0 11673-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/login_status[2].htm Fri Jul 01 2011 15:08:16 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:quantserve.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:tap2-cdn.rubiconproject.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 92 .a.. r/rr-xr-xr-x 0 0 11289-128-1 /Documents and Settings/malware/Cookies/malware@quantserve[1].txt 297 .a.. r/rr-xr-xr-x 0 0 11303-128-1 /Documents and Settings/malware/Cookies/malware@tap2-cdn.rubiconproject[1].txt 12576 .a.. r/rr-xr-xr-x 0 0 11339-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/tags[2].js 60 .a.. r/rr-xr-xr-x 0 0 11342-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/displayAd[2].js 2034 ma.b r/rr-xr-xr-x 0 0 11546-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[3].js 423 ma.b r/rr-xr-xr-x 0 0 11677-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CAAV0DMX.ad 171792 .a.. r/rr-xr-xr-x 0 0 2171-128-3 /WINDOWS/Fonts/verdana.ttf 137616 .a.. r/rr-xr-xr-x 0 0 275-128-3 /WINDOWS/Fonts/verdanab.ttf Fri Jul 01 2011 15:08:17 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/a.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309558097515_t=1309558097531 cache stored in: YZCXGNW1/a[1].gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n17.panthercdn.com - ETag: "3c04c-2b-edb95b80" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/f.gif?cd=4_cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309558097515_t=1309558097531f.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309558097515_t=1309558097531 cache stored in: YZCXGNW1/CA7ULCDX.gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n17.panthercdn.com - ETag: "3c050-2b-edb95b80" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cheetah.vizu.com/i.gif?cid=2073_adid=728x90_siteid=tribalfusion_adtype=1_stype=0_siteurl=a.tribalfusion.com_wc=_cust1=_cust2=_cust3=_cust4=_cust5=_ver=v5_o=winxp_ua=msie_uv=6.0_lan=en-us_fv=null_id=1309558097515_t=1309558097531 cache stored in: UPQVMROL/i[1].gif - HTTP/1.1 200 OK - X-Px: ht lax-am6-n17.panthercdn.com - ETag: "3c051-2b-775728c0" - Content-Length: 43 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js?ai=5627997 cache stored in: SLK18LSF/StdBanner[2].js - HTTP/1.1 200 OK - Content-Length: 24385 - Content-Type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingRes///Site-7247/Type-0/118ed178-986a-4c57-9d20-0870639fdad0.jpg cache stored in: YZCXGNW1/118ed178-986a-4c57-9d20-0870639fdad0[1].jpg - HTTP/1.1 200 OK - Content-Length: 32284 - Content-Type: image/jpeg (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://puma.vizu.com/cdn/00/00/20/73/tracking_only.js?adid=728x90_siteid=tribalfusion_ord=[RANDOM] cache stored in: UPQVMROL/tracking_only[2].js - HTTP/1.1 200 OK - Content-Length: 7905 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://b3.mookie1.com/2/TribalFusionB3/Motorola/2011Q2_Atrix/CN/728/11226746971 URL:x90 cache stored in: SLK18LSF/11226746971@x90[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 520 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:mookie1.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 m... 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:r1-ads.ace.advertising.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 3447 .a.. r/rr-xr-xr-x 0 0 11253-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/beacon[2].js 136 .a.. r/rr-xr-xr-x 0 0 11288-128-1 /Documents and Settings/malware/Cookies/malware@r1-ads.ace.advertising[1].txt 6621 .a.. r/rr-xr-xr-x 0 0 11297-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/emily[1].htm 15168 .a.. r/rr-xr-xr-x 0 0 11315-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/aceUAC[1].js 32284 .a.. r/rr-xr-xr-x 0 0 11359-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/118ed178-986a-4c57-9d20-0870639fdad0[1].jpg 24385 .a.. r/rr-xr-xr-x 0 0 11360-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/StdBanner[2].js 688 m..b r/rr-xr-xr-x 0 0 11361-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[5] 7905 .a.. r/rr-xr-xr-x 0 0 11365-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tracking_only[2].js 2199 ma.b r/rr-xr-xr-x 0 0 11680-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[3].js 2571 ma.b r/rr-xr-xr-x 0 0 11682-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CASLYJYZ.htm 2322 ma.b r/rr-xr-xr-x 0 0 11683-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-2[2].js 43 ma.b r/rr-xr-xr-x 0 0 11684-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/a[1].gif 43 ma.b r/rr-xr-xr-x 0 0 11685-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/i[1].gif 467 ma.b r/rr-xr-xr-x 0 0 11686-128-1 /Documents and Settings/malware/Cookies/malware@mookie1[2].txt 43 ma.b r/rr-xr-xr-x 0 0 11687-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CA7ULCDX.gif 520 ma.b r/rr-xr-xr-x 0 0 11688-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/11226746971@x90[1].htm Fri Jul 01 2011 15:08:18 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://cdn.doubleverify.com/script201.js?agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895815&advid=796804&sid=Fox Audience Network&adid= cache stored in: YZCXGNW1/script201[2].js - HTTP/1.1 200 OK - Content-Length: 2914 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js?ai=5823404 cache stored in: UPQVMROL/StdBanner[3].js - HTTP/1.1 200 OK - Content-Length: 24385 - Content-Type: text/javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://ds.serving-sys.com/BurstingRes///Site-15895/Type-0/e9d2c6f5-3580-49dd-bdc0-2e403a7d2856.jpg cache stored in: QJM5KT6J/e9d2c6f5-3580-49dd-bdc0-2e403a7d2856[1].jpg - HTTP/1.1 200 OK - Content-Length: 38232 - Content-Type: image/jpeg (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://log30.doubleverify.com/visitor.aspx?query=agnc=796803&cmp=947466&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=2895815&advid=796804&sid=Fox%20Audience%20Network&adid=&&num=201&srcurl=http://meviomusicvideos.mevio.com/?utm_source=4178c3&utm_campaign=4178c3_217-23507-1&utm_medium=cpc&random=0.94710254720234 cache stored in: YZCXGNW1/CAQR0LMZ.jpg - HTTP/1.1 200 OK - Content-Length: 0 - Content-Type: image/jpeg - X-AspNet-Version: 2.0.50727 - X-Powered-By: ASP.NET (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://pixel.rubiconproject.com/tap.php?v=6073&nid=2100&expires=30&put=usr3fe2dc1c4a07ca8b cache stored in: SLK18LSF/tap[2].gif - HTTP/1.1 200 OK - X-Powered-By: PHP/5.1.6 - P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" - Content-Length: 49 - Keep-Alive: timeout=45- max=324 - Content-Type: image/gif (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 m... 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) User: http://dm.de.mookie1.com/2/B3DM/2010DM/11243369564 URL:x23?USNetwork/Moto_2011Q2_Atrix_TF_CN_728 cache stored in: YZCXGNW1/11243369564@x23[1].htm - HTTP/1.1 200 OK - P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"-policyref="/w3c/p3p.xml" - Content-Length: 2421 - Keep-Alive: timeout=60 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:b3.mookie1.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:delb.opt.fimserve.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:netseer.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:opt.fimserve.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 0 macb 0 0 0 10534 [Internet Explorer] (Last time cookie passed to website/Website modified cookie) User: Cookie:malware URL:serving-sys.com/ (file: /media/sdb1/Documents and Settings/malware/Cookies/index.dat) 430 ma.. r/rr-xr-xr-x 0 0 11337-128-1 /Documents and Settings/malware/Cookies/malware@serving-sys[1].txt 688 .a.. r/rr-xr-xr-x 0 0 11361-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[5] 138 ma.b r/rr-xr-xr-x 0 0 11369-128-1 /Documents and Settings/malware/Cookies/malware@netseer[1].txt 2914 .a.. r/rr-xr-xr-x 0 0 11405-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/script201[2].js 2793 .a.. r/rr-xr-xr-x 0 0 11500-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/aceUACping[1].htm 87 ma.b r/rr-xr-xr-x 0 0 11527-128-1 /Documents and Settings/malware/Cookies/malware@b3.mookie1[2].txt 1016 ma.b r/rr-xr-xr-x 0 0 11530-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[4].htm 38232 ma.b r/rr-xr-xr-x 0 0 11538-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/e9d2c6f5-3580-49dd-bdc0-2e403a7d2856[1].jpg 479 ma.b r/rr-xr-xr-x 0 0 11606-128-1 /Documents and Settings/malware/Cookies/malware@opt.fimserve[2].txt 2951 ma.b r/rr-xr-xr-x 0 0 11612-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA2FG5QT.htm 115 ma.b r/rr-xr-xr-x 0 0 11616-128-1 /Documents and Settings/malware/Cookies/malware@delb.opt.fimserve[2].txt 49 ma.. r/rr-xr-xr-x 0 0 11691-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tap[2].gif 2421 ma.b r/rr-xr-xr-x 0 0 11693-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/11243369564@x23[1].htm 24385 ma.b r/rr-xr-xr-x 0 0 11695-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/StdBanner[3].js 0 ma.b r/rr-xr-xr-x 0 0 11696-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAQR0LMZ.jpg Fri Jul 01 2011 15:08:40 3067866 ma.. r/rr-xr-xr-x 0 0 11447-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/swflash[1].cab 208384 .a.. r/rr-xr-xr-x 0 0 2014-128-3 /WINDOWS/system32/rsaenh.dll Fri Jul 01 2011 15:08:41 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/SystemCertificates 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/SystemCertificates/TrustedPublisher 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/SystemCertificates/TrustedPublisher/CRLs 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/SystemCertificates/TrustedPublisher/CTLs 0 m... 0 0 0 0 REG_User_malware/Software/Microsoft/SystemCertificates/TrustedPublisher/Certificates 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/SystemCertificates 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/SystemCertificates/TrustedPublisher 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/SystemCertificates/TrustedPublisher/CRLs 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/SystemCertificates/TrustedPublisher/CTLs 0 m... 0 0 0 0 REG_User_malware/Software/Policies/Microsoft/SystemCertificates/TrustedPublisher/Certificates 56 m... d/dr-xr-xr-x 0 0 10461-144-6 /Documents and Settings/malware/Local Settings/Temp 60416 .a.. r/rr-xr-xr-x 0 0 2006-128-3 /WINDOWS/system32/cabinet.dll 461672 .a.. r/rr-xr-xr-x 0 0 2027-128-3 /WINDOWS/Fonts/micross.ttf 64512 .a.. r/rr-xr-xr-x 0 0 2145-128-3 /WINDOWS/system32/cryptnet.dll 35328 .a.. r/rr-xr-xr-x 0 0 2330-128-3 /WINDOWS/system32/corpol.dll 354304 .a.. r/rr-xr-xr-x 0 0 3169-128-3 /WINDOWS/system32/winhttp.dll 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/1_Info_CN=VeriSign Class 3 Public Primary Certification Authority - G5- OU="(c) 2006 VeriSign- Inc. - For authorized use only"- OU=VeriSign Trust Network- O="VeriSign- Inc."- C=US - 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) 65536 macb 0 0 0 3659 [Event Log] (Time generated/Time written) crypt32/4_Info_http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt (file: /media/sdb1/WINDOWS/system32/config/AppEvent.Evt) Fri Jul 01 2011 15:08:55 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://edge.quantserve.com/quant.js cache stored in: QJM5KT6J/quant[1].js - HTTP/1.1 200 OK - Content-Length: 5265 - Content-Type: application/x-javascript (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) Fri Jul 01 2011 15:08:56 16896 .a.. r/rr-xr-xr-x 0 0 2078-128-3 /WINDOWS/system32/stdole2.tlb 43520 .a.. r/rr-xr-xr-x 0 0 5780-128-3 /WINDOWS/system32/racpldlg.dll Fri Jul 01 2011 15:08:58 152 m..b d/d--x--x--x 0 0 10300-144-1 /Documents and Settings/malware/Recent 150 macb r/rr-xr-xr-x 0 0 10301-128-1 /Documents and Settings/malware/Recent/Desktop.ini 376 .a.. d/drwxrwxrwx 0 0 10404-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/S-1-5-18 0 macb 0 0 0 10413 [XP Prefetch] (Last run) ATTRIB.EXE-39EAFB02.pf - [ATTRIB.EXE] was executed - run count [21]- full path: [] - DLLs loaded: {WINDOWS/SYSTEM32/NTDLL.DLL - WINDOWS/SYSTEM32/KERNEL32.DLL - WINDOWS/SYSTEM32/ULIB.DLL - WINDOWS/SYSTEM32/MSVCRT.DLL - WINDOWS/SYSTEM32/USER32.DLL - WINDOWS/SYSTEM32/GDI32.DLL - WINDOWS/SYSTEM32/ADVAPI32.DLL - WINDOWS/SYSTEM32/RPCRT4.DLL - WINDOWS/SYSTEM32/SECUR32.DLL - WINDOWS/SYSTEM32/SHIMENG.DLL - WINDOWS/APPPATCH/ACGENRAL.DLL - WINDOWS/SYSTEM32/WINMM.DLL - WINDOWS/SYSTEM32/OLE32.DLL - WINDOWS/SYSTEM32/OLEAUT32.DLL - WINDOWS/SYSTEM32/MSACM32.DLL - WINDOWS/SYSTEM32/VERSION.DLL - WINDOWS/SYSTEM32/SHELL32.DLL - WINDOWS/SYSTEM32/SHLWAPI.DLL - WINDOWS/SYSTEM32/USERENV.DLL - WINDOWS/SYSTEM32/UXTHEME.DLL - WINDOWS/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83/COMCTL32.DLL - WINDOWS/SYSTEM32/COMCTL32.DLL} (file: /media/sdb1/WINDOWS/Prefetch/ATTRIB.EXE-39EAFB02.pf) 56 m... d/dr-xr-xr-x 0 0 10436-144-5 /Documents and Settings/malware 6976 ..c. r/rr-xr-xr-x 0 0 10617-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/malware.bmp 452608 ..c. r/rr-xr-xr-x 0 0 10650-128-4 /Documents and Settings/All Users/Application Data/VDPLtsHLVdsd.exe 6976 ..c. r/rr-xr-xr-x 0 0 11142-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/user1.bmp 6976 ..c. r/rr-xr-xr-x 0 0 11143-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/user2.bmp 6976 ..c. r/rr-xr-xr-x 0 0 11144-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/user3.bmp 372736 ..c. r/rr-xr-xr-x 0 0 11166-128-3 /Documents and Settings/All Users/Application Data/14147364.exe 336 ..c. r/rr-xr-xr-x 0 0 11168-128-1 /Documents and Settings/All Users/Application Data/14147364 232 ..c. r/rr-xr-xr-x 0 0 11173-128-4 /Documents and Settings/All Users/Application Data/~14147364 168 ..c. r/rr-xr-xr-x 0 0 11174-128-1 /Documents and Settings/All Users/Application Data/~14147364r 706048 .a.. r/rr-xr-xr-x 0 0 1931-128-3 /WINDOWS/system32/ntdll.dll 617472 .a.. r/rr-xr-xr-x 0 0 1936-128-3 /WINDOWS/system32/advapi32.dll 285184 .a.. r/rr-xr-xr-x 0 0 1938-128-3 /WINDOWS/system32/gdi32.dll 989696 .a.. r/rr-xr-xr-x 0 0 1940-128-3 /WINDOWS/system32/kernel32.dll 1287168 .a.. r/rr-xr-xr-x 0 0 1941-128-3 /WINDOWS/system32/ole32.dll 551936 .a.. r/rr-xr-xr-x 0 0 1942-128-3 /WINDOWS/system32/oleaut32.dll 584704 .a.. r/rr-xr-xr-x 0 0 1945-128-3 /WINDOWS/system32/rpcrt4.dll 8461312 .a.. r/rr-xr-xr-x 0 0 1946-128-3 /WINDOWS/system32/shell32.dll 578560 .a.. r/rr-xr-xr-x 0 0 1949-128-3 /WINDOWS/system32/user32.dll 18944 .a.. r/rr-xr-xr-x 0 0 1950-128-3 /WINDOWS/system32/version.dll 474112 .a.. r/rr-xr-xr-x 0 0 1953-128-3 /WINDOWS/system32/shlwapi.dll 617472 .a.. r/rr-xr-xr-x 0 0 1954-128-3 /WINDOWS/system32/comctl32.dll 343040 .a.. r/rr-xr-xr-x 0 0 1955-128-3 /WINDOWS/system32/msvcrt.dll 727040 .a.. r/rr-xr-xr-x 0 0 1960-128-3 /WINDOWS/system32/userenv.dll 56320 .a.. r/rr-xr-xr-x 0 0 1973-128-3 /WINDOWS/system32/secur32.dll 176128 .a.. r/rr-xr-xr-x 0 0 2010-128-3 /WINDOWS/system32/winmm.dll 218624 .a.. r/rr-xr-xr-x 0 0 2030-128-3 /WINDOWS/system32/uxtheme.dll 71680 .a.. r/rr-xr-xr-x 0 0 2039-128-3 /WINDOWS/system32/msacm32.dll 275456 .a.. r/rr-xr-xr-x 0 0 2112-128-3 /WINDOWS/system32/ulib.dll 1852928 .a.. r/rr-xr-xr-x 0 0 2193-128-3 /WINDOWS/AppPatch/AcGenral.dll 12288 .a.. r/rr-xr-xr-x 0 0 2267-128-3 /WINDOWS/system32/attrib.exe 65024 .a.. r/rr-xr-xr-x 0 0 3012-128-3 /WINDOWS/system32/shimeng.dll 1054208 .a.. r/rr-xr-xr-x 0 0 3705-128-3 /WINDOWS/WinSxS/x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83/comctl32.dll 1862 .a.. r/rr-xr-xr-x 0 0 3707-128-4 /WINDOWS/WinSxS/Manifests/x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest 621 .a.. r/rr-xr-xr-x 0 0 3710-128-4 /WINDOWS/WinSxS/Policies/x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775/6.0.2600.5512.Policy 56 .a.. d/d--x--x--x 0 0 3736-144-6 /Documents and Settings/All Users/Application Data 224 .a.. d/drwxrwxrwx 0 0 3738-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto 360 .a.. d/drwxrwxrwx 0 0 3739-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA 48 .a.. d/drwxrwxrwx 0 0 3740-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys 256 .a.. d/drwxrwxrwx 0 0 3741-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS 48 .a.. d/drwxrwxrwx 0 0 3742-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/MachineKeys 256 .ac. d/dr-xr-xr-x 0 0 4211-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Network 224 .ac. d/dr-xr-xr-x 0 0 4846-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Network/Connections 280 .ac. d/dr-xr-xr-x 0 0 4847-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Network/Connections/Pbk 853 ..c. r/rr-xr-xr-x 0 0 4849-128-3 /Documents and Settings/All Users/Application Data/Microsoft/Network/Connections/Pbk/sharedaccess.ini 48 .ac. d/dr-xr-xr-x 0 0 4858-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Network/Connections/Cm 789 ..c. r/rr-xr-xr-x 0 0 6084-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst11.wpl 1451 ..c. r/rr-xr-xr-x 0 0 6085-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst12.wpl 783 ..c. r/rr-xr-xr-x 0 0 6086-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst13.wpl 775 ..c. r/rr-xr-xr-x 0 0 6087-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst14.wpl 56 .ac. d/dr-xr-xr-x 0 0 6199-144-6 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures 56 .ac. d/dr-xr-xr-x 0 0 6200-144-6 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures 6968 ..c. r/rr-xr-xr-x 0 0 6201-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/airplane.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6202-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/astronaut.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6203-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/ball.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6204-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/butterfly.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6205-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/cat.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6206-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/fish.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6207-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/pink flower.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6208-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/guitar.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6209-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/snowflake.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6210-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/beach.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6211-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/car.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6212-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/chess.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6213-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/dirt bike.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6214-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/dog.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6215-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/drip.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6216-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/duck.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6217-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/frog.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6218-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/horses.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6219-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/kick.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6220-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/lift-off.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6221-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/palm tree.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6222-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/red flower.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6223-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/Default Pictures/skater.bmp 6968 ..c. r/rr-xr-xr-x 0 0 6224-128-3 /Documents and Settings/All Users/Application Data/Microsoft/User Account Pictures/guest.bmp 56 .a.. d/d--x--x--x 0 0 6258-144-6 /Documents and Settings/All Users/Documents/My Music/Sample Music 613638 ..c. r/rr-xr-xr-x 0 0 6259-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Music/Beethoven's Symphony No. 9 (Scherzo).wma 760748 ..c. r/rr-xr-xr-x 0 0 6260-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Music/New Stories (Highway Blues).wma 749 .a.. r/r--x--x--x 0 0 6559-128-4 /WINDOWS/WindowsShell.Manifest 787 ..c. r/rr-xr-xr-x 0 0 7552-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst10.wpl 48 .ac. d/dr-xr-xr-x 0 0 7556-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Media Index 56 .a.. d/dr-xr-xr-x 0 0 7557-144-5 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA 1250 ..c. r/rr-xr-xr-x 0 0 7558-128-3 /Documents and Settings/All Users/Documents/My Music/Sample Playlists/000EF7AA/Plylst1.wpl 536 .ac. d/dr-xr-xr-x 0 0 7559-144-1 /Documents and Settings/All Users/Application Data/Microsoft/Media Player 48 .a.. d/dr-xr-xr-x 0 0 7562-144-1 /Documents and Settings/All Users/Documents/My Music/My Playlists 720896 ..c. r/r--x--x--x 0 0 7563-128-4 /Documents and Settings/All Users/Application Data/Microsoft/Media Player/DefaultStore_59R.bin 720896 ..c. r/r--x--x--x 0 0 7564-128-4 /Documents and Settings/All Users/Application Data/Microsoft/Media Player/UserMigratedStore_59R.bin 48 .ac. d/dr-xr-xr-x 0 0 7604-144-1 /Documents and Settings/All Users/Application Data/Microsoft/HTML Help Fri Jul 01 2011 15:08:59 402432 ..c. r/rr-xr-xr-x 0 0 10000-128-1 /WINDOWS/system32/dllcache/wmm2filt.dll 502272 ..c. r/rr-xr-xr-x 0 0 10001-128-1 /WINDOWS/system32/dllcache/wmm2fxa.dll 325632 ..c. r/rr-xr-xr-x 0 0 10002-128-1 /WINDOWS/system32/dllcache/wmm2fxb.dll 4256768 ..c. r/rr-xr-xr-x 0 0 10003-128-1 /WINDOWS/system32/dllcache/wmm2res.dll 5632 ..c. r/rr-xr-xr-x 0 0 10004-128-1 /WINDOWS/system32/dllcache/wmm2res2.dll 1053184 ..c. r/rr-xr-xr-x 0 0 10005-128-1 /WINDOWS/system32/dllcache/wmnetmgr.dll 4874240 ..c. r/rr-xr-xr-x 0 0 10006-128-1 /WINDOWS/system32/dllcache/wmp.dll 20480 ..c. r/rr-xr-xr-x 0 0 10007-128-1 /WINDOWS/system32/dllcache/wmp.ocx 114688 ..c. r/rr-xr-xr-x 0 0 10008-128-1 /WINDOWS/system32/dllcache/wmpasf.dll 98304 ..c. r/rr-xr-xr-x 0 0 10009-128-1 /WINDOWS/system32/dllcache/wmpband.dll 15245 ..c. r/rr-xr-xr-x 0 0 1001-128-3 /WINDOWS/Help/msorcl32.chm 20480 ..c. r/rr-xr-xr-x 0 0 10010-128-1 /WINDOWS/system32/dllcache/wmpcd.dll 20480 ..c. r/rr-xr-xr-x 0 0 10011-128-1 /WINDOWS/system32/dllcache/wmpcore.dll 233472 ..c. r/rr-xr-xr-x 0 0 10012-128-1 /WINDOWS/system32/dllcache/wmpdxm.dll 73728 ..c. r/rr-xr-xr-x 0 0 10013-128-1 /WINDOWS/system32/dllcache/wmplayer.exe 2940928 ..c. r/rr-xr-xr-x 0 0 10014-128-1 /WINDOWS/system32/dllcache/wmploc.dll 221184 ..c. r/rr-xr-xr-x 0 0 10015-128-1 /WINDOWS/system32/dllcache/wmpns.dll 102400 ..c. r/rr-xr-xr-x 0 0 10016-128-1 /WINDOWS/system32/dllcache/wmpshell.dll 20480 ..c. r/rr-xr-xr-x 0 0 10017-128-1 /WINDOWS/system32/dllcache/wmpui.dll 759296 ..c. r/rr-xr-xr-x 0 0 10018-128-1 /WINDOWS/system32/dllcache/wmsdmod.dll 115200 ..c. r/rr-xr-xr-x 0 0 10019-128-1 /WINDOWS/system32/dllcache/wmsdmoe.dll 1119744 ..c. r/rr-xr-xr-x 0 0 10020-128-1 /WINDOWS/system32/dllcache/wmsdmoe2.dll 485376 ..c. r/rr-xr-xr-x 0 0 10021-128-1 /WINDOWS/system32/dllcache/wmspdmod.dll 897024 ..c. r/rr-xr-xr-x 0 0 10022-128-1 /WINDOWS/system32/dllcache/wmspdmoe.dll 303616 ..c. r/rr-xr-xr-x 0 0 10023-128-1 /WINDOWS/system32/dllcache/wmstream.dll 278559 ..c. r/rr-xr-xr-x 0 0 10024-128-1 /WINDOWS/system32/dllcache/wmv8ds32.ax 2109440 ..c. r/rr-xr-xr-x 0 0 10025-128-1 /WINDOWS/system32/dllcache/wmvcore.dll 809984 ..c. r/rr-xr-xr-x 0 0 10026-128-1 /WINDOWS/system32/dllcache/wmvdmod.dll 1001472 ..c. r/rr-xr-xr-x 0 0 10027-128-1 /WINDOWS/system32/dllcache/wmvdmoe2.dll 258048 ..c. r/rr-xr-xr-x 0 0 10028-128-1 /WINDOWS/system32/dllcache/wmvds32.ax 214528 ..c. r/rr-xr-xr-x 0 0 10029-128-1 /WINDOWS/system32/dllcache/wordpad.exe 19255 ..c. r/rr-xr-xr-x 0 0 1003-128-3 /WINDOWS/inf/msports.inf 264192 ..c. r/rr-xr-xr-x 0 0 10030-128-1 /WINDOWS/system32/dllcache/wow32.dll 2736 ..c. r/rr-xr-xr-x 0 0 10031-128-1 /WINDOWS/system32/dllcache/wowdeb.exe 10368 ..c. r/rr-xr-xr-x 0 0 10032-128-1 /WINDOWS/system32/dllcache/wowexec.exe 32256 ..c. r/rr-xr-xr-x 0 0 10033-128-1 /WINDOWS/system32/dllcache/wpabaln.exe 11264 ..c. r/rr-xr-xr-x 0 0 10034-128-1 /WINDOWS/system32/dllcache/wpnpinst.exe 5632 ..c. r/rr-xr-xr-x 0 0 10035-128-1 /WINDOWS/system32/dllcache/write.exe 82432 ..c. r/rr-xr-xr-x 0 0 10036-128-1 /WINDOWS/system32/dllcache/ws2_32.dll 19968 ..c. r/rr-xr-xr-x 0 0 10037-128-1 /WINDOWS/system32/dllcache/ws2help.dll 12032 ..c. r/rr-xr-xr-x 0 0 10038-128-1 /WINDOWS/system32/dllcache/ws2ifsl.sys 13824 ..c. r/rr-xr-xr-x 0 0 10039-128-1 /WINDOWS/system32/dllcache/wscntfy.exe 155648 ..c. r/rr-xr-xr-x 0 0 10040-128-1 /WINDOWS/system32/dllcache/wscript.exe 80896 ..c. r/rr-xr-xr-x 0 0 10041-128-1 /WINDOWS/system32/dllcache/wscsvc.dll 148480 ..c. r/rr-xr-xr-x 0 0 10042-128-1 /WINDOWS/system32/dllcache/wscui.cpl 604160 ..c. r/rr-xr-xr-x 0 0 10043-128-1 /WINDOWS/system32/dllcache/wsecedit.dll 9216 ..c. r/rr-xr-xr-x 0 0 10044-128-1 /WINDOWS/system32/dllcache/wshatm.dll 36864 ..c. r/rr-xr-xr-x 0 0 10045-128-1 /WINDOWS/system32/dllcache/wshcon.dll 90112 ..c. r/rr-xr-xr-x 0 0 10046-128-1 /WINDOWS/system32/dllcache/wshext.dll 14336 ..c. r/rr-xr-xr-x 0 0 10047-128-1 /WINDOWS/system32/dllcache/wship6.dll 11776 ..c. r/rr-xr-xr-x 0 0 10048-128-1 /WINDOWS/system32/dllcache/wshisn.dll 7168 ..c. r/rr-xr-xr-x 0 0 10049-128-1 /WINDOWS/system32/dllcache/wshnetbs.dll 1925 ..c. r/rr-xr-xr-x 0 0 1005-128-3 /WINDOWS/inf/msrio8.inf 135168 ..c. r/rr-xr-xr-x 0 0 10050-128-1 /WINDOWS/system32/dllcache/wshom.ocx 11264 ..c. r/rr-xr-xr-x 0 0 10051-128-1 /WINDOWS/system32/dllcache/wshrm.dll 19456 ..c. r/rr-xr-xr-x 0 0 10052-128-1 /WINDOWS/system32/dllcache/wshtcpip.dll 41984 ..c. r/rr-xr-xr-x 0 0 10053-128-1 /WINDOWS/system32/dllcache/wsnmp32.dll 22528 ..c. r/rr-xr-xr-x 0 0 10054-128-1 /WINDOWS/system32/dllcache/wsock32.dll 50688 ..c. r/rr-xr-xr-x 0 0 10055-128-1 /WINDOWS/system32/dllcache/wstdecod.dll 164352 ..c. r/rr-xr-xr-x 0 0 10056-128-1 /WINDOWS/system32/dllcache/wstpager.ax 239616 ..c. r/rr-xr-xr-x 0 0 10057-128-1 /WINDOWS/system32/dllcache/wstrendr.ax 18432 ..c. r/rr-xr-xr-x 0 0 10058-128-1 /WINDOWS/system32/dllcache/wtsapi32.dll 430592 ..c. r/rr-xr-xr-x 0 0 10059-128-1 /WINDOWS/system32/dllcache/wuapi.dll 1928 ..c. r/rr-xr-xr-x 0 0 1006-128-3 /WINDOWS/inf/msrio.inf 111104 ..c. r/rr-xr-xr-x 0 0 10060-128-1 /WINDOWS/system32/dllcache/wuauclt.exe 165888 ..c. r/rr-xr-xr-x 0 0 10061-128-1 /WINDOWS/system32/dllcache/wuauclt1.exe 162304 ..c. r/rr-xr-xr-x 0 0 10062-128-1 /WINDOWS/system32/dllcache/wuaucpl.cpl 1135616 ..c. r/rr-xr-xr-x 0 0 10063-128-1 /WINDOWS/system32/dllcache/wuaueng.dll 183296 ..c. r/rr-xr-xr-x 0 0 10064-128-1 /WINDOWS/system32/dllcache/wuaueng1.dll 6656 ..c. r/rr-xr-xr-x 0 0 10065-128-1 /WINDOWS/system32/dllcache/wuauserv.dll 112640 ..c. r/rr-xr-xr-x 0 0 10066-128-1 /WINDOWS/system32/dllcache/wucltui.dll 32256 ..c. r/rr-xr-xr-x 0 0 10067-128-1 /WINDOWS/system32/dllcache/wupdmgr.exe 32256 ..c. r/rr-xr-xr-x 0 0 10068-128-1 /WINDOWS/system32/dllcache/wups.dll 120320 ..c. r/rr-xr-xr-x 0 0 10069-128-1 /WINDOWS/system32/dllcache/wuweb.dll 383488 ..c. r/rr-xr-xr-x 0 0 10070-128-1 /WINDOWS/system32/dllcache/wzcdlg.dll 91648 ..c. r/rr-xr-xr-x 0 0 10071-128-1 /WINDOWS/system32/dllcache/xactsrv.dll 30720 ..c. r/rr-xr-xr-x 0 0 10072-128-1 /WINDOWS/system32/dllcache/xcopy.exe 174200 ..c. r/rr-xr-xr-x 0 0 10073-128-1 /WINDOWS/system32/dllcache/xenroll.dll 28288 ..c. r/rr-xr-xr-x 0 0 10074-128-3 /WINDOWS/system32/dllcache/xjis.nls 129024 ..c. r/rr-xr-xr-x 0 0 10075-128-1 /WINDOWS/system32/dllcache/xmlprov.dll 50176 ..c. r/rr-xr-xr-x 0 0 10076-128-1 /WINDOWS/system32/dllcache/xmlprovi.dll 11776 ..c. r/rr-xr-xr-x 0 0 10077-128-1 /WINDOWS/system32/dllcache/xolehlp.dll 393728 ..c. r/rr-xr-xr-x 0 0 10078-128-1 /WINDOWS/system32/dllcache/obrb0401.dll 212480 ..c. r/rr-xr-xr-x 0 0 10079-128-1 /WINDOWS/system32/dllcache/obrb0404.dll 428032 ..c. r/rr-xr-xr-x 0 0 10080-128-1 /WINDOWS/system32/dllcache/obrb0405.dll 418816 ..c. r/rr-xr-xr-x 0 0 10081-128-1 /WINDOWS/system32/dllcache/obrb0406.dll 403456 ..c. r/rr-xr-xr-x 0 0 10082-128-1 /WINDOWS/system32/dllcache/obrb0407.dll 419328 ..c. r/rr-xr-xr-x 0 0 10083-128-1 /WINDOWS/system32/dllcache/obrb0408.dll 405504 ..c. r/rr-xr-xr-x 0 0 10084-128-1 /WINDOWS/system32/dllcache/obrb040b.dll 410624 ..c. r/rr-xr-xr-x 0 0 10085-128-1 /WINDOWS/system32/dllcache/obrb040C.dll 384000 ..c. r/rr-xr-xr-x 0 0 10086-128-1 /WINDOWS/system32/dllcache/obrb040D.dll 434176 ..c. r/rr-xr-xr-x 0 0 10087-128-1 /WINDOWS/system32/dllcache/obrb040e.dll 413696 ..c. r/rr-xr-xr-x 0 0 10088-128-1 /WINDOWS/system32/dllcache/obrb0410.dll 275456 ..c. r/rr-xr-xr-x 0 0 10089-128-1 /WINDOWS/system32/dllcache/obrb0411.dll 306688 ..c. r/rr-xr-xr-x 0 0 10090-128-1 /WINDOWS/system32/dllcache/obrb0412.dll 401920 ..c. r/rr-xr-xr-x 0 0 10091-128-1 /WINDOWS/system32/dllcache/obrb0413.dll 353792 ..c. r/rr-xr-xr-x 0 0 10092-128-1 /WINDOWS/system32/dllcache/obrb0414.dll 391680 ..c. r/rr-xr-xr-x 0 0 10093-128-1 /WINDOWS/system32/dllcache/obrb0415.dll 409600 ..c. r/rr-xr-xr-x 0 0 10094-128-1 /WINDOWS/system32/dllcache/obrb0416.dll 427008 ..c. r/rr-xr-xr-x 0 0 10095-128-1 /WINDOWS/system32/dllcache/obrb0419.dll 405504 ..c. r/rr-xr-xr-x 0 0 10096-128-1 /WINDOWS/system32/dllcache/obrb041b.dll 363008 ..c. r/rr-xr-xr-x 0 0 10097-128-1 /WINDOWS/system32/dllcache/obrb041D.dll 390144 ..c. r/rr-xr-xr-x 0 0 10098-128-1 /WINDOWS/system32/dllcache/obrb041f.dll 408576 ..c. r/rr-xr-xr-x 0 0 10099-128-1 /WINDOWS/system32/dllcache/obrb0424.dll 270336 ..c. r/rr-xr-xr-x 0 0 10100-128-1 /WINDOWS/system32/dllcache/obrb0804.dll 435200 ..c. r/rr-xr-xr-x 0 0 10101-128-1 /WINDOWS/system32/dllcache/obrb0816.dll 446464 ..c. r/rr-xr-xr-x 0 0 10102-128-1 /WINDOWS/system32/dllcache/obrb0C0A.dll 438784 ..c. r/rr-xr-xr-x 0 0 10103-128-1 /WINDOWS/system32/dllcache/xpob2res.dll 186880 ..c. r/rr-xr-xr-x 0 0 10104-128-1 /WINDOWS/system32/dllcache/spra0401.dll 189440 ..c. r/rr-xr-xr-x 0 0 10105-128-1 /WINDOWS/system32/dllcache/spra0402.dll 161280 ..c. r/rr-xr-xr-x 0 0 10106-128-1 /WINDOWS/system32/dllcache/spra0404.dll 188928 ..c. r/rr-xr-xr-x 0 0 10107-128-1 /WINDOWS/system32/dllcache/spra0405.dll 192000 ..c. r/rr-xr-xr-x 0 0 10108-128-1 /WINDOWS/system32/dllcache/spra0406.dll 199680 ..c. r/rr-xr-xr-x 0 0 10109-128-1 /WINDOWS/system32/dllcache/spra0407.dll 28371 ..c. r/rr-xr-xr-x 0 0 1011-128-3 /WINDOWS/Help/mstask.hlp 197632 ..c. r/rr-xr-xr-x 0 0 10110-128-1 /WINDOWS/system32/dllcache/spra0408.dll 186368 ..c. r/rr-xr-xr-x 0 0 10111-128-1 /WINDOWS/system32/dllcache/spra040b.dll 197632 ..c. r/rr-xr-xr-x 0 0 10112-128-1 /WINDOWS/system32/dllcache/spra040C.dll 181760 ..c. r/rr-xr-xr-x 0 0 10113-128-1 /WINDOWS/system32/dllcache/spra040D.dll 195584 ..c. r/rr-xr-xr-x 0 0 10114-128-1 /WINDOWS/system32/dllcache/spra040e.dll 195072 ..c. r/rr-xr-xr-x 0 0 10115-128-1 /WINDOWS/system32/dllcache/spra0410.dll 171008 ..c. r/rr-xr-xr-x 0 0 10116-128-1 /WINDOWS/system32/dllcache/spra0411.dll 167936 ..c. r/rr-xr-xr-x 0 0 10117-128-1 /WINDOWS/system32/dllcache/spra0412.dll 196096 ..c. r/rr-xr-xr-x 0 0 10118-128-1 /WINDOWS/system32/dllcache/spra0413.dll 189440 ..c. r/rr-xr-xr-x 0 0 10119-128-1 /WINDOWS/system32/dllcache/spra0414.dll 6464 ..c. r/rr-xr-xr-x 0 0 1012-128-3 /WINDOWS/inf/mstask.inf 194560 ..c. r/rr-xr-xr-x 0 0 10120-128-1 /WINDOWS/system32/dllcache/spra0415.dll 192512 ..c. r/rr-xr-xr-x 0 0 10121-128-1 /WINDOWS/system32/dllcache/spra0416.dll 190464 ..c. r/rr-xr-xr-x 0 0 10122-128-1 /WINDOWS/system32/dllcache/spra0418.dll 192512 ..c. r/rr-xr-xr-x 0 0 10123-128-1 /WINDOWS/system32/dllcache/spra0419.dll 188928 ..c. r/rr-xr-xr-x 0 0 10124-128-1 /WINDOWS/system32/dllcache/spra041a.dll 192512 ..c. r/rr-xr-xr-x 0 0 10125-128-1 /WINDOWS/system32/dllcache/spra041b.dll 188928 ..c. r/rr-xr-xr-x 0 0 10126-128-1 /WINDOWS/system32/dllcache/spra041D.dll 188416 ..c. r/rr-xr-xr-x 0 0 10127-128-1 /WINDOWS/system32/dllcache/spra041e.dll 188928 ..c. r/rr-xr-xr-x 0 0 10128-128-1 /WINDOWS/system32/dllcache/spra041f.dll 192512 ..c. r/rr-xr-xr-x 0 0 10129-128-1 /WINDOWS/system32/dllcache/spra0424.dll 186880 ..c. r/rr-xr-xr-x 0 0 10130-128-1 /WINDOWS/system32/dllcache/spra0425.dll 188928 ..c. r/rr-xr-xr-x 0 0 10131-128-1 /WINDOWS/system32/dllcache/spra0426.dll 189952 ..c. r/rr-xr-xr-x 0 0 10132-128-1 /WINDOWS/system32/dllcache/spra0427.dll 161280 ..c. r/rr-xr-xr-x 0 0 10133-128-1 /WINDOWS/system32/dllcache/spra0804.dll 194560 ..c. r/rr-xr-xr-x 0 0 10134-128-1 /WINDOWS/system32/dllcache/spra0816.dll 196096 ..c. r/rr-xr-xr-x 0 0 10135-128-1 /WINDOWS/system32/dllcache/spra0C0A.dll 187392 ..c. r/rr-xr-xr-x 0 0 10136-128-1 /WINDOWS/system32/dllcache/xpsp1res.dll 2869248 ..c. r/rr-xr-xr-x 0 0 10137-128-1 /WINDOWS/system32/dllcache/sprb0401.dll 477696 ..c. r/rr-xr-xr-x 0 0 10138-128-1 /WINDOWS/system32/dllcache/sprb0404.dll 734720 ..c. r/rr-xr-xr-x 0 0 10139-128-1 /WINDOWS/system32/dllcache/sprb0405.dll 742912 ..c. r/rr-xr-xr-x 0 0 10140-128-1 /WINDOWS/system32/dllcache/sprb0406.dll 788480 ..c. r/rr-xr-xr-x 0 0 10141-128-1 /WINDOWS/system32/dllcache/sprb0407.dll 801280 ..c. r/rr-xr-xr-x 0 0 10142-128-1 /WINDOWS/system32/dllcache/sprb0408.dll 729088 ..c. r/rr-xr-xr-x 0 0 10143-128-1 /WINDOWS/system32/dllcache/sprb040b.dll 793088 ..c. r/rr-xr-xr-x 0 0 10144-128-1 /WINDOWS/system32/dllcache/sprb040C.dll 2842112 ..c. r/rr-xr-xr-x 0 0 10145-128-1 /WINDOWS/system32/dllcache/sprb040D.dll 769536 ..c. r/rr-xr-xr-x 0 0 10146-128-1 /WINDOWS/system32/dllcache/sprb040e.dll 769536 ..c. r/rr-xr-xr-x 0 0 10147-128-1 /WINDOWS/system32/dllcache/sprb0410.dll 562688 ..c. r/rr-xr-xr-x 0 0 10148-128-1 /WINDOWS/system32/dllcache/sprb0411.dll 543744 ..c. r/rr-xr-xr-x 0 0 10149-128-1 /WINDOWS/system32/dllcache/sprb0412.dll 769024 ..c. r/rr-xr-xr-x 0 0 10150-128-1 /WINDOWS/system32/dllcache/sprb0413.dll 716288 ..c. r/rr-xr-xr-x 0 0 10151-128-1 /WINDOWS/system32/dllcache/sprb0414.dll 759808 ..c. r/rr-xr-xr-x 0 0 10152-128-1 /WINDOWS/system32/dllcache/sprb0415.dll 752128 ..c. r/rr-xr-xr-x 0 0 10153-128-1 /WINDOWS/system32/dllcache/sprb0416.dll 736768 ..c. r/rr-xr-xr-x 0 0 10154-128-1 /WINDOWS/system32/dllcache/sprb0419.dll 757248 ..c. r/rr-xr-xr-x 0 0 10155-128-1 /WINDOWS/system32/dllcache/sprb041b.dll 724480 ..c. r/rr-xr-xr-x 0 0 10156-128-1 /WINDOWS/system32/dllcache/sprb041D.dll 724480 ..c. r/rr-xr-xr-x 0 0 10157-128-1 /WINDOWS/system32/dllcache/sprb041f.dll 732160 ..c. r/rr-xr-xr-x 0 0 10158-128-1 /WINDOWS/system32/dllcache/sprb0424.dll 470016 ..c. r/rr-xr-xr-x 0 0 10159-128-1 /WINDOWS/system32/dllcache/sprb0804.dll 751616 ..c. r/rr-xr-xr-x 0 0 10160-128-1 /WINDOWS/system32/dllcache/sprb0816.dll 773632 ..c. r/rr-xr-xr-x 0 0 10161-128-1 /WINDOWS/system32/dllcache/sprb0C0A.dll 2897920 ..c. r/rr-xr-xr-x 0 0 10162-128-1 /WINDOWS/system32/dllcache/xpsp2res.dll 656896 ..c. r/rr-xr-xr-x 0 0 10163-128-1 /WINDOWS/system32/dllcache/sprc0401.dll 327680 ..c. r/rr-xr-xr-x 0 0 10164-128-1 /WINDOWS/system32/dllcache/sprc0404.dll 601088 ..c. r/rr-xr-xr-x 0 0 10165-128-1 /WINDOWS/system32/dllcache/sprc0405.dll 605696 ..c. r/rr-xr-xr-x 0 0 10166-128-1 /WINDOWS/system32/dllcache/sprc0406.dll 663552 ..c. r/rr-xr-xr-x 0 0 10167-128-1 /WINDOWS/system32/dllcache/sprc0407.dll 679936 ..c. r/rr-xr-xr-x 0 0 10168-128-1 /WINDOWS/system32/dllcache/sprc0408.dll 604672 ..c. r/rr-xr-xr-x 0 0 10169-128-1 /WINDOWS/system32/dllcache/sprc040b.dll 663040 ..c. r/rr-xr-xr-x 0 0 10170-128-1 /WINDOWS/system32/dllcache/sprc040C.dll 620544 ..c. r/rr-xr-xr-x 0 0 10171-128-1 /WINDOWS/system32/dllcache/sprc040D.dll 645120 ..c. r/rr-xr-xr-x 0 0 10172-128-1 /WINDOWS/system32/dllcache/sprc040e.dll 658432 ..c. r/rr-xr-xr-x 0 0 10173-128-1 /WINDOWS/system32/dllcache/sprc0410.dll 412672 ..c. r/rr-xr-xr-x 0 0 10174-128-1 /WINDOWS/system32/dllcache/sprc0411.dll 392704 ..c. r/rr-xr-xr-x 0 0 10175-128-1 /WINDOWS/system32/dllcache/sprc0412.dll 645120 ..c. r/rr-xr-xr-x 0 0 10176-128-1 /WINDOWS/system32/dllcache/sprc0413.dll 591872 ..c. r/rr-xr-xr-x 0 0 10177-128-1 /WINDOWS/system32/dllcache/sprc0414.dll 641024 ..c. r/rr-xr-xr-x 0 0 10178-128-1 /WINDOWS/system32/dllcache/sprc0415.dll 620032 ..c. r/rr-xr-xr-x 0 0 10179-128-1 /WINDOWS/system32/dllcache/sprc0416.dll 627200 ..c. r/rr-xr-xr-x 0 0 10180-128-1 /WINDOWS/system32/dllcache/sprc0419.dll 577536 ..c. r/rr-xr-xr-x 0 0 10181-128-1 /WINDOWS/system32/dllcache/sprc041b.dll 590848 ..c. r/rr-xr-xr-x 0 0 10182-128-1 /WINDOWS/system32/dllcache/sprc041D.dll 592896 ..c. r/rr-xr-xr-x 0 0 10183-128-1 /WINDOWS/system32/dllcache/sprc041f.dll 576512 ..c. r/rr-xr-xr-x 0 0 10184-128-1 /WINDOWS/system32/dllcache/sprc0424.dll 322560 ..c. r/rr-xr-xr-x 0 0 10185-128-1 /WINDOWS/system32/dllcache/sprc0804.dll 639488 ..c. r/rr-xr-xr-x 0 0 10186-128-1 /WINDOWS/system32/dllcache/sprc0816.dll 648704 ..c. r/rr-xr-xr-x 0 0 10187-128-1 /WINDOWS/system32/dllcache/sprc0C0A.dll 689152 ..c. r/rr-xr-xr-x 0 0 10188-128-1 /WINDOWS/system32/dllcache/xpsp3res.dll 36937 ..c. r/rr-xr-xr-x 0 0 10189-128-1 /WINDOWS/system32/dllcache/zclientm.exe 3085 ..c. r/rr-xr-xr-x 0 0 1019-128-3 /WINDOWS/inf/mtxvideo.inf 41029 ..c. r/rr-xr-xr-x 0 0 10190-128-1 /WINDOWS/system32/dllcache/zcorem.dll 4677 ..c. r/rr-xr-xr-x 0 0 10191-128-1 /WINDOWS/system32/dllcache/zeeverm.dll 338432 ..c. r/rr-xr-xr-x 0 0 10192-128-1 /WINDOWS/system32/dllcache/zipfldr.dll 29760 ..c. r/rr-xr-xr-x 0 0 10193-128-1 /WINDOWS/system32/dllcache/znetm.dll 113222 ..c. r/rr-xr-xr-x 0 0 10194-128-1 /WINDOWS/system32/dllcache/zoneclim.dll 13894 ..c. r/rr-xr-xr-x 0 0 10195-128-1 /WINDOWS/system32/dllcache/zonelibm.dll 8261 ..c. r/rr-xr-xr-x 0 0 10196-128-1 /WINDOWS/system32/dllcache/zoneoc.dll 56 .ac. d/dr-xr-xr-x 0 0 10197-144-6 /WINDOWS/system32/config/systemprofile 56 .ac. d/dr-xr-xr-x 0 0 10198-144-6 /WINDOWS/system32/config/systemprofile/Templates 256 .ac. d/d--x--x--x 0 0 10199-144-1 /WINDOWS/system32/config/systemprofile/Start Menu 2391 ..c. r/rr-xr-xr-x 0 0 1020-128-3 /WINDOWS/inf/multiprt.inf 56 .ac. d/d--x--x--x 0 0 10200-144-5 /WINDOWS/system32/config/systemprofile/Start Menu/Programs 152 .ac. d/d--x--x--x 0 0 10201-144-1 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Startup 56 .ac. d/d--x--x--x 0 0 10202-144-6 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories 400 .ac. d/d--x--x--x 0 0 10203-144-1 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Entertainment 56 .ac. d/d--x--x--x 0 0 10204-144-6 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Accessibility 56 .ac. d/d--x--x--x 0 0 10205-144-5 /WINDOWS/system32/config/systemprofile/SendTo 48 .ac. d/dr-xr-xr-x 0 0 10206-144-1 /WINDOWS/system32/config/systemprofile/Recent 48 .ac. d/dr-xr-xr-x 0 0 10207-144-1 /WINDOWS/system32/config/systemprofile/PrintHood 48 .ac. d/dr-xr-xr-x 0 0 10208-144-1 /WINDOWS/system32/config/systemprofile/NetHood 48 .ac. d/dr-xr-xr-x 0 0 10209-144-1 /WINDOWS/system32/config/systemprofile/My Documents 56 .ac. d/d--x--x--x 0 0 10210-144-6 /WINDOWS/system32/config/systemprofile/Local Settings 256 .a.. d/drwxrwxrwx 0 0 10211-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files 48 .ac. d/dr-xr-xr-x 0 0 10212-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temp 256 .a.. d/drwxrwxrwx 0 0 10213-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/History 256 .ac. d/dr-xr-xr-x 0 0 10214-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data 480 .ac. d/dr-xr-xr-x 0 0 10215-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft 136 .ac. d/dr-xr-xr-x 0 0 10216-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Windows Media 368 .ac. d/dr-xr-xr-x 0 0 10217-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Windows Media/9.0 296 .ac. d/dr-xr-xr-x 0 0 10218-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Media Player 48 .ac. d/dr-xr-xr-x 0 0 10219-144-1 /WINDOWS/system32/config/systemprofile/Favorites 48 .ac. d/dr-xr-xr-x 0 0 10220-144-1 /WINDOWS/system32/config/systemprofile/Desktop 152 .a.. d/drwxrwxrwx 0 0 10221-144-1 /WINDOWS/system32/config/systemprofile/Cookies 360 .ac. d/d--x--x--x 0 0 10222-144-1 /WINDOWS/system32/config/systemprofile/Application Data 136 .a.. d/drwxrwxrwx 0 0 10224-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/SystemCertificates 456 .a.. d/drwxrwxrwx 0 0 10225-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/SystemCertificates/My 48 .a.. d/drwxrwxrwx 0 0 10226-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/SystemCertificates/My/CTLs 48 .a.. d/drwxrwxrwx 0 0 10227-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/SystemCertificates/My/CRLs 48 .a.. d/drwxrwxrwx 0 0 10228-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/SystemCertificates/My/Certificates 48 .ac. d/dr-xr-xr-x 0 0 10229-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/Media Player 256 .ac. d/dr-xr-xr-x 0 0 10230-144-1 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/Internet Explorer 57 ..c. r/r--x--x--x 0 0 10231-128-3 /WINDOWS/system32/config/systemprofile/Templates/wordpfct.wpg 1769 ..c. r/rr-xr-xr-x 0 0 10232-128-4 /WINDOWS/system32/config/systemprofile/Templates/winword2.doc 461 ..c. r/rr-xr-xr-x 0 0 10233-128-3 /WINDOWS/system32/config/systemprofile/Templates/presenta.shw 12288 ..c. r/rr-xr-xr-x 0 0 10234-128-4 /WINDOWS/system32/config/systemprofile/Templates/powerpnt.ppt 4017 ..c. r/rr-xr-xr-x 0 0 10235-128-4 /WINDOWS/system32/config/systemprofile/Templates/quattro.wb2 58 ..c. r/rr-xr-xr-x 0 0 10236-128-3 /WINDOWS/system32/config/systemprofile/Templates/sndrec.wav 4608 ..c. r/rr-xr-xr-x 0 0 10237-128-4 /WINDOWS/system32/config/systemprofile/Templates/winword.doc 30 ..c. r/r--x--x--x 0 0 10238-128-3 /WINDOWS/system32/config/systemprofile/Templates/wordpfct.wpd 1518 ..c. r/rr-xr-xr-x 0 0 10239-128-4 /WINDOWS/system32/config/systemprofile/Templates/excel4.xls 4570 ..c. r/rr-xr-xr-x 0 0 10240-128-4 /WINDOWS/system32/config/systemprofile/Templates/amipro.sam 5632 ..c. r/rr-xr-xr-x 0 0 10241-128-4 /WINDOWS/system32/config/systemprofile/Templates/excel.xls 792 ..c. r/rr-xr-xr-x 0 0 10242-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Windows Media Player.lnk 2448 ..c. r/rr-xr-xr-x 0 0 10243-128-4 /WINDOWS/system32/config/systemprofile/Templates/lotus.wk4 376 ..c. r/rr-xr-xr-x 0 0 10245-128-3 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Messenger Center.lnk 382 ..c. r/rr-xr-xr-x 0 0 10246-128-3 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Media Player Center.lnk 1487 ..c. r/rr-xr-xr-x 0 0 10248-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Windows Explorer.lnk 1599 ..c. r/rr-xr-xr-x 0 0 10249-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Remote Assistance.lnk 1519 ..c. r/rr-xr-xr-x 0 0 10250-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Synchronize.lnk 804 ..c. r/rr-xr-xr-x 0 0 10251-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Entertainment/Windows Media Player.lnk 386 ..c. r/rr-xr-xr-x 0 0 10252-128-3 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Program Compatibility Wizard.lnk 1527 ..c. r/rr-xr-xr-x 0 0 10254-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Tour Windows XP.lnk 1519 ..c. r/rr-xr-xr-x 0 0 10255-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Notepad.lnk 1539 ..c. r/rr-xr-xr-x 0 0 10257-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Accessibility/Utility Manager.lnk 1555 ..c. r/rr-xr-xr-x 0 0 10258-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Command Prompt.lnk 1501 ..c. r/rr-xr-xr-x 0 0 10259-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Accessibility/On-Screen Keyboard.lnk 2447 ..c. r/rr-xr-xr-x 0 0 1026-128-3 /WINDOWS/inf/ndisuio.inf 1525 ..c. r/rr-xr-xr-x 0 0 10260-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Accessibility/Magnifier.lnk 0 ..c. r/rr-xr-xr-x 0 0 10262-128-3 /WINDOWS/system32/config/systemprofile/SendTo/Mail Recipient.MAPIMail 0 ..c. r/rr-xr-xr-x 0 0 10264-128-3 /WINDOWS/system32/config/systemprofile/SendTo/Desktop (create shortcut).DeskLink 1532 ..c. r/rr-xr-xr-x 0 0 10265-128-4 /WINDOWS/system32/config/systemprofile/Start Menu/Programs/Accessories/Accessibility/Narrator.lnk 0 ..c. r/rr-xr-xr-x 0 0 10266-128-3 /WINDOWS/system32/config/systemprofile/SendTo/Compressed (zipped) Folder.ZFSendToTarget 12787 ..c. r/rr-xr-xr-x 0 0 10268-128-4 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Windows Media/9.0/WMSDKNS.XML 2300 ..c. r/rr-xr-xr-x 0 0 1027-128-3 /WINDOWS/inf/net1394.inf 720896 ..c. r/rr-xr-xr-x 0 0 10270-128-4 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Media Player/CurrentDatabase_59R.wmdb 498 ..c. r/rr-xr-xr-x 0 0 10271-128-3 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Windows Media/9.0/WMSDKNS.DTD 141 ..c. r/rr-xr-xr-x 0 0 10272-128-3 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/Internet Explorer/brndlog.txt 113 ..c. r/rr-xr-xr-x 0 0 10274-128-3 /WINDOWS/system32/config/systemprofile/Application Data/Microsoft/Internet Explorer/brndlog.bak 1490944 ..c. r/rr-xr-xr-x 0 0 10275-128-3 /WINDOWS/repair/system 9011200 ..c. r/rr-xr-xr-x 0 0 10276-128-3 /WINDOWS/repair/software 237568 ..c. r/rr-xr-xr-x 0 0 10277-128-3 /WINDOWS/repair/default 32768 ..c. r/rr-xr-xr-x 0 0 10278-128-3 /WINDOWS/repair/security 24576 ..c. r/rr-xr-xr-x 0 0 10279-128-3 /WINDOWS/repair/sam 22398 ..c. r/rr-xr-xr-x 0 0 1028-128-3 /WINDOWS/inf/net21x4.inf 237568 ..c. r/rr-xr-xr-x 0 0 10280-128-3 /WINDOWS/repair/ntuser.dat 1688 ..c. r/rr-xr-xr-x 0 0 10281-128-3 /WINDOWS/repair/autoexec.nt 2577 ..c. r/rr-xr-xr-x 0 0 10282-128-3 /WINDOWS/repair/config.nt 152 .a.. d/drwxrwxrwx 0 0 10284-144-1 /Documents and Settings/Default User/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF 152 .a.. d/drwxrwxrwx 0 0 10286-144-1 /Documents and Settings/Default User/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J 152 .a.. d/drwxrwxrwx 0 0 10288-144-1 /Documents and Settings/Default User/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL 3570 ..c. r/rr-xr-xr-x 0 0 1029-128-3 /WINDOWS/inf/net5515n.inf 16384 ..c. r/rr-xr-xr-x 0 0 10290-128-3 /Documents and Settings/Default User/Cookies/index.dat 256 .a.. d/drwxrwxrwx 0 0 10291-144-1 /Documents and Settings/Default User/Local Settings/History/History.IE5 16384 ..c. r/rr-xr-xr-x 0 0 10292-128-3 /Documents and Settings/Default User/Local Settings/History/History.IE5/index.dat 3407872 ..c. r/rr-xr-xr-x 0 0 10295-128-3 /WINDOWS/system32/config/system 16384 ..c. r/rr-xr-xr-x 0 0 10296-128-3 /Documents and Settings/NetworkService/Cookies/index.dat 9437184 ..c. r/rr-xr-xr-x 0 0 10297-128-3 /WINDOWS/system32/config/software 16384 ..c. r/rr-xr-xr-x 0 0 10298-128-3 /Documents and Settings/NetworkService/Local Settings/History/History.IE5/index.dat 262144 ..c. r/rr-xr-xr-x 0 0 10299-128-3 /WINDOWS/system32/config/default 7142 ..c. r/rr-xr-xr-x 0 0 1030-128-3 /WINDOWS/inf/netana.inf 152 .ac. d/d--x--x--x 0 0 10300-144-1 /Documents and Settings/malware/Recent 256 .ac. d/dr-xr-xr-x 0 0 10305-144-1 /Documents and Settings/NetworkService/Application Data 136 .a.. d/drwxrwxrwx 0 0 10307-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/SystemCertificates 456 .a.. d/drwxrwxrwx 0 0 10308-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/SystemCertificates/My 48 .a.. d/drwxrwxrwx 0 0 10309-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/SystemCertificates/My/CTLs 48 .a.. d/drwxrwxrwx 0 0 10310-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/SystemCertificates/My/CRLs 48 .a.. d/drwxrwxrwx 0 0 10311-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/SystemCertificates/My/Certificates 48 .ac. d/dr-xr-xr-x 0 0 10312-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/Media Player 48 .ac. d/dr-xr-xr-x 0 0 10313-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/Internet Explorer 92 ..c. r/rr-xr-xr-x 0 0 10316-128-1 /Documents and Settings/malware/Cookies/malware@search.happythat[1].txt 100 ..c. r/rr-xr-xr-x 0 0 10317-128-1 /Documents and Settings/malware/Cookies/malware@64.111.211[1].txt 5325 ..c. r/rr-xr-xr-x 0 0 10318-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA6RCHER.htm 1737 ..c. r/rr-xr-xr-x 0 0 1032-128-3 /WINDOWS/inf/netauni.inf 1024 ..c. r/rr-xr-xr-x 0 0 10322-128-4 /Documents and Settings/NetworkService/ntuser.dat.LOG 256 .ac. d/dr-xr-xr-x 0 0 10323-144-1 /Documents and Settings/NetworkService/Local Settings/Application Data 352 .ac. d/dr-xr-xr-x 0 0 10324-144-1 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft 392 .ac. d/dr-xr-xr-x 0 0 10325-144-1 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Windows 262144 ..c. r/rr-xr-xr-x 0 0 10326-128-3 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat 1024 ..c. r/rr-xr-xr-x 0 0 10327-128-4 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG 1322 ..c. r/rr-xr-xr-x 0 0 1033-128-3 /WINDOWS/inf/netbrdgm.inf 48 .ac. d/dr-xr-xr-x 0 0 10330-144-1 /Documents and Settings/NetworkService/Local Settings/Temp 152 .a.. d/drwxrwxrwx 0 0 10331-144-1 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10332-144-1 /Documents and Settings/NetworkService/Local Settings/Application Data/Microsoft/Credentials/S-1-5-20 152 .a.. d/drwxrwxrwx 0 0 10333-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10334-144-1 /Documents and Settings/NetworkService/Application Data/Microsoft/Credentials/S-1-5-20 368 .ac. d/dr-xr-xr-x 0 0 10336-144-1 /WINDOWS/SoftwareDistribution/DataStore 448 .ac. d/dr-xr-xr-x 0 0 10337-144-1 /WINDOWS/SoftwareDistribution/DataStore/Logs 1096 ..c. r/rr-xr-xr-x 0 0 1034-128-3 /WINDOWS/inf/netbrdgs.inf 672 .a.. d/drwxrwxrwx 0 0 10340-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5 32768 ..c. r/rr-xr-xr-x 0 0 10341-128-3 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/index.dat 152 .a.. d/drwxrwxrwx 0 0 10343-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/Q9I9G56T 152 .a.. d/drwxrwxrwx 0 0 10345-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/MT2HI5QT 152 .a.. d/drwxrwxrwx 0 0 10347-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/MFOLOPYZ 152 .a.. d/drwxrwxrwx 0 0 10349-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/MHQDI1IB 281595 ..c. r/rr-xr-xr-x 0 0 1035-128-3 /WINDOWS/Help/netcfg.hlp 16384 ..c. r/rr-xr-xr-x 0 0 10351-128-3 /WINDOWS/system32/config/systemprofile/Cookies/index.dat 496 .a.. d/drwxrwxrwx 0 0 10352-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5 32768 ..c. r/rr-xr-xr-x 0 0 10353-128-3 /WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5/index.dat 131072 ..c. r/rr-xr-xr-x 0 0 10355-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/edb.log 4842 ..c. r/rr-xr-xr-x 0 0 10356-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1db850e671ac9a39751a1482909ea6[1].jpg 53 ..c. r/rr-xr-xr-x 0 0 10357-128-1 /WINDOWS/system32/config/systemprofile/Local Settings/Application Data/Microsoft/Windows Media/9.0/WMSDKNSD.XML 152 .a.. d/drwxrwxrwx 0 0 10358-144-1 /WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5/MSHist012011011420110115 32768 ..c. r/rr-xr-xr-x 0 0 10359-128-3 /WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5/MSHist012011011420110115/index.dat 1064 ..c. r/rr-xr-xr-x 0 0 1036-128-3 /WINDOWS/inf/netcis.inf 237568 ..c. r/rr-xr-xr-x 0 0 10361-128-4 /Documents and Settings/LocalService/NTUSER.DAT 56 .ac. d/dr-xr-xr-x 0 0 10362-144-6 /Documents and Settings/LocalService/Local Settings 16384 ..c. r/rr-xr-xr-x 0 0 10365-128-3 /Documents and Settings/LocalService/Cookies/index.dat 16384 ..c. r/rr-xr-xr-x 0 0 10366-128-3 /Documents and Settings/LocalService/Local Settings/History/History.IE5/index.dat 56 .a.. d/dr-xr-xr-x 0 0 10367-144-6 /WINDOWS/SoftwareDistribution 1283 ..c. r/rr-xr-xr-x 0 0 1037-128-3 /WINDOWS/inf/netclass.inf 256 .ac. d/dr-xr-xr-x 0 0 10372-144-1 /Documents and Settings/LocalService/Application Data 136 .a.. d/drwxrwxrwx 0 0 10374-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/SystemCertificates 456 .a.. d/drwxrwxrwx 0 0 10375-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/SystemCertificates/My 48 .a.. d/drwxrwxrwx 0 0 10376-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/SystemCertificates/My/CTLs 48 .a.. d/drwxrwxrwx 0 0 10377-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/SystemCertificates/My/CRLs 48 .a.. d/drwxrwxrwx 0 0 10378-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/SystemCertificates/My/Certificates 48 .ac. d/dr-xr-xr-x 0 0 10379-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/Media Player 3808 ..c. r/rr-xr-xr-x 0 0 1038-128-3 /WINDOWS/inf/netdav.inf 48 .ac. d/dr-xr-xr-x 0 0 10380-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/Internet Explorer 2 ..c. r/rr-xr-xr-x 0 0 10382-128-1 /WINDOWS/SoftwareDistribution/ReportingEvents.log 48 .ac. d/dr-xr-xr-x 0 0 10384-144-1 /WINDOWS/SoftwareDistribution/EventCache 1024 ..c. r/rr-xr-xr-x 0 0 10389-128-4 /Documents and Settings/LocalService/ntuser.dat.LOG 4722 ..c. r/rr-xr-xr-x 0 0 1039-128-3 /WINDOWS/inf/netdefxa.inf 256 .ac. d/dr-xr-xr-x 0 0 10390-144-1 /Documents and Settings/LocalService/Local Settings/Application Data 352 .ac. d/dr-xr-xr-x 0 0 10391-144-1 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft 392 .ac. d/dr-xr-xr-x 0 0 10392-144-1 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Windows 262144 ..c. r/rr-xr-xr-x 0 0 10393-128-3 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat 1024 ..c. r/rr-xr-xr-x 0 0 10394-128-4 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG 48 .ac. d/dr-xr-xr-x 0 0 10397-144-1 /Documents and Settings/LocalService/Local Settings/Temp 152 .a.. d/drwxrwxrwx 0 0 10398-144-1 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10399-144-1 /Documents and Settings/LocalService/Local Settings/Application Data/Microsoft/Credentials/S-1-5-19 58073 ..c. r/rr-xr-xr-x 0 0 1040-128-3 /WINDOWS/inf/netdgdxb.inf 152 .a.. d/drwxrwxrwx 0 0 10400-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10401-144-1 /Documents and Settings/LocalService/Application Data/Microsoft/Credentials/S-1-5-19 7072 ..c. r/rr-xr-xr-x 0 0 1041-128-3 /WINDOWS/inf/netel90a.inf 56 .a.. d/dr-xr-xr-x 0 0 10413-144-6 /WINDOWS/Prefetch 32768 ..c. r/rr-xr-xr-x 0 0 10414-128-3 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/index.dat 152 .a.. d/drwxrwxrwx 0 0 10415-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/45MNODEJ 152 .a.. d/drwxrwxrwx 0 0 10417-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/4H6VGPMJ 152 .a.. d/drwxrwxrwx 0 0 10419-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/GDEF8DQ3 12847 ..c. r/rr-xr-xr-x 0 0 1042-128-3 /WINDOWS/inf/netel90b.inf 152 .a.. d/drwxrwxrwx 0 0 10421-144-1 /Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/G1QN01MR 48 .ac. d/dr-xr-xr-x 0 0 10424-144-1 /WINDOWS/SoftwareDistribution/Download 48 .ac. d/dr-xr-xr-x 0 0 10425-144-1 /WINDOWS/SoftwareDistribution/SelfUpdate 2597 ..c. r/rr-xr-xr-x 0 0 1043-128-3 /WINDOWS/inf/netepvcm.inf 131072 ..c. r/rr-xr-xr-x 0 0 10434-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/res2.log 131072 ..c. r/rr-xr-xr-x 0 0 10435-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/res1.log 56 .ac. d/dr-xr-xr-x 0 0 10436-144-5 /Documents and Settings/malware 48 .ac. d/dr-xr-xr-x 0 0 10437-144-1 /Documents and Settings/malware/Application Data/Microsoft/MMC 7322 ..c. r/rr-xr-xr-x 0 0 10438-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/4378db7471b44dea1c183f006ee3d0[1].gif 9167 ..c. r/rr-xr-xr-x 0 0 10439-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/7815B21D9A578DAD6365D443B0D6B6[1].jpg 2134 ..c. r/rr-xr-xr-x 0 0 1044-128-3 /WINDOWS/inf/netepvcp.inf 786432 ..c. r/rr-xr-xr-x 0 0 10441-128-4 /Documents and Settings/malware/NTUSER.DAT 56 .ac. d/dr-xr-xr-x 0 0 10442-144-6 /Documents and Settings/malware/Templates 256 .ac. d/d--x--x--x 0 0 10443-144-1 /Documents and Settings/malware/Start Menu 56 .ac. d/d--x--x--x 0 0 10444-144-5 /Documents and Settings/malware/Start Menu/Programs 152 .ac. d/d--x--x--x 0 0 10445-144-1 /Documents and Settings/malware/Start Menu/Programs/Startup 56 .ac. d/d--x--x--x 0 0 10446-144-6 /Documents and Settings/malware/Start Menu/Programs/Accessories 400 .ac. d/d--x--x--x 0 0 10447-144-1 /Documents and Settings/malware/Start Menu/Programs/Accessories/Entertainment 56 .ac. d/d--x--x--x 0 0 10448-144-6 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility 56 .ac. d/d--x--x--x 0 0 10449-144-5 /Documents and Settings/malware/SendTo 3111 ..c. r/rr-xr-xr-x 0 0 1045-128-3 /WINDOWS/inf/netfore.inf 5325 ..c. r/rr-xr-xr-x 0 0 10450-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CAG1AJ41.htm 48 .ac. d/dr-xr-xr-x 0 0 10451-144-1 /Documents and Settings/malware/PrintHood 48 ..c. d/dr-xr-xr-x 0 0 10452-144-1 /Documents and Settings/malware/NetHood 56 .ac. d/d--x--x--x 0 0 10453-144-6 /Documents and Settings/malware/My Documents 56 .ac. d/dr-xr-xr-x 0 0 10454-144-6 /Documents and Settings/malware/Local Settings 1104 ..c. r/rr-xr-xr-x 0 0 1046-128-3 /WINDOWS/inf/netgpc.inf 56 .ac. d/dr-xr-xr-x 0 0 10461-144-6 /Documents and Settings/malware/Local Settings/Temp 56 .ac. d/dr-xr-xr-x 0 0 10464-144-6 /Documents and Settings/malware/Local Settings/Application Data 56 .ac. d/dr-xr-xr-x 0 0 10465-144-6 /Documents and Settings/malware/Local Settings/Application Data/Microsoft 136 .ac. d/dr-xr-xr-x 0 0 10466-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows Media 56 .ac. d/dr-xr-xr-x 0 0 10467-144-5 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows Media/9.0 8192 ..c. r/rr-xr-xr-x 0 0 10468-128-3 /WINDOWS/SoftwareDistribution/DataStore/Logs/edb.chk 296 .ac. d/dr-xr-xr-x 0 0 10469-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Media Player 56 .ac. d/d--x--x--x 0 0 10470-144-6 /Documents and Settings/malware/Favorites 288 .ac. d/dr-xr-xr-x 0 0 10471-144-1 /Documents and Settings/malware/Desktop 568 .ac. d/d--x--x--x 0 0 10473-144-1 /Documents and Settings/malware/Application Data 136 .a.. d/drwxrwxrwx 0 0 10475-144-1 /Documents and Settings/malware/Application Data/Microsoft/SystemCertificates 456 .a.. d/drwxrwxrwx 0 0 10476-144-1 /Documents and Settings/malware/Application Data/Microsoft/SystemCertificates/My 3537 ..c. r/rr-xr-xr-x 0 0 1048-128-3 /WINDOWS/inf/netias.inf 48 .ac. d/dr-xr-xr-x 0 0 10480-144-1 /Documents and Settings/malware/Application Data/Microsoft/Media Player 576 .ac. d/dr-xr-xr-x 0 0 10481-144-1 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer 57 ..c. r/r--x--x--x 0 0 10482-128-3 /Documents and Settings/malware/Templates/wordpfct.wpg 30 ..c. r/r--x--x--x 0 0 10483-128-3 /Documents and Settings/malware/Templates/wordpfct.wpd 1769 ..c. r/rr-xr-xr-x 0 0 10484-128-4 /Documents and Settings/malware/Templates/winword2.doc 4608 ..c. r/rr-xr-xr-x 0 0 10485-128-4 /Documents and Settings/malware/Templates/winword.doc 58 ..c. r/rr-xr-xr-x 0 0 10486-128-3 /Documents and Settings/malware/Templates/sndrec.wav 4017 ..c. r/rr-xr-xr-x 0 0 10487-128-4 /Documents and Settings/malware/Templates/quattro.wb2 461 ..c. r/rr-xr-xr-x 0 0 10488-128-3 /Documents and Settings/malware/Templates/presenta.shw 12288 ..c. r/rr-xr-xr-x 0 0 10489-128-4 /Documents and Settings/malware/Templates/powerpnt.ppt 1862 ..c. r/rr-xr-xr-x 0 0 1049-128-3 /WINDOWS/inf/netiprip.inf 2448 ..c. r/rr-xr-xr-x 0 0 10490-128-4 /Documents and Settings/malware/Templates/lotus.wk4 1518 ..c. r/rr-xr-xr-x 0 0 10491-128-4 /Documents and Settings/malware/Templates/excel4.xls 5632 ..c. r/rr-xr-xr-x 0 0 10492-128-4 /Documents and Settings/malware/Templates/excel.xls 4570 ..c. r/rr-xr-xr-x 0 0 10493-128-4 /Documents and Settings/malware/Templates/amipro.sam 804 ..c. r/rr-xr-xr-x 0 0 10494-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Entertainment/Windows Media Player.lnk 1599 ..c. r/rr-xr-xr-x 0 0 10496-128-4 /Documents and Settings/malware/Start Menu/Programs/Remote Assistance.lnk 1487 ..c. r/rr-xr-xr-x 0 0 10497-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Windows Explorer.lnk 1527 ..c. r/rr-xr-xr-x 0 0 10498-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Tour Windows XP.lnk 376 ..c. r/rr-xr-xr-x 0 0 10499-128-3 /Documents and Settings/malware/Start Menu/Programs/Messenger Center.lnk 4456 ..c. r/rr-xr-xr-x 0 0 1050-128-3 /WINDOWS/inf/netirda.inf 382 ..c. r/rr-xr-xr-x 0 0 10500-128-3 /Documents and Settings/malware/Start Menu/Programs/Media Player Center.lnk 1056768 ..c. r/rr-xr-xr-x 0 0 10502-128-4 /WINDOWS/SoftwareDistribution/DataStore/DataStore.edb 1519 ..c. r/rr-xr-xr-x 0 0 10503-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Synchronize.lnk 386 ..c. r/rr-xr-xr-x 0 0 10504-128-3 /Documents and Settings/malware/Start Menu/Programs/Accessories/Program Compatibility Wizard.lnk 792 ..c. r/rr-xr-xr-x 0 0 10505-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows Media Player.lnk 1519 ..c. r/rr-xr-xr-x 0 0 10506-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Notepad.lnk 1555 ..c. r/rr-xr-xr-x 0 0 10509-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Command Prompt.lnk 15219 ..c. r/rr-xr-xr-x 0 0 1051-128-3 /WINDOWS/inf/netirsir.inf 1539 ..c. r/rr-xr-xr-x 0 0 10510-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility/Utility Manager.lnk 1501 ..c. r/rr-xr-xr-x 0 0 10511-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility/On-Screen Keyboard.lnk 0 ..c. r/rr-xr-xr-x 0 0 10512-128-3 /Documents and Settings/malware/SendTo/Mail Recipient.MAPIMail 1532 ..c. r/rr-xr-xr-x 0 0 10513-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility/Narrator.lnk 1525 ..c. r/rr-xr-xr-x 0 0 10515-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Accessibility/Magnifier.lnk 0 ..c. r/rr-xr-xr-x 0 0 10518-128-3 /Documents and Settings/malware/SendTo/Desktop (create shortcut).DeskLink 0 ..c. r/rr-xr-xr-x 0 0 10519-128-3 /Documents and Settings/malware/SendTo/Compressed (zipped) Folder.ZFSendToTarget 1190 ..c. r/rr-xr-xr-x 0 0 1052-128-3 /WINDOWS/inf/netlanem.inf 0 .acb 0 0 0 10525 [Internet Explorer] (Content viewed/Content saved to drive) URL:http://www.findfertile.org/ac3.php?aid=531&sid=direc20 cache stored in: SLK18LSF/ac3[1].htm - HTTP/1.1 200 OK - Content-Length: 105 - Content-Type: text/html (file: /media/sdb1/Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/index.dat) 56 .ac. d/dr-xr-xr-x 0 0 10529-144-5 /Documents and Settings/malware/Favorites/Links 1823 ..c. r/rr-xr-xr-x 0 0 1053-128-3 /WINDOWS/inf/netlanep.inf 12787 ..c. r/rr-xr-xr-x 0 0 10531-128-4 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows Media/9.0/WMSDKNS.XML 720896 ..c. r/rr-xr-xr-x 0 0 10532-128-4 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Media Player/CurrentDatabase_59R.wmdb 498 ..c. r/rr-xr-xr-x 0 0 10533-128-3 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows Media/9.0/WMSDKNS.DTD 49152 ..c. r/rr-xr-xr-x 0 0 10534-128-4 /Documents and Settings/malware/Cookies/index.dat 10383 ..c. r/rr-xr-xr-x 0 0 10535-128-6 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer/brndlog.txt 141 ..c. r/rr-xr-xr-x 0 0 10536-128-5 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer/brndlog.bak 392 .ac. d/dr-xr-xr-x 0 0 10539-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows 3001 ..c. r/rr-xr-xr-x 0 0 1054-128-3 /WINDOWS/inf/netloop.inf 262144 ..c. r/rr-xr-xr-x 0 0 10540-128-3 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat 1024 ..c. r/rr-xr-xr-x 0 0 10541-128-4 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat.LOG 328 .a.. d/drwxrwxrwx 0 0 10543-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10544-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Credentials/S-1-5-21-1390067357-343818398-1801674531-1003 328 .a.. d/drwxrwxrwx 0 0 10545-144-1 /Documents and Settings/malware/Application Data/Microsoft/Credentials 48 .a.. d/drwxrwxrwx 0 0 10546-144-1 /Documents and Settings/malware/Application Data/Microsoft/Credentials/S-1-5-21-1390067357-343818398-1801674531-1003 384 .ac. d/d--x--x--x 0 0 10549-144-1 /Documents and Settings/malware/My Documents/My Pictures 3894 ..c. r/rr-xr-xr-x 0 0 1055-128-3 /WINDOWS/inf/netlpd.inf 668 ..c. r/rr-xr-xr-x 0 0 10551-128-4 /Documents and Settings/malware/My Documents/My Pictures/Sample Pictures.lnk 384 .ac. d/d--x--x--x 0 0 10552-144-1 /Documents and Settings/malware/My Documents/My Music 638 ..c. r/rr-xr-xr-x 0 0 10554-128-4 /Documents and Settings/malware/My Documents/My Music/Sample Music.lnk 0 ..c. r/rr-xr-xr-x 0 0 10555-128-1 /Documents and Settings/malware/SendTo/My Documents.mydocs 4830 ..c. r/rr-xr-xr-x 0 0 10556-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/76EF7E2C6994B1A2C79DDB1DF450[1].jpg 417 ..c. r/rr-xr-xr-x 0 0 10558-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/adchoices_gif2[1].gif 21999 ..c. r/rr-xr-xr-x 0 0 1056-128-3 /WINDOWS/inf/netmadge.inf 48 .ac. d/d--x--x--x 0 0 10562-144-6 /Documents and Settings/malware/Application Data/Microsoft/Internet Explorer/Quick Launch 48 .ac. d/dr-xr-xr-x 0 0 10563-144-1 /Program Files/Uninstall Information 767 ..c. r/rr-xr-xr-x 0 0 10565-128-4 /Documents and Settings/malware/Start Menu/Programs/Internet Explorer.lnk 779 ..c. r/rr-xr-xr-x 0 0 10566-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/2/Launch Internet Explorer Browser.lnk 1955 ..c. r/rr-xr-xr-x 0 0 1057-128-3 /WINDOWS/inf/netnb.inf 312 .ac. d/dr-xr-xr-x 0 0 10572-144-1 /Documents and Settings/malware/Application Data/Identities 48 .ac. d/dr-xr-xr-x 0 0 10573-144-1 /Documents and Settings/malware/Application Data/Identities/{F9D4997F-940A-4BD4-8675-DCAE73996185} 68 ..c. r/rr-xr-xr-x 0 0 10574-128-1 /Documents and Settings/malware/Cookies/malware@c.msn[2].txt 738 ..c. r/rr-xr-xr-x 0 0 10576-128-4 /Documents and Settings/malware/Start Menu/Programs/Outlook Express.lnk 3996 ..c. r/rr-xr-xr-x 0 0 10577-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/6ECB5F9A4119F2F7D7B4AF62EC5A[1].jpg 169 ..c. r/rr-xr-xr-x 0 0 10578-128-1 /Documents and Settings/malware/Favorites/Links/Windows Marketplace.url 6659 ..c. r/rr-xr-xr-x 0 0 1058-128-3 /WINDOWS/inf/netnovel.inf 3775 ..c. r/rr-xr-xr-x 0 0 10580-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/41EA2BB896C1D269F946D98D1E31A[1].jpg 42 ..c. r/rr-xr-xr-x 0 0 10582-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/805306726[1].gif 583 ..c. r/rr-xr-xr-x 0 0 10588-128-1 /Documents and Settings/malware/Cookies/malware@msn[1].txt 774 ..c. r/rr-xr-xr-x 0 0 10589-128-4 /Documents and Settings/malware/Start Menu/Programs/Accessories/Address Book.lnk 4410 ..c. r/rr-xr-xr-x 0 0 1059-128-3 /WINDOWS/inf/netnwcli.inf 79 ..c. r/rr-xr-xr-x 0 0 10590-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/2/Show Desktop.scf 119 ..c. r/rr-xr-xr-x 0 0 10593-128-1 /Documents and Settings/malware/Favorites/MSN.com.url 197 ..c. r/rr-xr-xr-x 0 0 10594-128-1 /Documents and Settings/malware/Favorites/Radio Station Guide.url 450669 ..c. r/rr-xr-xr-x 0 0 10595-128-3 /Program Files/Common Files/Microsoft Shared/web server extensions/40/bin/FP4AWEC.DLL 78706 ..c. r/rr-xr-xr-x 0 0 10596-128-3 /Program Files/Common Files/Microsoft Shared/web server extensions/40/bin/1033/FPEXT.MSG 532480 ..c. r/rr-xr-xr-x 0 0 10597-128-3 /Program Files/Common Files/System/Ole DB/MSDAIPP.DLL 155648 ..c. r/rr-xr-xr-x 0 0 10598-128-3 /Program Files/Common Files/System/Ole DB/MSDAPML.DLL 384 .ac. d/dr-xr-xr-x 0 0 10599-144-1 /Program Files/Common Files/Microsoft Shared/Web Folders 272 .ac. d/dr-xr-xr-x 0 0 106-144-1 /WINDOWS/Resources/Themes/Luna/Shell/Metallic 13273 ..c. r/rr-xr-xr-x 0 0 1060-128-3 /WINDOWS/inf/netnwlnk.inf 561209 ..c. r/rr-xr-xr-x 0 0 10600-128-3 /Program Files/Common Files/Microsoft Shared/Web Folders/MSONSEXT.DLL 122937 ..c. r/rr-xr-xr-x 0 0 10601-128-3 /Program Files/Common Files/Microsoft Shared/Web Folders/MSOWS409.DLL 8206 ..c. r/rr-xr-xr-x 0 0 10602-128-3 /Program Files/Common Files/Microsoft Shared/Web Folders/PUBPLACE.HTT 3159 ..c. r/rr-xr-xr-x 0 0 10603-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/AB3DEF1FC49CB32F0E8E93E988EBA[1].jpg 4078 ..c. r/rr-xr-xr-x 0 0 10604-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5BDA7261AAEAD28A63201DFFAC2A4B[1].jpg 1046 ..c. r/rr-xr-xr-x 0 0 10605-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ADSAdClient31[1].htm 618605 ..c. r/rr-xr-xr-x 0 0 10606-128-3 /Program Files/Common Files/Microsoft Shared/web server extensions/40/bin/fp4autl.dll 264704 ..c. r/rr-xr-xr-x 0 0 10607-128-3 /WINDOWS/Installer/5db67.msi 152 .ac. d/dr-xr-xr-x 0 0 10608-144-1 /WINDOWS/Installer/{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} 166912 ..c. r/r--x--x--x 0 0 10609-128-3 /WINDOWS/Installer/{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}/places.exe 1323 ..c. r/rr-xr-xr-x 0 0 1061-128-3 /WINDOWS/inf/netpsa.inf 119 ..c. r/rr-xr-xr-x 0 0 10610-128-1 /Documents and Settings/malware/Favorites/Links/Customize Links.url 113 ..c. r/rr-xr-xr-x 0 0 10611-128-1 /Documents and Settings/malware/Favorites/Links/Free Hotmail.url 113 ..c. r/rr-xr-xr-x 0 0 10612-128-1 /Documents and Settings/malware/Favorites/Links/Windows.url 118 ..c. r/rr-xr-xr-x 0 0 10613-128-1 /Documents and Settings/malware/Favorites/Links/Windows Media.url 48 .ac. d/dr-xr-xr-x 0 0 10616-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/CD Burning 1142 ..c. r/rr-xr-xr-x 0 0 10618-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/c57bc2a7d38843d7c4aa8028fc9f82[1].gif 4095 ..c. r/rr-xr-xr-x 0 0 10619-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/8E1CE8BD265B47CBBE321FF47E2A1[1].jpg 1870 ..c. r/rr-xr-xr-x 0 0 1062-128-3 /WINDOWS/inf/netpschd.inf 978 ..c. r/rr-xr-xr-x 0 0 10620-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ADSAdClient31[1].htm 4330 ..c. r/rr-xr-xr-x 0 0 10621-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/003[1].png 16533 ..c. r/rr-xr-xr-x 0 0 10622-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/544[1].jpg 618605 ..c. r/rr-xr-xr-x 0 0 10623-128-1 /WINDOWS/system32/dllcache/fp4autl.dll 176 ..c. r/rr-xr-xr-x 0 0 10625-128-1 /Documents and Settings/malware/Cookies/malware@ad.wsod[2].txt 42 ..c. r/rr-xr-xr-x 0 0 10626-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/pixel[1].gif 5200 ..c. r/rr-xr-xr-x 0 0 10627-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ADSAdClient31[1].htm 14512 ..c. r/rr-xr-xr-x 0 0 10629-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/899538en_msn[1].js 17594 ..c. r/rr-xr-xr-x 0 0 1063-128-3 /WINDOWS/inf/netrasa.inf 35 ..c. r/rr-xr-xr-x 0 0 10630-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/qsonhs[1].aspx 110 ..c. r/rr-xr-xr-x 0 0 10631-128-1 /Documents and Settings/malware/Cookies/malware@www.bing[1].txt 152 .a.. d/drwxrwxrwx 0 0 10632-144-1 /Documents and Settings/malware/Local Settings/History/History.IE5/MSHist012011070120110702 190 ..c. r/rr-xr-xr-x 0 0 10634-128-1 /Documents and Settings/malware/Cookies/malware@bing[1].txt 188 ..c. r/rr-xr-xr-x 0 0 10635-128-1 /Documents and Settings/malware/Cookies/malware@www.msn[1].txt 7582 ..c. r/rr-xr-xr-x 0 0 10636-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/9934D0635AD244E5FA684B7B8CBD0[1].gif 554 ..c. r/rr-xr-xr-x 0 0 10637-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4a0253de6eac448d8f2c39c53f8926[2].js 5892 ..c. r/rr-xr-xr-x 0 0 1064-128-3 /WINDOWS/inf/netrast.inf 607 ..c. r/rr-xr-xr-x 0 0 10641-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Sync[1].htm 1988 ..c. r/rr-xr-xr-x 0 0 10642-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/wlHelper[1].js 1340 ..c. r/rr-xr-xr-x 0 0 10644-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/wlHelper[3].js 452608 ..c. r/rr-xr-xr-x 0 0 10646-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/pusk[1].exe 3228 ..c. r/rr-xr-xr-x 0 0 1065-128-3 /WINDOWS/inf/netrsvp.inf 0 ..c. r/rr-xr-xr-x 0 0 10651-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/404[1].htm 299008 ..c. r/rr-xr-xr-x 0 0 10654-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/531-direct[1] 144130 ..c. r/rr-xr-xr-x 0 0 10657-128-4 /WINDOWS/inf/oem0.inf 1401520 ..c. r/rr-xr-xr-x 0 0 10659-128-3 /WINDOWS/inf/INFCACHE.1 2515 ..c. r/rr-xr-xr-x 0 0 1066-128-3 /WINDOWS/inf/netrwan.inf 160 .ac. d/dr-xr-xr-x 0 0 10664-144-1 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Internet Explorer 16384 ..c. r/rr-xr-xr-x 0 0 10665-128-3 /Documents and Settings/malware/Local Settings/Application Data/Microsoft/Internet Explorer/MSIMGSIZ.DAT 12328 ..c. r/rr-xr-xr-x 0 0 10666-128-4 /Documents and Settings/malware/Local Settings/Application Data/GDIPFONTCACHEV1.DAT 2429 ..c. r/rr-xr-xr-x 0 0 1067-128-3 /WINDOWS/inf/netsap.inf 26368 ..c. r/rr-xr-xr-x 0 0 10678-128-3 /WINDOWS/system32/drivers/USBSTOR.SYS 312 .ac. d/dr-xr-xr-x 0 0 10679-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp 3359 ..c. r/rr-xr-xr-x 0 0 1068-128-3 /WINDOWS/inf/netserv.inf 26368 ..c. r/rr-xr-xr-x 0 0 10680-128-1 /WINDOWS/system32/dllcache/usbstor.sys 56 .ac. d/dr-xr-xr-x 0 0 10681-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1 56 .ac. d/dr-xr-xr-x 0 0 10686-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs 136 .a.. d/dr-xr-xr-x 0 0 10687-144-1 /DRIVERS 152 .ac. d/dr-xr-xr-x 0 0 10688-144-1 /DRIVERS/WIN 624 .ac. d/dr-xr-xr-x 0 0 10689-144-1 /DRIVERS/WIN/ETHERNET 11674 ..c. r/rr-xr-xr-x 0 0 1069-128-3 /WINDOWS/inf/netsnmp.inf 127946 ..c. r/rr-xr-xr-x 0 0 10691-128-3 /WINDOWS/inf/oem0.PNF 480 .ac. d/dr-xr-xr-x 0 0 10693-144-1 /DRIVERS/WIN/ETHERNET/WINNT 157294 ..c. r/rr-xr-xr-x 0 0 10694-128-3 /DRIVERS/WIN/ETHERNET/WINNT/B57NT4.SYS 85325 ..c. r/rr-xr-xr-x 0 0 10695-128-3 /DRIVERS/WIN/ETHERNET/WINNT/OEMSETUP.INF 6928 ..c. r/rr-xr-xr-x 0 0 10696-128-3 /DRIVERS/WIN/ETHERNET/WINNT/B57DTECT.DLL 13483 ..c. r/rr-xr-xr-x 0 0 10697-128-3 /DRIVERS/WIN/ETHERNET/WINNT/B57NT4.HLP 144 .ac. d/dr-xr-xr-x 0 0 10698-144-1 /DRIVERS/WIN/ETHERNET/WINXP 376 .ac. d/dr-xr-xr-x 0 0 10699-144-1 /DRIVERS/WIN/ETHERNET/WINXP/IA32 272 .ac. d/dr-xr-xr-x 0 0 107-144-1 /WINDOWS/Resources/Themes/Luna/Shell/Homestead 4749 ..c. r/rr-xr-xr-x 0 0 1070-128-3 /WINDOWS/inf/nettpsmp.inf 43637 ..c. r/rr-xr-xr-x 0 0 10700-128-3 /DRIVERS/WIN/ETHERNET/WINXP/IA32/B57WIN32.CAT 144130 ..c. r/rr-xr-xr-x 0 0 10701-128-3 /DRIVERS/WIN/ETHERNET/WINXP/IA32/B57WIN32.INF 161792 ..c. r/rr-xr-xr-x 0 0 10702-128-3 /DRIVERS/WIN/ETHERNET/WINXP/IA32/B57XP32.SYS 4581 ..c. r/rr-xr-xr-x 0 0 10703-128-3 /DRIVERS/WIN/ETHERNET/SWI.XML 144 .ac. d/dr-xr-xr-x 0 0 10704-144-1 /DRIVERS/WIN/ETHERNET/BACS 264 .ac. d/dr-xr-xr-x 0 0 10705-144-1 /DRIVERS/WIN/ETHERNET/BACS/IA32 15451176 ..c. r/rr-xr-xr-x 0 0 10706-128-3 /DRIVERS/WIN/ETHERNET/BACS/IA32/SETUP.EXE 1291 ..c. r/rr-xr-xr-x 0 0 10707-128-3 /DRIVERS/WIN/ETHERNET/BACS/IA32/SILENTBA.TXT 344 .ac. d/dr-xr-xr-x 0 0 10708-144-1 /DRIVERS/WIN/ETHERNET/TOOLS 144 .ac. d/dr-xr-xr-x 0 0 10709-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UPDATE 839 ..c. r/rr-xr-xr-x 0 0 1071-128-3 /WINDOWS/inf/netupnp.inf 384 .ac. d/dr-xr-xr-x 0 0 10710-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UPDATE/WINNT 2957 ..c. r/rr-xr-xr-x 0 0 10711-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UPDATE/WINNT/B57NT4UD.TXT 40960 ..c. r/rr-xr-xr-x 0 0 10712-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UPDATE/WINNT/B57NT4UD.EXE 13188 ..c. r/rr-xr-xr-x 0 0 10713-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UPDATE/WINNT/B57NT4UD.INF 144 .ac. d/dr-xr-xr-x 0 0 10714-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST 56 .ac. d/dr-xr-xr-x 0 0 10715-144-5 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32 51712 ..c. r/rr-xr-xr-x 0 0 10716-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1034.MST 48128 ..c. r/rr-xr-xr-x 0 0 10717-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1035.MST 53760 ..c. r/rr-xr-xr-x 0 0 10718-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1036.MST 53760 ..c. r/rr-xr-xr-x 0 0 10719-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1040.MST 51712 ..c. r/rr-xr-xr-x 0 0 10720-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1041.MST 46592 ..c. r/rr-xr-xr-x 0 0 10721-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1042.MST 52224 ..c. r/rr-xr-xr-x 0 0 10722-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1043.MST 48128 ..c. r/rr-xr-xr-x 0 0 10723-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1044.MST 50176 ..c. r/rr-xr-xr-x 0 0 10724-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1046.MST 47104 ..c. r/rr-xr-xr-x 0 0 10725-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1053.MST 46080 ..c. r/rr-xr-xr-x 0 0 10726-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1054.MST 37376 ..c. r/rr-xr-xr-x 0 0 10727-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/2052.MST 1521664 ..c. r/rr-xr-xr-x 0 0 10728-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/BDRVINST.MSI 173239 ..c. r/rr-xr-xr-x 0 0 10729-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/FILES6~1.CAB 407 ..c. r/rr-xr-xr-x 0 0 1073-128-1 /WINDOWS/system32/drivers/etc/networks 227221 ..c. r/rr-xr-xr-x 0 0 10730-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/FILES_~1.CAB 3940232 ..c. r/rr-xr-xr-x 0 0 10731-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/SETUP.EXE 1087 ..c. r/rr-xr-xr-x 0 0 10732-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/SILENT.TXT 36352 ..c. r/rr-xr-xr-x 0 0 10733-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1028.MST 48128 ..c. r/rr-xr-xr-x 0 0 10734-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1030.MST 54272 ..c. r/rr-xr-xr-x 0 0 10735-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1031.MST 3584 ..c. r/rr-xr-xr-x 0 0 10736-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/DRVINST/IA32/1033.MST 448 .ac. d/dr-xr-xr-x 0 0 10737-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND 10982 ..c. r/rr-xr-xr-x 0 0 10738-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/BDRVCOPY.BAT 272 .ac. d/dr-xr-xr-x 0 0 10739-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WINNT 25517 ..c. r/rr-xr-xr-x 0 0 1074-128-3 /WINDOWS/Help/newfeat1.chm 2056 ..c. r/rr-xr-xr-x 0 0 10740-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WINNT/BDRVCOPY.TXT 1305 ..c. r/rr-xr-xr-x 0 0 10741-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WINNT/UNATTEND.TXT 272 .ac. d/dr-xr-xr-x 0 0 10742-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WIN2K 2329 ..c. r/rr-xr-xr-x 0 0 10743-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WIN2K/BDRVCOPY.TXT 1287 ..c. r/rr-xr-xr-x 0 0 10744-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/WIN2K/UNATTEND.TXT 272 .ac. d/dr-xr-xr-x 0 0 10745-144-1 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/IA32 2324 ..c. r/rr-xr-xr-x 0 0 10746-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/IA32/BDRVCOPY.TXT 1425 ..c. r/rr-xr-xr-x 0 0 10747-128-3 /DRIVERS/WIN/ETHERNET/TOOLS/UNATTEND/IA32/UNATTEND.TXT 376 .ac. d/dr-xr-xr-x 0 0 10748-144-1 /DRIVERS/WIN/ETHERNET/WIN2000 157456 ..c. r/rr-xr-xr-x 0 0 10749-128-3 /DRIVERS/WIN/ETHERNET/WIN2000/B57W2K.SYS 16162 ..c. r/rr-xr-xr-x 0 0 1075-128-3 /WINDOWS/Help/newfeat1.hlp 43637 ..c. r/rr-xr-xr-x 0 0 10750-128-3 /DRIVERS/WIN/ETHERNET/WIN2000/B57WIN32.CAT 144130 ..c. r/rr-xr-xr-x 0 0 10751-128-3 /DRIVERS/WIN/ETHERNET/WIN2000/B57WIN32.INF 161792 ..c. r/rr-xr-xr-x 0 0 10752-128-3 /WINDOWS/system32/drivers/b57xp32.sys 56 .ac. d/dr-xr-xr-x 0 0 10754-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories 161792 ..c. r/rr-xr-xr-x 0 0 10755-128-1 /WINDOWS/system32/dllcache/b57xp32.sys 400 .ac. d/dr-xr-xr-x 0 0 10756-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Accessibility 11047 ..c. r/rr-xr-xr-x 0 0 1076-128-3 /WINDOWS/Help/newfeat2.chm 11671 ..c. r/rr-xr-xr-x 0 0 10761-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/AuthenticationForm[1].htm 861 ..c. r/rr-xr-xr-x 0 0 10762-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/AuthenticationServlet2745323f[1].htm 210 ..c. r/rr-xr-xr-x 0 0 10763-128-1 /Documents and Settings/malware/Cookies/malware@AuthenticationServer[2].txt 43 ..c. r/rr-xr-xr-x 0 0 10764-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/primedns[2].gif 56 .ac. d/dr-xr-xr-x 0 0 10765-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Communications 2123 ..c. r/rr-xr-xr-x 0 0 10766-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/37055364ab006eb95ebbd60846447a[2].css 93256 ..c. r/rr-xr-xr-x 0 0 10767-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/c8d8548fff61b10f6f95b987c13eeg_header[2].css 5585 ..c. r/rr-xr-xr-x 0 0 10768-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4C5D1CE4F9A4087C4EB51205AF447[1].jpg 3047 ..c. r/rr-xr-xr-x 0 0 10769-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/B496798D315B46845DC9DC6A1CAE8[1].jpg 4536 ..c. r/rr-xr-xr-x 0 0 1077-128-3 /WINDOWS/Help/newfeat2.hlp 72182 ..c. r/rr-xr-xr-x 0 0 10770-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/jquery-1.4.2.min[2].js 4429 ..c. r/rr-xr-xr-x 0 0 10771-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ce21c8d14e6fd893c6c2cde5c0319d[2].css 137 ..c. r/rr-xr-xr-x 0 0 10772-128-1 /Documents and Settings/malware/Cookies/malware@exp.www.msn[1].txt 4082 ..c. r/rr-xr-xr-x 0 0 10773-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/BING_websearch_2[1].jpg 91435 ..c. r/rr-xr-xr-x 0 0 10774-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ae030ac3f559d4b1e167097964e115[2].js 3737 ..c. r/rr-xr-xr-x 0 0 10775-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dapbeta[1].js 12823 ..c. r/rr-xr-xr-x 0 0 10776-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/8b0fe9bcd1399077fdc9374e5f314d[1].png 9288 ..c. r/rr-xr-xr-x 0 0 10777-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/wlanalytics[1].js 7210 ..c. r/rr-xr-xr-x 0 0 10779-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/7980776cb684844c20339b839ac35e[1].gif 11047 ..c. r/rr-xr-xr-x 0 0 1078-128-3 /WINDOWS/Help/newfeat3.chm 776 ..c. r/rr-xr-xr-x 0 0 10780-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/11[1].gif 6726 ..c. r/rr-xr-xr-x 0 0 10781-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CFFF237B674B87B219E8D9DE7866E2[1].jpg 2477 ..c. r/rr-xr-xr-x 0 0 10782-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/EB75D45B8948F72EE451223E95A96[1].gif 48 ..c. r/rr-xr-xr-x 0 0 10783-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/617475cf39bf6f5c0bd6ecb985335c[1].gif 7079 ..c. r/rr-xr-xr-x 0 0 10784-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ADF825F54B93DD9717F8D5B9042[1].jpg 7334 ..c. r/rr-xr-xr-x 0 0 10785-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/C8E4CD4E96D43D83BEA03FDE2776D[1].jpg 21739 ..c. r/rr-xr-xr-x 0 0 10786-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/481C3AA95082408E63C2954E247383[1].jpg 657 ..c. r/rr-xr-xr-x 0 0 10787-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/37BA92E210D341BFDBF4126422A3D2[1].gif 6111 ..c. r/rr-xr-xr-x 0 0 10788-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/D26637BD322F8183C19B9F69F5B6B[1].jpg 3573 ..c. r/rr-xr-xr-x 0 0 10789-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/71912B7D969E821317CDE11393A271[1].jpg 4536 ..c. r/rr-xr-xr-x 0 0 1079-128-3 /WINDOWS/Help/newfeat3.hlp 5603 ..c. r/rr-xr-xr-x 0 0 10790-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/DDCC1D859DAB8B53D96D6F48A91[1].jpg 43 ..c. r/rr-xr-xr-x 0 0 10791-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/614595fba50d96389708a4135776e4[1].gif 554 ..c. r/rr-xr-xr-x 0 0 10792-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adchoices_gif[1].gif 3211 ..c. r/rr-xr-xr-x 0 0 10793-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/8029BE41DF23A9E2D713B24DD15B5[1].gif 4921 ..c. r/rr-xr-xr-x 0 0 10794-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1FBB87D91FC9133FE2DDE8A69D26F4[1].jpg 2761 ..c. r/rr-xr-xr-x 0 0 10795-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5278AA767DE4E1D28B266BDC6AEE97[1].jpg 21028 ..c. r/rr-xr-xr-x 0 0 10796-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/157[1].gif 6096 ..c. r/rr-xr-xr-x 0 0 10797-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/BING_web_search[1].jpg 3069 ..c. r/rr-xr-xr-x 0 0 10798-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/7B05620FD5E4ABCB6EDC2F046198C[1].jpg 56 .ac. d/dr-xr-xr-x 0 0 108-144-5 /WINDOWS/Help/Tours/mmTour 11047 ..c. r/rr-xr-xr-x 0 0 1080-128-3 /WINDOWS/Help/newfeat4.chm 10485 ..c. r/rr-xr-xr-x 0 0 10802-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/AutoSuggest_min[2].js 94 ..c. r/rr-xr-xr-x 0 0 10805-128-1 /Documents and Settings/malware/Cookies/malware@live[1].txt 10368 ..c. r/rr-xr-xr-x 0 0 10807-128-3 /WINDOWS/system32/drivers/hidusb.sys 464 ..c. r/rr-xr-xr-x 0 0 10809-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Include[1].htm 4536 ..c. r/rr-xr-xr-x 0 0 1081-128-3 /WINDOWS/Help/newfeat4.hlp 56 .ac. d/dr-xr-xr-x 0 0 10810-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/Entertainment 13068 ..c. r/rr-xr-xr-x 0 0 10812-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/41A6EA1EFC5688B1A57FE8B773D1[1].jpg 12160 ..c. r/rr-xr-xr-x 0 0 10813-128-1 /WINDOWS/system32/dllcache/mouhid.sys 10368 ..c. r/rr-xr-xr-x 0 0 10816-128-1 /WINDOWS/system32/dllcache/hidusb.sys 12160 ..c. r/rr-xr-xr-x 0 0 10817-128-3 /WINDOWS/system32/drivers/mouhid.sys 11047 ..c. r/rr-xr-xr-x 0 0 1082-128-3 /WINDOWS/Help/newfeat5.chm 4536 ..c. r/rr-xr-xr-x 0 0 1083-128-3 /WINDOWS/Help/newfeat5.hlp 56 .ac. d/dr-xr-xr-x 0 0 10830-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/System Tools 12032 ..c. r/rr-xr-xr-x 0 0 1084-128-3 /WINDOWS/system32/drivers/nikedrv.sys 56 .ac. d/dr-xr-xr-x 0 0 10843-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Administrative Tools 232 ..c. r/rr-xr-xr-x 0 0 10849-128-1 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Corporation,L=Redmond,S=Washington,C=US/status_ok.gif 56 .ac. d/dr-xr-xr-x 0 0 10854-144-5 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Games 781 ..c. r/rr-xr-xr-x 0 0 10857-128-3 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Corporation,L=Redmond,S=Washington,C=US/PSS.css 84 ..c. r/rr-xr-xr-x 0 0 1086-128-1 /WINDOWS/Help/nocontnt.cnt 272 .ac. d/dr-xr-xr-x 0 0 10861-144-1 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US 464 .ac. d/dr-xr-xr-x 0 0 10862-144-1 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance 144 .ac. d/dr-xr-xr-x 0 0 10863-144-1 /Program Files/Windows Resource Kits 56 .ac. d/dr-xr-xr-x 0 0 10864-144-6 /Program Files/Windows Resource Kits/Tools 16384 ..c. r/rr-xr-xr-x 0 0 10865-128-3 /Program Files/Windows Resource Kits/Tools/atmarp.exe 13312 ..c. r/rr-xr-xr-x 0 0 10866-128-3 /Program Files/Windows Resource Kits/Tools/atmlane.exe 13824 ..c. r/rr-xr-xr-x 0 0 10867-128-3 /Program Files/Windows Resource Kits/Tools/cdburn.exe 155360 ..c. r/rr-xr-xr-x 0 0 10868-128-3 /Program Files/Windows Resource Kits/Tools/cepsetup.exe 364032 ..c. r/rr-xr-xr-x 0 0 10869-128-3 /Program Files/Windows Resource Kits/Tools/chklnks.exe 11562 ..c. r/rr-xr-xr-x 0 0 1087-128-3 /WINDOWS/Help/nofts.chm 6340 ..c. r/rr-xr-xr-x 0 0 10870-128-4 /Program Files/Windows Resource Kits/Tools/checkrepl.vbs 9728 ..c. r/rr-xr-xr-x 0 0 10871-128-3 /Program Files/Windows Resource Kits/Tools/clearmem.exe 1849856 ..c. r/rr-xr-xr-x 0 0 10872-128-3 /Program Files/Windows Resource Kits/Tools/clusdiag.msi 248705 ..c. r/rr-xr-xr-x 0 0 10873-128-4 /Program Files/Windows Resource Kits/Tools/clusterrecovery.chm 155648 ..c. r/rr-xr-xr-x 0 0 10874-128-4 /Program Files/Windows Resource Kits/Tools/clusterrecovery.exe 40448 ..c. r/rr-xr-xr-x 0 0 10875-128-3 /Program Files/Windows Resource Kits/Tools/confdisk.exe 5632 ..c. r/rr-xr-xr-x 0 0 10876-128-3 /Program Files/Windows Resource Kits/Tools/creatfil.exe 7168 ..c. r/rr-xr-xr-x 0 0 10877-128-4 /Program Files/Windows Resource Kits/Tools/crutredir.dll 54784 ..c. r/rr-xr-xr-x 0 0 10878-128-3 /Program Files/Windows Resource Kits/Tools/delprof.exe 1766911 ..c. r/rr-xr-xr-x 0 0 10879-128-3 /Program Files/Windows Resource Kits/Tools/deploy.cab 64000 ..c. r/rr-xr-xr-x 0 0 10880-128-3 /Program Files/Windows Resource Kits/Tools/dh.exe 367 ..c. r/rr-xr-xr-x 0 0 10882-128-1 /Program Files/Windows Resource Kits/Tools/dumpfsmos.cmd 15360 ..c. r/rr-xr-xr-x 0 0 10883-128-3 /Program Files/Windows Resource Kits/Tools/dvdburn.exe 37948 ..c. r/rr-xr-xr-x 0 0 10884-128-4 /Program Files/Windows Resource Kits/Tools/eventcombmt.chm 115712 ..c. r/rr-xr-xr-x 0 0 10885-128-4 /Program Files/Windows Resource Kits/Tools/eventcombmt.exe 204288 ..c. r/rr-xr-xr-x 0 0 10886-128-3 /Program Files/Windows Resource Kits/Tools/fcsetup.exe 275436 ..c. r/rr-xr-xr-x 0 0 10887-128-4 /Program Files/Windows Resource Kits/Tools/samplereasons.reg 3547 ..c. r/rr-xr-xr-x 0 0 10888-128-3 /Program Files/Windows Resource Kits/Tools/inetesc.adm 52736 ..c. r/rr-xr-xr-x 0 0 10889-128-3 /Program Files/Windows Resource Kits/Tools/ifilttst.exe 3054 ..c. r/rr-xr-xr-x 0 0 10890-128-3 /Program Files/Windows Resource Kits/Tools/srvmgr.cnt 1119232 ..c. r/rr-xr-xr-x 0 0 10891-128-4 /Program Files/Windows Resource Kits/Tools/gpmonitor.exe 76288 ..c. r/rr-xr-xr-x 0 0 10892-128-4 /Program Files/Windows Resource Kits/Tools/rcontrolad.exe 135680 ..c. r/rr-xr-xr-x 0 0 10893-128-3 /Program Files/Windows Resource Kits/Tools/iviewers.dll 39936 ..c. r/rr-xr-xr-x 0 0 10894-128-3 /Program Files/Windows Resource Kits/Tools/kerbtray.exe 29184 ..c. r/rr-xr-xr-x 0 0 10895-128-3 /Program Files/Windows Resource Kits/Tools/klist.exe 3674 ..c. r/rr-xr-xr-x 0 0 10897-128-3 /Program Files/Windows Resource Kits/Tools/lbridge.cmd 11264 ..c. r/rr-xr-xr-x 0 0 10898-128-3 /Program Files/Windows Resource Kits/Tools/linkd.exe 35840 ..c. r/rr-xr-xr-x 0 0 10899-128-4 /Program Files/Windows Resource Kits/Tools/linkspeed.exe 56 .ac. d/dr-xr-xr-x 0 0 109-144-6 /WINDOWS/Help/Tours/htmlTour 4608 ..c. r/rr-xr-xr-x 0 0 10900-128-3 /Program Files/Windows Resource Kits/Tools/logtime.exe 12800 ..c. r/rr-xr-xr-x 0 0 10901-128-3 /Program Files/Windows Resource Kits/Tools/lsreport.exe 113664 ..c. r/rr-xr-xr-x 0 0 10902-128-3 /Program Files/Windows Resource Kits/Tools/lsview.exe 9728 ..c. r/rr-xr-xr-x 0 0 10903-128-3 /Program Files/Windows Resource Kits/Tools/mcast.exe 174080 ..c. r/rr-xr-xr-x 0 0 10904-128-3 /Program Files/Windows Resource Kits/Tools/mibcc.exe 8192 ..c. r/rr-xr-xr-x 0 0 10905-128-3 /Program Files/Windows Resource Kits/Tools/moveuser.exe 107008 ..c. r/rr-xr-xr-x 0 0 10906-128-3 /Program Files/Windows Resource Kits/Tools/mstlsapi.dll 32256 ..c. r/rr-xr-xr-x 0 0 10907-128-3 /Program Files/Windows Resource Kits/Tools/now.exe 202752 ..c. r/rr-xr-xr-x 0 0 10908-128-3 /Program Files/Windows Resource Kits/Tools/kernrate.doc 32256 ..c. r/rr-xr-xr-x 0 0 10909-128-3 /Program Files/Windows Resource Kits/Tools/ntrights.exe 25088 ..c. r/rr-xr-xr-x 0 0 10910-128-3 /Program Files/Windows Resource Kits/Tools/oh.exe 146432 ..c. r/rr-xr-xr-x 0 0 10911-128-3 /Program Files/Windows Resource Kits/Tools/oleview.exe 85989 ..c. r/rr-xr-xr-x 0 0 10912-128-3 /Program Files/Windows Resource Kits/Tools/pooltag.txt 2104 ..c. r/rr-xr-xr-x 0 0 10913-128-4 /Program Files/Windows Resource Kits/Tools/rqs_setup.bat 14336 ..c. r/rr-xr-xr-x 0 0 10914-128-3 /Program Files/Windows Resource Kits/Tools/pfmon.exe 16896 ..c. r/rr-xr-xr-x 0 0 10917-128-3 /Program Files/Windows Resource Kits/Tools/qgrep.exe 6856 ..c. r/rr-xr-xr-x 0 0 10918-128-3 /Program Files/Windows Resource Kits/Tools/queryad.vbs 348160 ..c. r/rr-xr-xr-x 0 0 10919-128-3 /Program Files/Windows Resource Kits/Tools/remapkey.exe 79872 ..c. r/rr-xr-xr-x 0 0 10920-128-3 /Program Files/Windows Resource Kits/Tools/robocopy.exe 253440 ..c. r/rr-xr-xr-x 0 0 10921-128-3 /Program Files/Windows Resource Kits/Tools/robocopy.doc 14336 ..c. r/rr-xr-xr-x 0 0 10922-128-3 /Program Files/Windows Resource Kits/Tools/rpcdump.exe 20480 ..c. r/rr-xr-xr-x 0 0 10923-128-3 /Program Files/Windows Resource Kits/Tools/showperf.exe 32768 ..c. r/rr-xr-xr-x 0 0 10924-128-3 /Program Files/Windows Resource Kits/Tools/showpriv.exe 5120 ..c. r/rr-xr-xr-x 0 0 10925-128-3 /Program Files/Windows Resource Kits/Tools/sleep.exe 248320 ..c. r/rr-xr-xr-x 0 0 10926-128-3 /Program Files/Windows Resource Kits/Tools/subinacl.exe 6656 ..c. r/rr-xr-xr-x 0 0 10927-128-3 /Program Files/Windows Resource Kits/Tools/tail.exe 9216 ..c. r/rr-xr-xr-x 0 0 10928-128-3 /Program Files/Windows Resource Kits/Tools/timezone.exe 10202 ..c. r/rr-xr-xr-x 0 0 10929-128-4 /Program Files/Windows Resource Kits/Tools/clusfileport_win2000.inf 23040 ..c. r/rr-xr-xr-x 0 0 10930-128-3 /Program Files/Windows Resource Kits/Tools/vadump.exe 528440 ..c. r/rr-xr-xr-x 0 0 10931-128-3 /Program Files/Windows Resource Kits/Tools/vfi.exe 124416 ..c. r/rr-xr-xr-x 0 0 10932-128-3 /Program Files/Windows Resource Kits/Tools/adlb.exe 7168 ..c. r/rr-xr-xr-x 0 0 10933-128-3 /Program Files/Windows Resource Kits/Tools/autoexnt.exe 1080 ..c. r/rr-xr-xr-x 0 0 10934-128-3 /Program Files/Windows Resource Kits/Tools/cmdhere.inf 28160 ..c. r/rr-xr-xr-x 0 0 10935-128-3 /Program Files/Windows Resource Kits/Tools/cmgetcer.dll 3232 ..c. r/rr-xr-xr-x 0 0 10936-128-3 /Program Files/Windows Resource Kits/Tools/cmgetcer.txt 9728 ..c. r/rr-xr-xr-x 0 0 10937-128-3 /Program Files/Windows Resource Kits/Tools/consume.exe 45568 ..c. r/rr-xr-xr-x 0 0 10938-128-3 /Program Files/Windows Resource Kits/Tools/csccmd.exe 38912 ..c. r/rr-xr-xr-x 0 0 10939-128-3 /Program Files/Windows Resource Kits/Tools/list.exe 33792 ..c. r/rr-xr-xr-x 0 0 10940-128-3 /Program Files/Windows Resource Kits/Tools/ntimer.exe 6656 ..c. r/rr-xr-xr-x 0 0 10941-128-3 /Program Files/Windows Resource Kits/Tools/pathman.exe 3064 ..c. r/rr-xr-xr-x 0 0 10942-128-3 /Program Files/Windows Resource Kits/Tools/usrmgr.cnt 15360 ..c. r/rr-xr-xr-x 0 0 10943-128-3 /Program Files/Windows Resource Kits/Tools/perms.exe 10752 ..c. r/rr-xr-xr-x 0 0 10944-128-3 /Program Files/Windows Resource Kits/Tools/pmon.exe 36864 ..c. r/rr-xr-xr-x 0 0 10945-128-3 /Program Files/Windows Resource Kits/Tools/regini.exe 8192 ..c. r/rr-xr-xr-x 0 0 10946-128-3 /Program Files/Windows Resource Kits/Tools/srvany.exe 14336 ..c. r/rr-xr-xr-x 0 0 10947-128-4 /Program Files/Windows Resource Kits/Tools/memmonitor.exe 168016 ..c. r/rr-xr-xr-x 0 0 10948-128-3 /Program Files/Windows Resource Kits/Tools/tcmon.exe 30152 ..c. r/rr-xr-xr-x 0 0 10949-128-3 /Program Files/Windows Resource Kits/Tools/wins.dll 4608 ..c. r/rr-xr-xr-x 0 0 10950-128-3 /Program Files/Windows Resource Kits/Tools/permcopy.exe 39936 ..c. r/rr-xr-xr-x 0 0 10951-128-3 /Program Files/Windows Resource Kits/Tools/srvinfo.exe 14336 ..c. r/rr-xr-xr-x 0 0 10952-128-3 /Program Files/Windows Resource Kits/Tools/getcm.exe 2719 ..c. r/rr-xr-xr-x 0 0 10953-128-3 /Program Files/Windows Resource Kits/Tools/getcm.txt 8704 ..c. r/rr-xr-xr-x 0 0 10954-128-3 /Program Files/Windows Resource Kits/Tools/instcm.exe 1023 ..c. r/rr-xr-xr-x 0 0 10955-128-3 /Program Files/Windows Resource Kits/Tools/instcm.txt 20992 ..c. r/rr-xr-xr-x 0 0 10956-128-3 /Program Files/Windows Resource Kits/Tools/rqs.exe 8192 ..c. r/rr-xr-xr-x 0 0 10957-128-3 /Program Files/Windows Resource Kits/Tools/rqc.exe 6144 ..c. r/rr-xr-xr-x 0 0 10958-128-3 /Program Files/Windows Resource Kits/Tools/rqsmsg.dll 34585 ..c. r/rr-xr-xr-x 0 0 10959-128-4 /Program Files/Windows Resource Kits/Tools/winpolicies.chm 5657 ..c. r/rr-xr-xr-x 0 0 10960-128-3 /Program Files/Windows Resource Kits/Tools/frsflags.vbs 29696 ..c. r/rr-xr-xr-x 0 0 10961-128-3 /Program Files/Windows Resource Kits/Tools/rpings.exe 40448 ..c. r/rr-xr-xr-x 0 0 10962-128-3 /Program Files/Windows Resource Kits/Tools/rpingc.exe 15872 ..c. r/rr-xr-xr-x 0 0 10963-128-3 /Program Files/Windows Resource Kits/Tools/showacls.exe 46592 ..c. r/rr-xr-xr-x 0 0 10964-128-3 /Program Files/Windows Resource Kits/Tools/rpccfg.exe 40960 ..c. r/rr-xr-xr-x 0 0 10965-128-3 /Program Files/Windows Resource Kits/Tools/qtcp.exe 81408 ..c. r/rr-xr-xr-x 0 0 10966-128-4 /Program Files/Windows Resource Kits/Tools/rassrvmon.exe 27699 ..c. r/rr-xr-xr-x 0 0 10967-128-3 /Program Files/Windows Resource Kits/Tools/wlbs_hb.dll 16896 ..c. r/rr-xr-xr-x 0 0 10968-128-3 /Program Files/Windows Resource Kits/Tools/diskuse.exe 31232 ..c. r/rr-xr-xr-x 0 0 10969-128-3 /Program Files/Windows Resource Kits/Tools/mqcast.exe 25236 ..c. r/rr-xr-xr-x 0 0 1097-128-3 /WINDOWS/Help/notepad.chm 34816 ..c. r/rr-xr-xr-x 0 0 10970-128-3 /Program Files/Windows Resource Kits/Tools/mqcatch.exe 41984 ..c. r/rr-xr-xr-x 0 0 10971-128-3 /Program Files/Windows Resource Kits/Tools/mqcast.doc 200192 ..c. r/rr-xr-xr-x 0 0 10972-128-3 /Program Files/Windows Resource Kits/Tools/diskraid.exe 9728 ..c. r/rr-xr-xr-x 0 0 10973-128-3 /Program Files/Windows Resource Kits/Tools/empty.exe 5632 ..c. r/rr-xr-xr-x 0 0 10974-128-3 /Program Files/Windows Resource Kits/Tools/ifmember.exe 104960 ..c. r/rr-xr-xr-x 0 0 10975-128-3 /Program Files/Windows Resource Kits/Tools/kernrate.exe 12800 ..c. r/rr-xr-xr-x 0 0 10976-128-3 /Program Files/Windows Resource Kits/Tools/winexit.scr 31744 ..c. r/rr-xr-xr-x 0 0 10977-128-3 /Program Files/Windows Resource Kits/Tools/regview.exe 18944 ..c. r/rr-xr-xr-x 0 0 10978-128-3 /Program Files/Windows Resource Kits/Tools/vrfydsk.exe 98304 ..c. r/rr-xr-xr-x 0 0 10979-128-4 /Program Files/Windows Resource Kits/Tools/uddiconfig.exe 12521 ..c. r/rr-xr-xr-x 0 0 1098-128-3 /WINDOWS/Help/notepad.hlp 356352 ..c. r/rr-xr-xr-x 0 0 10980-128-4 /Program Files/Windows Resource Kits/Tools/uddicatschemeeditor.exe 23552 ..c. r/rr-xr-xr-x 0 0 10981-128-3 /Program Files/Windows Resource Kits/Tools/tsctst.exe 89088 ..c. r/rr-xr-xr-x 0 0 10982-128-4 /Program Files/Windows Resource Kits/Tools/ssdformat.exe 144 .ac. d/dr-xr-xr-x 0 0 10983-144-1 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation 16896 ..c. r/rr-xr-xr-x 0 0 10984-128-3 /Program Files/Windows Resource Kits/Tools/splinfo.exe 40960 ..c. r/rr-xr-xr-x 0 0 10985-128-4 /Program Files/Windows Resource Kits/Tools/setprinter.exe 168851 ..c. r/rr-xr-xr-x 0 0 10986-128-3 /Program Files/Windows Resource Kits/Tools/srvmgr.hlp 33280 ..c. r/rr-xr-xr-x 0 0 10987-128-3 /Program Files/Windows Resource Kits/Tools/rpcping.exe 147456 ..c. r/rr-xr-xr-x 0 0 10988-128-3 /Program Files/Windows Resource Kits/Tools/sonar.exe 1191 ..c. r/rr-xr-xr-x 0 0 10989-128-4 /Program Files/Windows Resource Kits/Tools/traffic control monitor.lnk 1227075 ..c. r/rr-xr-xr-x 0 0 1099-128-3 /WINDOWS/Help/ntart.chm 14848 ..c. r/rr-xr-xr-x 0 0 10990-128-4 /Program Files/Windows Resource Kits/Tools/winhttpcertcfg.exe 25088 ..c. r/rr-xr-xr-x 0 0 10991-128-4 /Program Files/Windows Resource Kits/Tools/winhttptracecfg.exe 97280 ..c. r/rr-xr-xr-x 0 0 10992-128-3 /Program Files/Windows Resource Kits/Tools/prnadmin.dll 573440 ..c. r/rr-xr-xr-x 0 0 10994-128-4 /Program Files/Windows Resource Kits/Tools/uddidataexport.exe 16384 ..c. r/rr-xr-xr-x 0 0 10995-128-3 /Program Files/Windows Resource Kits/Tools/iniman.exe 58368 ..c. r/rr-xr-xr-x 0 0 10996-128-3 /Program Files/Windows Resource Kits/Tools/volrest.exe 7680 ..c. r/rr-xr-xr-x 0 0 10997-128-3 /Program Files/Windows Resource Kits/Tools/volperf.dll 37376 ..c. r/rr-xr-xr-x 0 0 10998-128-3 /Program Files/Windows Resource Kits/Tools/volperf.exe 20992 ..c. r/rr-xr-xr-x 0 0 10999-128-3 /Program Files/Windows Resource Kits/Tools/nlsinfo.exe 144 .a.. d/dr-xr-xr-x 0 0 110-144-1 /WINDOWS/Provisioning 58276 ..c. r/rr-xr-xr-x 0 0 1100-128-3 /WINDOWS/Help/ntbackup.hlp 52224 ..c. r/rr-xr-xr-x 0 0 11000-128-4 /Program Files/Windows Resource Kits/Tools/lockoutstatus.exe 39424 ..c. r/rr-xr-xr-x 0 0 11001-128-3 /Program Files/Windows Resource Kits/Tools/acctinfo.dll 95744 ..c. r/rr-xr-xr-x 0 0 11002-128-3 /Program Files/Windows Resource Kits/Tools/admx.msi 28672 ..c. r/rr-xr-xr-x 0 0 11003-128-3 /Program Files/Windows Resource Kits/Tools/chknic.exe 93696 ..c. r/rr-xr-xr-x 0 0 11004-128-3 /Program Files/Windows Resource Kits/Tools/cleanspl.exe 180736 ..c. r/rr-xr-xr-x 0 0 11005-128-3 /Program Files/Windows Resource Kits/Tools/gpotool.exe 30981 ..c. r/rr-xr-xr-x 0 0 11006-128-3 /Program Files/Windows Resource Kits/Tools/winexit.hlp 39936 ..c. r/rr-xr-xr-x 0 0 11007-128-3 /Program Files/Windows Resource Kits/Tools/compress.exe 19456 ..c. r/rr-xr-xr-x 0 0 11008-128-4 /Program Files/Windows Resource Kits/Tools/clusfileport.dll 1112 ..c. r/rr-xr-xr-x 0 0 11009-128-4 /Program Files/Windows Resource Kits/Tools/clusfileport.inf 75796 ..c. r/rr-xr-xr-x 0 0 1101-128-3 /WINDOWS/Help/ntbackup.chm 89088 ..c. r/rr-xr-xr-x 0 0 11010-128-4 /Program Files/Windows Resource Kits/Tools/printdriverinfo.exe 27648 ..c. r/rr-xr-xr-x 0 0 11011-128-3 /Program Files/Windows Resource Kits/Tools/instexnt.exe 2560 ..c. r/rr-xr-xr-x 0 0 11012-128-3 /Program Files/Windows Resource Kits/Tools/servmess.dll 32256 ..c. r/rr-xr-xr-x 0 0 11013-128-3 /Program Files/Windows Resource Kits/Tools/instsrv.exe 16597 ..c. r/rr-xr-xr-x 0 0 11014-128-3 /Program Files/Windows Resource Kits/Tools/clean.vbs 79837 ..c. r/rr-xr-xr-x 0 0 11015-128-3 /Program Files/Windows Resource Kits/Tools/clone.vbs 6968 ..c. r/rr-xr-xr-x 0 0 11016-128-3 /Program Files/Windows Resource Kits/Tools/conall.vbs 6580 ..c. r/rr-xr-xr-x 0 0 11017-128-3 /Program Files/Windows Resource Kits/Tools/defprn.vbs 44544 ..c. r/rr-xr-xr-x 0 0 11018-128-3 /Program Files/Windows Resource Kits/Tools/dnsdiag.exe 16827 ..c. r/rr-xr-xr-x 0 0 11019-128-3 /Program Files/Windows Resource Kits/Tools/drvmgr.vbs 781911 ..c. r/rr-xr-xr-x 0 0 1102-128-3 /WINDOWS/Help/ntcmds.chm 15117 ..c. r/rr-xr-xr-x 0 0 11020-128-3 /Program Files/Windows Resource Kits/Tools/forms.vbs 9563 ..c. r/rr-xr-xr-x 0 0 11021-128-3 /Program Files/Windows Resource Kits/Tools/persist.vbs 14110 ..c. r/rr-xr-xr-x 0 0 11022-128-3 /Program Files/Windows Resource Kits/Tools/portconv.vbs 19475 ..c. r/rr-xr-xr-x 0 0 11023-128-3 /Program Files/Windows Resource Kits/Tools/portmgr.vbs 20269 ..c. r/rr-xr-xr-x 0 0 11024-128-3 /Program Files/Windows Resource Kits/Tools/prncfg.vbs 8576 ..c. r/rr-xr-xr-x 0 0 11025-128-3 /Program Files/Windows Resource Kits/Tools/prnctrl.vbs 13174 ..c. r/rr-xr-xr-x 0 0 11026-128-3 /Program Files/Windows Resource Kits/Tools/prndata.vbs 17915 ..c. r/rr-xr-xr-x 0 0 11027-128-3 /Program Files/Windows Resource Kits/Tools/prnmgr.vbs 458752 ..c. r/rr-xr-xr-x 0 0 11028-128-3 /Program Files/Windows Resource Kits/Tools/prnadmin.doc 13312 ..c. r/rr-xr-xr-x 0 0 11029-128-3 /Program Files/Windows Resource Kits/Tools/timeit.exe 1409024 ..c. r/rr-xr-xr-x 0 0 11030-128-3 /Program Files/Windows Resource Kits/Tools/msvbvm60.dll 28087 ..c. r/rr-xr-xr-x 0 0 11031-128-3 /Program Files/Windows Resource Kits/Tools/wlbs_rc.dll 56 .ac. d/dr-xr-xr-x 0 0 11032-144-5 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Email 3282 ..c. r/rr-xr-xr-x 0 0 11033-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Email/ShieldsUpMsg.htm 496 .ac. d/dr-xr-xr-x 0 0 11034-144-1 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Common 5403 ..c. r/rr-xr-xr-x 0 0 11035-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Common/ConnIssue.htm 5930 ..c. r/rr-xr-xr-x 0 0 11036-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Common/rcmoreinfo.htm 16167 ..c. r/rr-xr-xr-x 0 0 11037-128-3 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/rcstatus.htm 8096 ..c. r/rr-xr-xr-x 0 0 11038-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Email/rcscreen7.htm 30915 ..c. r/rr-xr-xr-x 0 0 11039-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Email/rcscreen6.htm 3425 ..c. r/rr-xr-xr-x 0 0 11040-128-4 /WINDOWS/pchealth/helpctr/Vendors/CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Email/escalationhelp.htm 1598 ..c. r/rr-xr-xr-x 0 0 11041-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002ca.query 609584 ..c. r/rr-xr-xr-x 0 0 11042-128-3 /Program Files/Windows Resource Kits/Tools/comctl32.ocx 1237777 ..c. r/rr-xr-xr-x 0 0 11043-128-3 /WINDOWS/Help/rktools.chm 752 ..c. r/rr-xr-xr-x 0 0 11044-128-3 /WINDOWS/Help/rktools.xml 32326 ..c. r/rr-xr-xr-x 0 0 11045-128-3 /Program Files/Windows Resource Kits/Tools/tcmon.inf 83968 ..c. r/rr-xr-xr-x 0 0 11046-128-3 /Program Files/Windows Resource Kits/Tools/tccom.exe 2974155 ..c. r/rr-xr-xr-x 0 0 11047-128-3 /WINDOWS/pchealth/helpctr/Indices/merged.hhk 82 ..c. r/rr-xr-xr-x 0 0 11048-128-1 /Program Files/Windows Resource Kits/Tools/tcmon.bat 13328 ..c. r/rr-xr-xr-x 0 0 11049-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_2.hhk 304128 ..c. r/rr-xr-xr-x 0 0 11050-128-4 /Program Files/Windows Resource Kits/Tools/tsscalling.exe 5120 ..c. r/rr-xr-xr-x 0 0 11051-128-3 /Program Files/Windows Resource Kits/Tools/srvcheck.exe 22528 ..c. r/rr-xr-xr-x 0 0 11052-128-3 /Program Files/Windows Resource Kits/Tools/hlscan.exe 29184 ..c. r/rr-xr-xr-x 0 0 11053-128-4 /Program Files/Windows Resource Kits/Tools/custreasonedit.exe 179200 ..c. r/rr-xr-xr-x 0 0 11054-128-3 /Program Files/Windows Resource Kits/Tools/srvmgr.exe 304128 ..c. r/rr-xr-xr-x 0 0 11055-128-3 /Program Files/Windows Resource Kits/Tools/usrmgr.exe 35328 ..c. r/rr-xr-xr-x 0 0 11056-128-3 /Program Files/Windows Resource Kits/Tools/intfiltr.exe 330 ..c. r/rr-xr-xr-x 0 0 11057-128-1 /Program Files/Windows Resource Kits/Tools/intfiltr.reg 5632 ..c. r/rr-xr-xr-x 0 0 11058-128-3 /Program Files/Windows Resource Kits/Tools/intfiltr.sys 68608 ..c. r/rr-xr-xr-x 0 0 11059-128-4 /Program Files/Windows Resource Kits/Tools/memtriage.exe 290816 ..c. r/rr-xr-xr-x 0 0 11060-128-3 /Program Files/Windows Resource Kits/Tools/msdis130.dll 487424 ..c. r/rr-xr-xr-x 0 0 11061-128-3 /Program Files/Windows Resource Kits/Tools/msvcp70.dll 344064 ..c. r/rr-xr-xr-x 0 0 11062-128-3 /Program Files/Windows Resource Kits/Tools/msvcr70.dll 1627 ..c. r/rr-xr-xr-x 0 0 11063-128-4 /Program Files/Windows Resource Kits/Tools/memtriage.ini 102912 ..c. r/rr-xr-xr-x 0 0 11064-128-4 /Program Files/Windows Resource Kits/Tools/winpolicies.exe 53930 ..c. r/rr-xr-xr-x 0 0 11065-128-3 /Program Files/Windows Resource Kits/Tools/readme.htm 44544 ..c. r/rr-xr-xr-x 0 0 11066-128-4 /Program Files/Windows Resource Kits/Tools/reportgen.exe 177 ..c. r/rr-xr-xr-x 0 0 11067-128-1 /Program Files/Windows Resource Kits/Tools/uddicatschemeeditor.exe.config 177 ..c. r/rr-xr-xr-x 0 0 11068-128-1 /Program Files/Windows Resource Kits/Tools/uddiconfig.exe.config 177 ..c. r/rr-xr-xr-x 0 0 11069-128-1 /Program Files/Windows Resource Kits/Tools/uddidataexport.exe.config 181739 ..c. r/rr-xr-xr-x 0 0 11070-128-3 /Program Files/Windows Resource Kits/Tools/usrmgr.hlp 27064 ..c. r/rr-xr-xr-x 0 0 11071-128-4 /Program Files/Windows Resource Kits/Tools/sss_1.1.xsl 48 .ac. d/dr-xr-xr-x 0 0 11072-144-6 /Documents and Settings/All Users/Start Menu/Programs/Windows Resource Kit Tools 747 ..c. r/rr-xr-xr-x 0 0 11073-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools/Windows Resource Kit Tools Read Me.lnk 755 ..c. r/rr-xr-xr-x 0 0 11074-128-4 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools/Windows Resource Kit Tools Help.lnk 555 ..c. r/rr-xr-xr-x 0 0 11075-128-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools/Command Shell.lnk 249856 ..c. r/rr-xr-xr-x 0 0 11076-128-3 /WINDOWS/Installer/445c3.msi 16703 ..c. r/rr-xr-xr-x 0 0 11077-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_3.hhk 51061 ..c. r/rr-xr-xr-x 0 0 11078-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_9.hhk 209095 ..c. r/rr-xr-xr-x 0 0 11079-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_8.hhk 102895 ..c. r/rr-xr-xr-x 0 0 11080-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_7.hhk 20016 ..c. r/rr-xr-xr-x 0 0 11081-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_5.hhk 15646 ..c. r/rr-xr-xr-x 0 0 11082-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_6.hhk 35565 ..c. r/rr-xr-xr-x 0 0 11083-128-3 /WINDOWS/pchealth/helpctr/Indices/scoped_4.hhk 291 ..c. r/rr-xr-xr-x 0 0 11084-128-1 /WINDOWS/pchealth/helpctr/Indices/scoped_10.hhk 4 ..c. r/rr-xr-xr-x 0 0 11085-128-1 /WINDOWS/pchealth/helpctr/PackageStore/CRC_Disk 998 ..c. r/rr-xr-xr-x 0 0 11086-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002cb.query 254 ..c. r/rr-xr-xr-x 0 0 11087-128-1 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002cc.query 3514 ..c. r/rr-xr-xr-x 0 0 11088-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002ce.query 3514 ..c. r/rr-xr-xr-x 0 0 11089-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002cf.query 2317 ..c. r/rr-xr-xr-x 0 0 1109-128-3 /WINDOWS/inf/ntgrip.inf 214 ..c. r/rr-xr-xr-x 0 0 11090-128-1 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d0.query 3322 ..c. r/rr-xr-xr-x 0 0 11091-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d2.query 3322 ..c. r/rr-xr-xr-x 0 0 11092-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d3.query 202 ..c. r/rr-xr-xr-x 0 0 11093-128-1 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d4.query 2410 ..c. r/rr-xr-xr-x 0 0 11094-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d6.query 2410 ..c. r/rr-xr-xr-x 0 0 11095-128-4 /WINDOWS/pchealth/helpctr/OfflineCache/Professional_32#0409/000002d7.query 3476 ..c. r/rr-xr-xr-x 0 0 11096-128-4 /WINDOWS/pchealth/helpctr/PackageStore/SkuStore.bin 320 .ac. d/dr-xr-xr-x 0 0 111-144-5 /WINDOWS/Provisioning/Schemas 20427 ..c. r/rr-xr-xr-x 0 0 1110-128-3 /WINDOWS/Help/nthelp.chm 600484 ..c. r/rr-xr-xr-x 0 0 11126-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_274.xml 157092 ..c. r/rr-xr-xr-x 0 0 11127-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_276.xml 87390 ..c. r/rr-xr-xr-x 0 0 11128-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_278.xml 316 ..c. r/rr-xr-xr-x 0 0 11129-128-1 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_280.xml 44442 ..c. r/rr-xr-xr-x 0 0 11130-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_282.xml 10374 ..c. r/rr-xr-xr-x 0 0 11131-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_284.xml 1896 ..c. r/rr-xr-xr-x 0 0 11138-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_266.xml 18844 ..c. r/rr-xr-xr-x 0 0 11140-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_270.xml 9486 ..c. r/rr-xr-xr-x 0 0 11141-128-4 /WINDOWS/pchealth/helpctr/DataColl/history_db.xml 2054 ..c. r/rr-xr-xr-x 0 0 11145-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_272.xml 152 .ac. d/dr-xr-xr-x 0 0 11146-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Startup 56 .ac. d/dr-xr-xr-x 0 0 11150-144-6 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Windows Resource Kit Tools 48 .ac. d/dr-xr-xr-x 0 0 11157-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/4 656 .ac. d/dr-xr-xr-x 0 0 11158-144-1 /Documents and Settings/malware/Local Settings/Temp/smtmp/2 6032 ..c. r/rr-xr-xr-x 0 0 11167-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/86da2433b2d7e89bb87cbdcc717e6542abb5c1a5[1].jpg 544 .ac. d/dr-xr-xr-x 0 0 11169-144-1 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair 827 ..c. r/rr-xr-xr-x 0 0 11170-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Windows XP Repair.lnk 899 ..c. r/rr-xr-xr-x 0 0 11171-128-4 /Documents and Settings/malware/Start Menu/Programs/Windows XP Repair/Uninstall Windows XP Repair.lnk 815 ..c. r/rr-xr-xr-x 0 0 11172-128-4 /Documents and Settings/malware/Desktop/Windows XP Repair.lnk 2325 ..c. r/rr-xr-xr-x 0 0 11175-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[2].js 2036 ..c. r/rr-xr-xr-x 0 0 11176-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_27.xml 5424 ..c. r/rr-xr-xr-x 0 0 11177-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_37.xml 2036 ..c. r/rr-xr-xr-x 0 0 11178-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_57.xml 32768 ..c. r/rr-xr-xr-x 0 0 11180-128-3 /Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/index.dat 30061 ..c. r/rr-xr-xr-x 0 0 11189-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/PID_1666481_K2335_NAS_OM_728x90[1].jpg 306870 ..c. r/rr-xr-xr-x 0 0 1119-128-3 /WINDOWS/Help/ntshared.chm 95 ..c. r/rr-xr-xr-x 0 0 11190-128-1 /Documents and Settings/malware/Cookies/malware@crux.mevio[1].txt 18839 ..c. r/rr-xr-xr-x 0 0 11191-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/channels[1].css 665 ..c. r/rr-xr-xr-x 0 0 11192-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/client_restserver[1].htm 157999 ..c. r/rr-xr-xr-x 0 0 11194-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/index[2].js 1604 ..c. r/rr-xr-xr-x 0 0 11195-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/ie6-fixes[2].css 26185 ..c. r/rr-xr-xr-x 0 0 11196-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/index[1].css 27240 ..c. r/rr-xr-xr-x 0 0 11197-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ga[2].js 2132 ..c. r/rr-xr-xr-x 0 0 11198-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/small-icons[1].png 33316 ..c. r/rr-xr-xr-x 0 0 11199-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/shows[2].css 48 .a.. d/dr-xr-xr-x 0 0 112-144-1 /WINDOWS/system32/1025 12760 ..c. r/rr-xr-xr-x 0 0 1120-128-3 /WINDOWS/Help/ntshrui.hlp 98741 ..c. r/rr-xr-xr-x 0 0 11200-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showPage[2].js 999 ..c. r/rr-xr-xr-x 0 0 11202-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/box-shadows[1].png 2680 ..c. r/rr-xr-xr-x 0 0 11203-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/box-heading[1].png 11097 ..c. r/rr-xr-xr-x 0 0 11204-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/logo-and-footer[1].jpg 3108 ..c. r/rr-xr-xr-x 0 0 11205-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/18465[1].jpg 610 ..c. r/rr-xr-xr-x 0 0 11206-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/now-playing-bg[1].jpg 58767 ..c. r/rr-xr-xr-x 0 0 11207-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/PromoRollV4[1].jpg 14531 ..c. r/rr-xr-xr-x 0 0 11208-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1173f0fb86d4e0fa2148c92cb6c7898b68e2f916[1].jpg 13932 ..c. r/rr-xr-xr-x 0 0 11209-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/c5fe9f22653f73f12988a9604d85a763cfa6eef3[1].jpg 6370 ..c. r/rr-xr-xr-x 0 0 11210-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/665e57985dc43681a574bfcaee3a040978cd2d70[1].jpg 6794 ..c. r/rr-xr-xr-x 0 0 11211-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/508349bb8d62027f2ec24c38724f2a1d940e3ac7[1].jpg 7751 ..c. r/rr-xr-xr-x 0 0 11212-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/9eb89aef14a82357f61e8401668b2852b67e396c[1].jpg 7359 ..c. r/rr-xr-xr-x 0 0 11213-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/0d255467a252a80c4e44f87bf228b2b2cad29ad9[1].jpg 2903 ..c. r/rr-xr-xr-x 0 0 11214-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/2510[1].jpg 6019 ..c. r/rr-xr-xr-x 0 0 11215-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/eba76b89c2f2775d6f84bc382cb194af7e4e8fbc[1].jpg 6229 ..c. r/rr-xr-xr-x 0 0 11216-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/b6b07589d76c009b1371fbf5d33c8bca2ff4b0dd[1].jpg 7338 ..c. r/rr-xr-xr-x 0 0 11217-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/b394b4b644845918dfc3e6ea48d027c5553da117[1].jpg 7633 ..c. r/rr-xr-xr-x 0 0 11218-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/28e5489a6f7966d376209edd2e82a806c2abede1[1].jpg 5851 ..c. r/rr-xr-xr-x 0 0 11219-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/abe506872146a572ec53fc224421b675ec50c012[1].jpg 1222 ..c. r/rr-xr-xr-x 0 0 11220-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/default[1].jpg 5130 ..c. r/rr-xr-xr-x 0 0 11221-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/showicons[1].png 3017 ..c. r/rr-xr-xr-x 0 0 11222-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/4724[1].jpg 3426 ..c. r/rr-xr-xr-x 0 0 11223-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/218903[1].jpg 2705 ..c. r/rr-xr-xr-x 0 0 11224-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/42861[1].jpg 2856 ..c. r/rr-xr-xr-x 0 0 11225-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5028[1].jpg 2901 ..c. r/rr-xr-xr-x 0 0 11226-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/4197dfa1f28d2d77f56f6f8e1eb334e36a0bd5a6[1].jpg 3471 ..c. r/rr-xr-xr-x 0 0 11227-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/12129[1].jpg 2793 ..c. r/rr-xr-xr-x 0 0 11228-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/4176[1].jpg 1042 ..c. r/rr-xr-xr-x 0 0 11229-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Latest_Reviews[1].png 2900 ..c. r/rr-xr-xr-x 0 0 11230-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/147123[1].jpg 96 ..c. r/rr-xr-xr-x 0 0 11231-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/s[1].png 4461 ..c. r/rr-xr-xr-x 0 0 11232-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5883593413_6d272d0b28_s[1].jpg 22492 ..c. r/rr-xr-xr-x 0 0 11233-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/5887355857_5541eb46b6_m[1].jpg 2301 ..c. r/rr-xr-xr-x 0 0 11234-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/9433[1].jpg 4084 ..c. r/rr-xr-xr-x 0 0 11235-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5884517406_700a6f2e88_s[1].jpg 19084 ..c. r/rr-xr-xr-x 0 0 11236-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5887923130_547f50e74f_s[1].jpg 3598 ..c. r/rr-xr-xr-x 0 0 11237-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/34526[1].jpg 1592 ..c. r/rr-xr-xr-x 0 0 11238-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_268.xml 2036 ..c. r/rr-xr-xr-x 0 0 11239-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_87.xml 2036 ..c. r/rr-xr-xr-x 0 0 11240-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_117.xml 2737 ..c. r/rr-xr-xr-x 0 0 11241-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/343[1].jpg 5397 ..c. r/rr-xr-xr-x 0 0 11242-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/5841633479_acf151e7f0_s[1].jpg 3637 ..c. r/rr-xr-xr-x 0 0 11243-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/277295[1].jpg 1704 ..c. r/rr-xr-xr-x 0 0 11244-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Buy_Now[1].gif 2931 ..c. r/rr-xr-xr-x 0 0 11245-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/2372[1].jpg 3384 ..c. r/rr-xr-xr-x 0 0 11246-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/94614[1].jpg 646 ..c. r/rr-xr-xr-x 0 0 11247-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Offers[1].png 9295 ..c. r/rr-xr-xr-x 0 0 11248-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/3831[1].png 20753 ..c. r/rr-xr-xr-x 0 0 11249-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/Eastbay[1].png 35062 ..c. r/rr-xr-xr-x 0 0 1125-128-3 /WINDOWS/Help/nwdoc.chm 4138 ..c. r/rr-xr-xr-x 0 0 11250-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/gamesweaseltv[1].jpg 7165 ..c. r/rr-xr-xr-x 0 0 11251-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/Zazzle[1].png 17704 ..c. r/rr-xr-xr-x 0 0 11252-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/29096[1].jpg 3447 ..c. r/rr-xr-xr-x 0 0 11253-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/beacon[2].js 18385 ..c. r/rr-xr-xr-x 0 0 11254-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Footlocker[1].png 7011 ..c. r/rr-xr-xr-x 0 0 11255-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hotoff-us-e[1].jpg 1477 ..c. r/rr-xr-xr-x 0 0 11256-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/News[1].png 794 ..c. r/rr-xr-xr-x 0 0 11257-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/joinNow25high[1].gif 20356 ..c. r/rr-xr-xr-x 0 0 11258-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_player[2].js 669 ..c. r/rr-xr-xr-x 0 0 11259-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/About[1].png 16718 ..c. r/rr-xr-xr-x 0 0 1126-128-3 /WINDOWS/Help/nwdoc.hlp 3493 ..c. r/rr-xr-xr-x 0 0 11260-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_comments[2].js 2928 ..c. r/rr-xr-xr-x 0 0 11261-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/rss[1].png 2303 ..c. r/rr-xr-xr-x 0 0 11262-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Facebook[1].png 1906 ..c. r/rr-xr-xr-x 0 0 11263-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/Twitter[1].png 2677 ..c. r/rr-xr-xr-x 0 0 11264-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/YouTube[1].png 2588 ..c. r/rr-xr-xr-x 0 0 11265-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/3277[1].jpg 70578 ..c. r/rr-xr-xr-x 0 0 11266-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Matt_Cuttle[1].png 4195 ..c. r/rr-xr-xr-x 0 0 11267-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/iTunes[1].png 78342 ..c. r/rr-xr-xr-x 0 0 11268-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tpl_htdocs[1].js 65677 ..c. r/rr-xr-xr-x 0 0 11269-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tpl_shows[2].js 20218 ..c. r/rr-xr-xr-x 0 0 11270-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_264.xml 2036 ..c. r/rr-xr-xr-x 0 0 11271-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_147.xml 950 ..c. r/rr-xr-xr-x 0 0 11272-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dropdown-arrows[2].png 18453 ..c. r/rr-xr-xr-x 0 0 11273-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/en_US[1] 337 ..c. r/rr-xr-xr-x 0 0 11274-128-1 /Documents and Settings/malware/Cookies/malware@gamesweaseltv.mevio[1].txt 295610 ..c. r/rr-xr-xr-x 0 0 11275-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/MevioBPFX[1].swf 7424 ..c. r/rr-xr-xr-x 0 0 11277-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5ab27290d55e31c8cdf1ccd41a1df4466760db63[1].jpg 14288 ..c. r/rr-xr-xr-x 0 0 11278-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/connect-css[1].css 3681 ..c. r/rr-xr-xr-x 0 0 11279-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/player-icons[2].png 12416 ..c. r/rr-xr-xr-x 0 0 1128-128-3 /WINDOWS/system32/drivers/nwlnkflt.sys 1207 ..c. r/rr-xr-xr-x 0 0 11280-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/login_status[1].htm 169 ..c. r/rr-xr-xr-x 0 0 11282-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/test[1].swf 10803 ..c. r/rr-xr-xr-x 0 0 11283-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/47ac163b368a40b309220a8ae16626c1874f24e6[1].jpg 591 ..c. r/rr-xr-xr-x 0 0 11284-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/xd_receiver[1].htm 307 ..c. r/rr-xr-xr-x 0 0 11285-128-1 /Documents and Settings/malware/Cookies/malware@www.mevio[1].txt 3386 ..c. r/rr-xr-xr-x 0 0 11286-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/XdCommReceiver[2].js 4575 ..c. r/rr-xr-xr-x 0 0 11287-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[1].js 136 ..c. r/rr-xr-xr-x 0 0 11288-128-1 /Documents and Settings/malware/Cookies/malware@r1-ads.ace.advertising[1].txt 92 ..c. r/rr-xr-xr-x 0 0 11289-128-1 /Documents and Settings/malware/Cookies/malware@quantserve[1].txt 32512 ..c. r/rr-xr-xr-x 0 0 1129-128-3 /WINDOWS/system32/drivers/nwlnkfwd.sys 43 ..c. r/rr-xr-xr-x 0 0 11290-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/gmatcher[1].gif 7811 ..c. r/rr-xr-xr-x 0 0 11292-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/890024[1].jpg 2234 ..c. r/rr-xr-xr-x 0 0 11293-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[2].js 2008 ..c. r/rr-xr-xr-x 0 0 11294-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[1].js 0 ..c. r/rr-xr-xr-x 0 0 11296-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAIFOHQD.ad 6621 ..c. r/rr-xr-xr-x 0 0 11297-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/emily[1].htm 6857 ..c. r/rr-xr-xr-x 0 0 11298-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/pixel[1].htm 48 .a.. d/dr-xr-xr-x 0 0 113-144-1 /WINDOWS/system32/1028 63232 ..c. r/rr-xr-xr-x 0 0 1130-128-3 /WINDOWS/system32/drivers/nwlnknb.sys 3652 ..c. r/rr-xr-xr-x 0 0 11301-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_262.xml 2036 ..c. r/rr-xr-xr-x 0 0 11302-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_177.xml 297 ..c. r/rr-xr-xr-x 0 0 11303-128-1 /Documents and Settings/malware/Cookies/malware@tap2-cdn.rubiconproject[1].txt 801 ..c. r/rr-xr-xr-x 0 0 11304-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/flashwrite_1_2[2].js 2205 ..c. r/rr-xr-xr-x 0 0 11306-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-15[1].js 2008 ..c. r/rr-xr-xr-x 0 0 11308-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[1].js 1391 ..c. r/rr-xr-xr-x 0 0 11309-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1@x96[1].htm 55936 ..c. r/rr-xr-xr-x 0 0 1131-128-3 /WINDOWS/system32/drivers/nwlnkspx.sys 12 ..c. r/rr-xr-xr-x 0 0 11310-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/getdata[1].xgi 18932 ..c. r/rr-xr-xr-x 0 0 11311-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/siteIDs[1].txt 1560 ..c. r/rr-xr-xr-x 0 0 11312-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/279738[1].jpg 1201 ..c. r/rr-xr-xr-x 0 0 11313-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/adopt[1].htm 2310 ..c. r/rr-xr-xr-x 0 0 11314-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-2[1].js 15168 ..c. r/rr-xr-xr-x 0 0 11315-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/aceUAC[1].js 7951 ..c. r/rr-xr-xr-x 0 0 11316-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[1].htm 684 ..c. r/rr-xr-xr-x 0 0 11317-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/imp[1] 83 ..c. r/rr-xr-xr-x 0 0 11318-128-1 /Documents and Settings/malware/Cookies/malware@yahoo[1].txt 39725 ..c. r/rr-xr-xr-x 0 0 11319-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CNTL11-578_Q2_DRAboutYou_FreeActivation_728x90[1].jpg 688 ..c. r/rr-xr-xr-x 0 0 11320-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[1] 6190 ..c. r/rr-xr-xr-x 0 0 11322-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/optn=64[2] 1060 ..c. r/rr-xr-xr-x 0 0 11323-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/fan[1].bid 607 ..c. r/rr-xr-xr-x 0 0 11325-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/dref=http%3A%2F%2Fgamesweasel[2].com%2F%3Futm_campaign%3D088aeb_572913_263890_113320_150752_23411%26utm_source%3D088aebc%26utm_medium%3D088aeb 8 ..c. r/rr-xr-xr-x 0 0 11326-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/adServerESI[1].aspx 3053 ..c. r/rr-xr-xr-x 0 0 11327-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/podmdm[1].jpg 1062 ..c. r/rr-xr-xr-x 0 0 11328-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1898557958@Top1[1] 687 ..c. r/rr-xr-xr-x 0 0 11329-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1240890821@Top1[1] 26845 ..c. r/rr-xr-xr-x 0 0 1133-128-3 /WINDOWS/Help/objsel.hlp 687 ..c. r/rr-xr-xr-x 0 0 11330-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1879480817@Top1[1] 688 ..c. r/rr-xr-xr-x 0 0 11331-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[3] 50176 ..c. r/rr-xr-xr-x 0 0 11332-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_260.xml 2036 ..c. r/rr-xr-xr-x 0 0 11333-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_207.xml 1201 ..c. r/rr-xr-xr-x 0 0 11334-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[3].htm 383 ..c. r/rr-xr-xr-x 0 0 11335-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/popup[1].js 2030 ..c. r/rr-xr-xr-x 0 0 11336-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dk[1].js 430 ..c. r/rr-xr-xr-x 0 0 11337-128-1 /Documents and Settings/malware/Cookies/malware@serving-sys[1].txt 26741 ..c. r/rr-xr-xr-x 0 0 11338-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/262fa4472ddaa4727cbc48ac93bd48d4800bf0ed[1].jpg 12576 ..c. r/rr-xr-xr-x 0 0 11339-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/tags[2].js 16119 ..c. r/rr-xr-xr-x 0 0 1134-128-3 /WINDOWS/Help/odbcinst.chm 594 ..c. r/rr-xr-xr-x 0 0 11341-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dref=http%3A%2F%2Fnearlythenew[2].com%2F%3Futm_campaign%3D2a316b_572913_264123_113320_150752_23411%26utm_source%3D2a316b%26utm_medium%3D2a316b 60 ..c. r/rr-xr-xr-x 0 0 11342-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/displayAd[2].js 2197 ..c. r/rr-xr-xr-x 0 0 11343-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[2].js 2322 ..c. r/rr-xr-xr-x 0 0 11344-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26318-2[1].js 1332 ..c. r/rr-xr-xr-x 0 0 11345-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CAO3Q5OT.ad 10772 ..c. r/rr-xr-xr-x 0 0 11346-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/bcf8b2846ded8223ba1a5e2b0b3867956aa61201[1].jpg 2132 ..c. r/rr-xr-xr-x 0 0 11347-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/actionBar[1].png 435 ..c. r/rr-xr-xr-x 0 0 11348-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/play-trans[1].png 23216 ..c. r/rr-xr-xr-x 0 0 11349-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/default[2].jpg 34381 ..c. r/rr-xr-xr-x 0 0 1135-128-3 /WINDOWS/Help/odbcjet.chm 1378 ..c. r/rr-xr-xr-x 0 0 11350-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/frm[1].htm 762 ..c. r/rr-xr-xr-x 0 0 11351-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/na[1].htm 2952 ..c. r/rr-xr-xr-x 0 0 11352-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CASPE981.htm 45 ..c. r/rr-xr-xr-x 0 0 11353-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/rd[1] 271 ..c. r/rr-xr-xr-x 0 0 11354-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/g[1].js 12575 ..c. r/rr-xr-xr-x 0 0 11355-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tags[2].js 2572 ..c. r/rr-xr-xr-x 0 0 11356-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAFJPXKE.htm 214 ..c. r/rr-xr-xr-x 0 0 11357-128-1 /Documents and Settings/malware/Cookies/malware@cgi-bin[2].txt 2681 ..c. r/rr-xr-xr-x 0 0 11358-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/authorsrevealed[1].jpg 32284 ..c. r/rr-xr-xr-x 0 0 11359-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/118ed178-986a-4c57-9d20-0870639fdad0[1].jpg 28305 ..c. r/rr-xr-xr-x 0 0 1136-128-3 /WINDOWS/Help/oe_msgr.chm 24385 ..c. r/rr-xr-xr-x 0 0 11360-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/StdBanner[2].js 688 ..c. r/rr-xr-xr-x 0 0 11361-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[5] 43 ..c. r/rr-xr-xr-x 0 0 11362-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAS5SJW3.gif 1492 ..c. r/rr-xr-xr-x 0 0 11363-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_258.xml 2036 ..c. r/rr-xr-xr-x 0 0 11364-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_237.xml 7905 ..c. r/rr-xr-xr-x 0 0 11365-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tracking_only[2].js 43 ..c. r/rr-xr-xr-x 0 0 11366-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/a[1].gif 43 ..c. r/rr-xr-xr-x 0 0 11367-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/i[1].gif 519 ..c. r/rr-xr-xr-x 0 0 11368-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/11217442856@x90[1].htm 138 ..c. r/rr-xr-xr-x 0 0 11369-128-1 /Documents and Settings/malware/Cookies/malware@netseer[1].txt 2421 ..c. r/rr-xr-xr-x 0 0 11370-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/1730591662@x23[1].htm 1423 ..c. r/rr-xr-xr-x 0 0 11371-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/1@x71[1].htm 144 ..c. r/rr-xr-xr-x 0 0 11372-128-1 /Documents and Settings/malware/Cookies/malware@nexac[2].txt 666 ..c. r/rr-xr-xr-x 0 0 11373-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/@x94[1].htm 77 ..c. r/rr-xr-xr-x 0 0 11374-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/2011Generic@Bottom3[1].htm 122 ..c. r/rr-xr-xr-x 0 0 11375-128-1 /Documents and Settings/malware/Cookies/malware@addthis[1].txt 67 ..c. r/rr-xr-xr-x 0 0 11376-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/usync[1].png 177 ..c. r/rr-xr-xr-x 0 0 11378-128-1 /Documents and Settings/malware/Cookies/malware@contextweb[2].txt 12452 ..c. r/rr-xr-xr-x 0 0 11379-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/bedf96242983dac037168b9a38c6c2710ff91108[1].jpg 1964 ..c. r/rr-xr-xr-x 0 0 11380-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/atc[1].jpg 4578 ..c. r/rr-xr-xr-x 0 0 11381-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/lifespring[1].jpg 11533 ..c. r/rr-xr-xr-x 0 0 11382-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/8ef336c6e2b72b5c3a6bf5fc573ca5f798cb4e98[1].jpg 4649 ..c. r/rr-xr-xr-x 0 0 11383-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/380686a9e245b6c9588ee47a4374fa8c6aeaf28d[1].jpg 7834 ..c. r/rr-xr-xr-x 0 0 11384-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_channels[2].js 40014 ..c. r/rr-xr-xr-x 0 0 11385-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/a4b6dbea7c7d1ad5affc22280b968759abac5fe8[1].png 43391 ..c. r/rr-xr-xr-x 0 0 11386-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/57617b115751f9587dfd6e7c97e652757d9a158f[1].png 1117 ..c. r/rr-xr-xr-x 0 0 11387-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/login_status[1].htm 1039 ..c. r/rr-xr-xr-x 0 0 11388-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/success-checkmark[1].png 1023 ..c. r/rr-xr-xr-x 0 0 11389-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ctrl-vert-scroll[1].png 1954 ..c. r/rr-xr-xr-x 0 0 11391-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/directory[2].css 3274 ..c. r/rr-xr-xr-x 0 0 11392-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mostpeoplearedjs[1].jpg 2234 ..c. r/rr-xr-xr-x 0 0 11393-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26317-2[1].js 2030 ..c. r/rr-xr-xr-x 0 0 11395-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/dk[1].js 1062 ..c. r/rr-xr-xr-x 0 0 11396-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1522405056@Top1[1] 38604 ..c. r/rr-xr-xr-x 0 0 11397-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/785e48fd-311d-4f0e-be8f-e511ecfdeeb9[1].jpg 684 ..c. r/rr-xr-xr-x 0 0 11398-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[1] 688 ..c. r/rr-xr-xr-x 0 0 11399-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/imp[1] 48 .a.. d/dr-xr-xr-x 0 0 114-144-1 /WINDOWS/system32/1031 26177 ..c. r/rr-xr-xr-x 0 0 1140-128-3 /WINDOWS/Help/offlinefolders.chm 115 ..c. r/rr-xr-xr-x 0 0 11400-128-1 /Documents and Settings/malware/Cookies/malware@demr.opt.fimserve[1].txt 18453 ..c. r/rr-xr-xr-x 0 0 11401-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/connect[2].php 4348 ..c. r/rr-xr-xr-x 0 0 11402-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/fp[1].js 97 ..c. r/rr-xr-xr-x 0 0 11403-128-1 /Documents and Settings/malware/Cookies/malware@bidsystem[2].txt 24385 ..c. r/rr-xr-xr-x 0 0 11404-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/StdBanner[2].js 2914 ..c. r/rr-xr-xr-x 0 0 11405-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/script201[2].js 0 ..c. r/rr-xr-xr-x 0 0 11406-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CAA2739W.jpg 91 ..c. r/rr-xr-xr-x 0 0 11407-128-1 /Documents and Settings/malware/Cookies/malware@search.chillcow[1].txt 9432 ..c. r/rr-xr-xr-x 0 0 11408-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/nearlythenews.mevio[1].htm 18913 ..c. r/rr-xr-xr-x 0 0 11409-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/default[1].jpg 3616 ..c. r/rr-xr-xr-x 0 0 11410-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/scrapcast[1].jpg 99 ..c. r/rr-xr-xr-x 0 0 11412-128-1 /Documents and Settings/malware/Cookies/malware@64.188.52[1].txt 338 ..c. r/rr-xr-xr-x 0 0 11413-128-1 /Documents and Settings/malware/Cookies/malware@nearlythenews.mevio[1].txt 688 ..c. r/rr-xr-xr-x 0 0 11414-128-4 /Documents and Settings/malware/Cookies/malware@insightexpressai[2].txt 5809 ..c. r/rr-xr-xr-x 0 0 11415-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/b0942feb76caea4b6a8c2ffc50ab58f850ca2752[1].jpg 5938 ..c. r/rr-xr-xr-x 0 0 11416-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/7fa9503afac135886b3d295e77e3f699db2f088f[1].jpg 5844 ..c. r/rr-xr-xr-x 0 0 11417-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/8d367ca2c0dcb81af9870cc8e0bf2c0b56939bb5[1].jpg 5896 ..c. r/rr-xr-xr-x 0 0 11418-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/b76f4ae429bac02e5b95d4afd5dc2c1c5847b385[1].jpg 5119 ..c. r/rr-xr-xr-x 0 0 11419-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/4644591fb077b95a495d2a1e2dbf4da947677a5e[1].jpg 5175 ..c. r/rr-xr-xr-x 0 0 11420-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/08e4f12711259da87a650a1d16e6c2292ca0d974[1].jpg 5409 ..c. r/rr-xr-xr-x 0 0 11421-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/9c4d6af299cc5b76bc81135f01e5eeb8ce626fe4[1].jpg 5748 ..c. r/rr-xr-xr-x 0 0 11422-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ad3a99d40cfdbfe6e897921568dd671a78a625dd[1].jpg 3416 ..c. r/rr-xr-xr-x 0 0 11423-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/156954[1].gif 2229 ..c. r/rr-xr-xr-x 0 0 11424-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5521[1].jpg 2441 ..c. r/rr-xr-xr-x 0 0 11425-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/2661[1].jpg 5500 ..c. r/rr-xr-xr-x 0 0 11426-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3184c21120c91ede3333550f5d45b4c65cfb834b[1].jpg 5766 ..c. r/rr-xr-xr-x 0 0 11427-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/fe428692e79c6adf1b2850d38470a7c7dc8616a3[1].jpg 2833 ..c. r/rr-xr-xr-x 0 0 11428-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/1667[1].jpg 2973 ..c. r/rr-xr-xr-x 0 0 11429-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/3860[1].jpg 2472 ..c. r/rr-xr-xr-x 0 0 11430-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5842[1].jpg 2887 ..c. r/rr-xr-xr-x 0 0 11431-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/261456[1].jpg 7467 ..c. r/rr-xr-xr-x 0 0 11432-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5205[1].png 3482 ..c. r/rr-xr-xr-x 0 0 11433-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1781[1].jpg 3539 ..c. r/rr-xr-xr-x 0 0 11434-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/35930[1].jpg 2754 ..c. r/rr-xr-xr-x 0 0 11435-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/29096[1].jpg 2513 ..c. r/rr-xr-xr-x 0 0 11436-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7620[1].jpg 2589 ..c. r/rr-xr-xr-x 0 0 11437-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/16566[1].jpg 4140 ..c. r/rr-xr-xr-x 0 0 11438-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7601[1].jpg 2537 ..c. r/rr-xr-xr-x 0 0 11439-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/4091[1].jpg 2234 ..c. r/rr-xr-xr-x 0 0 11440-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[3].js 17283 ..c. r/rr-xr-xr-x 0 0 11441-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/280455[1].jpg 1595 ..c. r/rr-xr-xr-x 0 0 11442-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/masterinthemix[1].jpg 4106 ..c. r/rr-xr-xr-x 0 0 11443-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/nearlythenews[1].jpg 49 ..c. r/rr-xr-xr-x 0 0 11445-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/tap[2].gif 3181 ..c. r/rr-xr-xr-x 0 0 11446-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mtest[1].htm 3067866 ..c. r/rr-xr-xr-x 0 0 11447-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/swflash[1].cab 688 ..c. r/rr-xr-xr-x 0 0 11448-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[2] 180 ..c. r/rr-xr-xr-x 0 0 11449-128-1 /Documents and Settings/malware/Cookies/malware@atdmt[2].txt 591 ..c. r/rr-xr-xr-x 0 0 11450-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/xd_receiver[2].htm 2008 ..c. r/rr-xr-xr-x 0 0 11451-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26271-15[1].js 38282 ..c. r/rr-xr-xr-x 0 0 11455-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7872446c436b344f51675141422f2b71[1] 2008 ..c. r/rr-xr-xr-x 0 0 11456-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[1].js 2034 ..c. r/rr-xr-xr-x 0 0 11459-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[2].js 10 ..c. r/rr-xr-xr-x 0 0 11461-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/adServerESI[1].aspx 4324 ..c. r/rr-xr-xr-x 0 0 11467-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/staticradioshow[1].jpg 28344 ..c. r/rr-xr-xr-x 0 0 1148-128-3 /WINDOWS/Help/omc.chm 684 ..c. r/rr-xr-xr-x 0 0 11484-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[3] 40075 ..c. r/rr-xr-xr-x 0 0 1149-128-3 /WINDOWS/Media/onestop.mid 42980 ..c. r/rr-xr-xr-x 0 0 11496-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_256.xml 2036 ..c. r/rr-xr-xr-x 0 0 11497-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_267.xml 3684 ..c. r/rr-xr-xr-x 0 0 11498-128-4 /WINDOWS/pchealth/helpctr/DataColl/CollectedData_277.xml 2748 ..c. r/rr-xr-xr-x 0 0 11499-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/centurymediapodcast[1].jpg 152 .a.. d/dr-xr-xr-x 0 0 115-144-1 /WINDOWS/system32/1033 7316 ..c. r/rr-xr-xr-x 0 0 1150-128-3 /WINDOWS/inf/optional.inf 2793 ..c. r/rr-xr-xr-x 0 0 11500-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/aceUACping[1].htm 594 ..c. r/rr-xr-xr-x 0 0 11501-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/dref=http%3A%2F%2Fnearlythenew[1].com%2F%3Futm_campaign%3D2a316b_572913_264123_113320_150752_23411%26utm_source%3D2a316b%26utm_medium%3D2a316b 109 ..c. r/rr-xr-xr-x 0 0 11502-128-1 /Documents and Settings/malware/Cookies/malware@tag.admeld[1].txt 96 ..c. r/rr-xr-xr-x 0 0 11503-128-1 /Documents and Settings/malware/Cookies/malware@yieldmanager[1].txt 2234 ..c. r/rr-xr-xr-x 0 0 11504-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26270-2[4].js 166 ..c. r/rr-xr-xr-x 0 0 11505-128-1 /Documents and Settings/malware/Cookies/malware@realmedia[1].txt 688 ..c. r/rr-xr-xr-x 0 0 11506-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/imp[2] 4090 ..c. r/rr-xr-xr-x 0 0 11508-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/dearprudence[1].jpg 38282 ..c. r/rr-xr-xr-x 0 0 11509-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7872446c436b344f51675141422f2b71[3] 766 ..c. r/rr-xr-xr-x 0 0 1151-128-3 /WINDOWS/system32/icsxml/osinfo.xml 11280 ..c. r/rr-xr-xr-x 0 0 11510-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/MoreMore_Game_728x90_BW[1].jpg 2034 ..c. r/rr-xr-xr-x 0 0 11511-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[1].js 0 ..c. r/rr-xr-xr-x 0 0 11512-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CA9UNXPU.jpg 346 ..c. r/rr-xr-xr-x 0 0 11513-128-1 /Documents and Settings/malware/Cookies/malware@meviomusicvideos.mevio[1].txt 2034 ..c. r/rr-xr-xr-x 0 0 11514-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26270-2[1].js 2197 ..c. r/rr-xr-xr-x 0 0 11515-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[3].js 2197 ..c. r/rr-xr-xr-x 0 0 11516-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-2[1].js 90 ..c. r/rr-xr-xr-x 0 0 11517-128-1 /Documents and Settings/malware/Cookies/malware@simpli[1].txt 2034 ..c. r/rr-xr-xr-x 0 0 11519-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26270-2[1].js 19605 ..c. r/rr-xr-xr-x 0 0 1152-128-3 /WINDOWS/Help/osk.chm 6962 ..c. r/rr-xr-xr-x 0 0 11520-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/optn=64[2] 2951 ..c. r/rr-xr-xr-x 0 0 11521-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAGLQNGB.htm 2778 ..c. r/rr-xr-xr-x 0 0 11522-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/compcon[1].jpg 39662 ..c. r/rr-xr-xr-x 0 0 11523-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/acc3c2fa-4748-40de-b9ea-57356529ba23[1].jpg 2197 ..c. r/rr-xr-xr-x 0 0 11526-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[4].js 87 ..c. r/rr-xr-xr-x 0 0 11527-128-1 /Documents and Settings/malware/Cookies/malware@b3.mookie1[2].txt 23346 ..c. r/rr-xr-xr-x 0 0 11528-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/1061_728x90_Promo_FreePhone_Smartphone_Static[1].jpg 6666 ..c. r/rr-xr-xr-x 0 0 11529-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/optn=64[3] 12387 ..c. r/rr-xr-xr-x 0 0 1153-128-3 /WINDOWS/Help/osk.hlp 1016 ..c. r/rr-xr-xr-x 0 0 11530-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[4].htm 2914 ..c. r/rr-xr-xr-x 0 0 11531-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/script152[2].js 1020 ..c. r/rr-xr-xr-x 0 0 11532-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/adopt[2].htm 2958 ..c. r/rr-xr-xr-x 0 0 11533-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CACRDZIA.htm 0 ..c. r/rr-xr-xr-x 0 0 11534-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAB99BDB.jpg 0 ..c. r/rr-xr-xr-x 0 0 11535-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CA69WXAV.jpg 24385 ..c. r/rr-xr-xr-x 0 0 11536-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/StdBanner[3].js 2914 ..c. r/rr-xr-xr-x 0 0 11537-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/script201[2].js 38232 ..c. r/rr-xr-xr-x 0 0 11538-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/e9d2c6f5-3580-49dd-bdc0-2e403a7d2856[1].jpg 14809 ..c. r/rr-xr-xr-x 0 0 1154-128-3 /WINDOWS/inf/ovcam.inf 39607 ..c. r/rr-xr-xr-x 0 0 11540-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/792ba3334fd24139982578813025e0a7[1].gif 8147 ..c. r/rr-xr-xr-x 0 0 11541-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/Hyatt_Leisure_National_728x90 Concept 1[1].gif 2515 ..c. r/rr-xr-xr-x 0 0 11542-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[2].js 803 ..c. r/rr-xr-xr-x 0 0 11543-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/CAQV4XUR 0 ..c. r/rr-xr-xr-x 0 0 11544-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA49WFL9.jpg 2034 ..c. r/rr-xr-xr-x 0 0 11546-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26270-2[3].js 10453 ..c. r/rr-xr-xr-x 0 0 11547-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/CA31HNIE 5627 ..c. r/rr-xr-xr-x 0 0 11548-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/view[1].htm 30302 ..c. r/rr-xr-xr-x 0 0 11549-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/300x250_062011_NATL_PROMO_INCREDIBLE2_v2[1].swf 1737 ..c. r/rr-xr-xr-x 0 0 1155-128-3 /WINDOWS/inf/ovcomp.inf 40021 ..c. r/rr-xr-xr-x 0 0 11550-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/script7[2].js 43 ..c. r/rr-xr-xr-x 0 0 11552-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/pixel!t=650![1].gif 3715 ..c. r/rr-xr-xr-x 0 0 11553-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/btpcast[1].jpg 6192 ..c. r/rr-xr-xr-x 0 0 11554-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAGBEHGB.0]&ip=c6b0e50a&jk= 6439 ..c. r/rr-xr-xr-x 0 0 11555-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/optn=64[2] 13332 ..c. r/rr-xr-xr-x 0 0 11556-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/telekidsforever[1].png 2258 ..c. r/rr-xr-xr-x 0 0 11557-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/artsidercast1[1].jpg 3375 ..c. r/rr-xr-xr-x 0 0 11558-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hotoffuk[1].png 239 ..c. r/rr-xr-xr-x 0 0 11559-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/bg-pager[1].png 5762 ..c. r/rr-xr-xr-x 0 0 1156-128-3 /WINDOWS/inf/ovsound.inf 4327 ..c. r/rr-xr-xr-x 0 0 11560-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/otrcomedypodshowcom[1].jpg 3164 ..c. r/rr-xr-xr-x 0 0 11561-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tpl_directory[1].js 261 ..c. r/rr-xr-xr-x 0 0 11562-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/action-img-map[1].png 9312 ..c. r/rr-xr-xr-x 0 0 11563-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/newbrew[1].png 2027 ..c. r/rr-xr-xr-x 0 0 11564-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/26317-15[1].js 3884 ..c. r/rr-xr-xr-x 0 0 11565-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/michebelzhollywood[1].jpg 3501 ..c. r/rr-xr-xr-x 0 0 11566-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/theradreport[1].png 2830 ..c. r/rr-xr-xr-x 0 0 11567-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/wwwscraptimeca[1].jpg 3002 ..c. r/rr-xr-xr-x 0 0 11568-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/hotoff[1].jpg 11719 ..c. r/rr-xr-xr-x 0 0 11569-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/tripdspodcast[1].png 20067 ..c. r/rr-xr-xr-x 0 0 1157-128-3 /WINDOWS/Help/packager.chm 3510 ..c. r/rr-xr-xr-x 0 0 11570-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/thesmellcast[1].jpg 4375 ..c. r/rr-xr-xr-x 0 0 11571-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/striptaculous1[1].jpg 4249 ..c. r/rr-xr-xr-x 0 0 11572-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/curtisandtarashow[1].jpg 10998 ..c. r/rr-xr-xr-x 0 0 11573-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/fb1df8b71f80b980a70d8f0f7b7e19a553978da8[1].jpg 1748 ..c. r/rr-xr-xr-x 0 0 11574-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/asSwfObj13[2].js 4822 ..c. r/rr-xr-xr-x 0 0 11575-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/mymhmaudio[1].png 3838 ..c. r/rr-xr-xr-x 0 0 11576-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/theultimate[1].jpg 4138 ..c. r/rr-xr-xr-x 0 0 11577-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/beatlesaramatv[1].jpg 2550 ..c. r/rr-xr-xr-x 0 0 11578-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/twotimesvideo[1].jpg 2199 ..c. r/rr-xr-xr-x 0 0 11579-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/26271-15[2].js 2409 ..c. r/rr-xr-xr-x 0 0 11580-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/coffeecoffeecoffee[1].jpg 1968 ..c. r/rr-xr-xr-x 0 0 11581-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/creativecastpodcast[1].png 3625 ..c. r/rr-xr-xr-x 0 0 11582-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/scottsigler[1].jpg 1993 ..c. r/rr-xr-xr-x 0 0 11583-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/riptheknobsoff[1].jpg 11713 ..c. r/rr-xr-xr-x 0 0 11584-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/themagicnewswire[1].png 34486 ..c. r/rr-xr-xr-x 0 0 11585-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/7CSG_JJF_IGO_20110315_fillForm_728x90[1].swf 3178 ..c. r/rr-xr-xr-x 0 0 11586-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/musicalworldpodshow[1].jpg 2034 ..c. r/rr-xr-xr-x 0 0 11587-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26317-2[1].js 4370 ..c. r/rr-xr-xr-x 0 0 11588-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/podcastpipocaenanquim[1].jpg 1940 ..c. r/rr-xr-xr-x 0 0 11589-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/thestevesanchezshowmeviocom[1].jpg 2658 ..c. r/rr-xr-xr-x 0 0 11590-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/ayultp[1].png 3089 ..c. r/rr-xr-xr-x 0 0 11591-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/erkfmmetalmonday[1].jpg 3030 ..c. r/rr-xr-xr-x 0 0 11592-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/nation[1].jpg 3714 ..c. r/rr-xr-xr-x 0 0 11593-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/themusicianscooler[1].jpg 3461 ..c. r/rr-xr-xr-x 0 0 11594-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/broadway[1].jpg 4000 ..c. r/rr-xr-xr-x 0 0 11595-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/themalthursdayshow[1].jpg 3063 ..c. r/rr-xr-xr-x 0 0 11596-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/forkthis[1].jpg 2596 ..c. r/rr-xr-xr-x 0 0 11597-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/gemmasplayhouse[1].jpg 6475 ..c. r/rr-xr-xr-x 0 0 11598-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/icmusic[1].png 8888 ..c. r/rr-xr-xr-x 0 0 11599-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/expertdrinking[1].png 48 .a.. d/dr-xr-xr-x 0 0 116-144-1 /WINDOWS/system32/1037 4607 ..c. r/rr-xr-xr-x 0 0 11600-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/tuishow[1].png 11756 ..c. r/rr-xr-xr-x 0 0 11602-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/5a458020a8c95e20363153d191a0748701307b5a[1].jpg 2322 ..c. r/rr-xr-xr-x 0 0 11603-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[5].js 2197 ..c. r/rr-xr-xr-x 0 0 11604-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26318-2[1].js 10750 ..c. r/rr-xr-xr-x 0 0 11605-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/38a4455f2ab8b48ae8b7989684b9fefbe86a74c4[1].jpg 479 ..c. r/rr-xr-xr-x 0 0 11606-128-1 /Documents and Settings/malware/Cookies/malware@opt.fimserve[2].txt 608 ..c. r/rr-xr-xr-x 0 0 11607-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/dref=http%3A%2F%2Fwww.mevio[1].com%2Fepisode%2F286404%2Flebron-james-talks-to-god-and-sarah 1621 ..c. r/rr-xr-xr-x 0 0 11608-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/dref=http%3A%2F%2Fwww.mevio[2].com%2Fdirectory%2F 137195 ..c. r/rr-xr-xr-x 0 0 11609-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/MEVIOmusic[1].jpg 11391 ..c. r/rr-xr-xr-x 0 0 11610-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/6e6a0112e4c93ee32e29655c48de42b3f0d7b310[1].jpg 591 ..c. r/rr-xr-xr-x 0 0 11611-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/xd_receiver[2].htm 2951 ..c. r/rr-xr-xr-x 0 0 11612-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CA2FG5QT.htm 680 ..c. r/rr-xr-xr-x 0 0 11613-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/imp[4] 49 ..c. r/rr-xr-xr-x 0 0 11614-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tap[1].gif 115 ..c. r/rr-xr-xr-x 0 0 11616-128-1 /Documents and Settings/malware/Cookies/malware@delb.opt.fimserve[2].txt 9948 ..c. r/rr-xr-xr-x 0 0 11619-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/avatar[1].png 8028 ..c. r/rr-xr-xr-x 0 0 11620-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/70c4ea8c569d118f0d0058b9beea05a469166b2a[1].jpg 3129 ..c. r/rr-xr-xr-x 0 0 11621-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-15[3].js 2197 ..c. r/rr-xr-xr-x 0 0 11622-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/26271-2[6].js 78 ..c. r/rr-xr-xr-x 0 0 11626-128-1 /Documents and Settings/malware/Cookies/malware@acuityplatform[1].txt 20351 ..c. r/rr-xr-xr-x 0 0 1163-128-3 /WINDOWS/inf/pcmcia.inf 35539 ..c. r/rr-xr-xr-x 0 0 11634-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/1[1].htm 72174 ..c. r/rr-xr-xr-x 0 0 11635-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/jquery.min[1].js 23392 ..c. r/rr-xr-xr-x 0 0 11636-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/layout[1].css 1728 ..c. r/rr-xr-xr-x 0 0 11637-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/jquery.bgiframe[1].js 10292 ..c. r/rr-xr-xr-x 0 0 11638-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/visacvv[1].gif 1924 ..c. r/rr-xr-xr-x 0 0 11639-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/wait[1].gif 22488 ..c. r/rr-xr-xr-x 0 0 11640-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/header[1].jpg 11596 ..c. r/rr-xr-xr-x 0 0 11641-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/bg[1].jpg 14697 ..c. r/rr-xr-xr-x 0 0 11642-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/titile_2[1].jpg 16905 ..c. r/rr-xr-xr-x 0 0 11643-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/titile_1[1].jpg 12002 ..c. r/rr-xr-xr-x 0 0 11644-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/lock[1].jpg 81 ..c. r/rr-xr-xr-x 0 0 11645-128-1 /Documents and Settings/malware/Cookies/malware@secure.paymentsadd[1].txt 0 ..c. r/rr-xr-xr-x 0 0 11646-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/hit[1].gif 3164 ..c. r/rr-xr-xr-x 0 0 11647-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/30days[1].jpg 12878 ..c. r/rr-xr-xr-x 0 0 11648-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/weaccept[1].jpg 20744 ..c. r/rr-xr-xr-x 0 0 11649-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/safe[1].jpg 3060 ..c. r/rr-xr-xr-x 0 0 11650-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/407[1].jpg 211318 ..c. r/rr-xr-xr-x 0 0 11651-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/XFBML[2] 2734 ..c. r/rr-xr-xr-x 0 0 11652-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/photo_default[1].jpg 8731 ..c. r/rr-xr-xr-x 0 0 11653-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/avatar[1].png 10893 ..c. r/rr-xr-xr-x 0 0 11654-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/ad51643e2a4d3bc8ed990def3267b92603dbd754[1].jpg 10036 ..c. r/rr-xr-xr-x 0 0 11655-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/9cc4923ca535dba1931fa11b1f6bd84dcc7e6dc9[1].jpg 5012 ..c. r/rr-xr-xr-x 0 0 11657-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/mevio-megahit[1].jpg 2720 ..c. r/rr-xr-xr-x 0 0 11658-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/21042[1].jpg 3284 ..c. r/rr-xr-xr-x 0 0 11659-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/183998[1].jpg 11896 ..c. r/rr-xr-xr-x 0 0 11660-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/avatar[1].png 10030 ..c. r/rr-xr-xr-x 0 0 11661-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/cec453d28b67092f80601ab4e425a38c43ef51b2[1].jpg 11857 ..c. r/rr-xr-xr-x 0 0 11662-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/5be046bbf1571cbc0992bf977c4aeb36fe0bbfe2[1].jpg 3723 ..c. r/rr-xr-xr-x 0 0 11663-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/6024[1].jpg 9401 ..c. r/rr-xr-xr-x 0 0 11664-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/576402c013369ada43b03805b1ee8f85efe6bab2[1].jpg 3697 ..c. r/rr-xr-xr-x 0 0 11665-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/274367[1].jpg 35293 ..c. r/rr-xr-xr-x 0 0 11666-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/a80ca036690e47436bec21d0d63ccfc3c17d4552[1].png 2364 ..c. r/rr-xr-xr-x 0 0 11667-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/646[1].jpg 2595 ..c. r/rr-xr-xr-x 0 0 11668-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/8683[1].jpg 7135 ..c. r/rr-xr-xr-x 0 0 11669-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/meviomusicvideos[1].png 21303 ..c. r/rr-xr-xr-x 0 0 11670-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/QJM5KT6J/169203[1].jpg 3170 ..c. r/rr-xr-xr-x 0 0 11671-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/cattitude[1].jpg 2278 ..c. r/rr-xr-xr-x 0 0 11672-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/fullerecords[1].jpg 1188 ..c. r/rr-xr-xr-x 0 0 11673-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/login_status[2].htm 423 ..c. r/rr-xr-xr-x 0 0 11677-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CAAV0DMX.ad 2199 ..c. r/rr-xr-xr-x 0 0 11680-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-15[3].js 2571 ..c. r/rr-xr-xr-x 0 0 11682-128-3 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/CASLYJYZ.htm 2322 ..c. r/rr-xr-xr-x 0 0 11683-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/26271-2[2].js 43 ..c. r/rr-xr-xr-x 0 0 11684-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/a[1].gif 43 ..c. r/rr-xr-xr-x 0 0 11685-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/i[1].gif 467 ..c. r/rr-xr-xr-x 0 0 11686-128-1 /Documents and Settings/malware/Cookies/malware@mookie1[2].txt 43 ..c. r/rr-xr-xr-x 0 0 11687-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CA7ULCDX.gif 520 ..c. r/rr-xr-xr-x 0 0 11688-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/11226746971@x90[1].htm 49 ..c. r/rr-xr-xr-x 0 0 11691-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/SLK18LSF/tap[2].gif 2421 ..c. r/rr-xr-xr-x 0 0 11693-128-4 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/11243369564@x23[1].htm 24385 ..c. r/rr-xr-xr-x 0 0 11695-128-5 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/UPQVMROL/StdBanner[3].js 0 ..c. r/rr-xr-xr-x 0 0 11696-128-1 /Documents and Settings/malware/Local Settings/Temporary Internet Files/Content.IE5/YZCXGNW1/CAQR0LMZ.jpg 48 .a.. d/dr-xr-xr-x 0 0 117-144-1 /WINDOWS/system32/1041 6131 ..c. r/rr-xr-xr-x 0 0 1175-128-3 /WINDOWS/inf/perm2.inf 4422 ..c. r/rr-xr-xr-x 0 0 1176-128-3 /WINDOWS/inf/perm3.inf 10836 ..c. r/rr-xr-xr-x 0 0 1177-128-3 /WINDOWS/inf/phdsext.inf 4152 ..c. r/rr-xr-xr-x 0 0 1178-128-3 /WINDOWS/inf/phil1vid.inf 8426 ..c. r/rr-xr-xr-x 0 0 1179-128-3 /WINDOWS/inf/phil2vid.inf 48 .a.. d/dr-xr-xr-x 0 0 118-144-1 /WINDOWS/system32/1042 11003 ..c. r/rr-xr-xr-x 0 0 1180-128-3 /WINDOWS/inf/phildec.inf 6903 ..c. r/rr-xr-xr-x 0 0 1181-128-3 /WINDOWS/inf/philtune.inf 17269 ..c. r/rr-xr-xr-x 0 0 1182-128-3 /WINDOWS/Help/phowto.chm 3551 ..c. r/rr-xr-xr-x 0 0 1184-128-3 /WINDOWS/inf/pinball.inf 11157 ..c. r/rr-xr-xr-x 0 0 1188-128-3 /WINDOWS/inf/pmxmcro.inf 2598 ..c. r/rr-xr-xr-x 0 0 1189-128-3 /WINDOWS/system32/icsxml/potscfg.xml 48 .a.. d/dr-xr-xr-x 0 0 119-144-1 /WINDOWS/system32/1054 14420 ..c. r/rr-xr-xr-x 0 0 1190-128-3 /WINDOWS/system32/icsxml/pppcfg.xml 19599 ..c. r/rr-xr-xr-x 0 0 1194-128-3 /WINDOWS/Help/printfnd.chm 18680 ..c. r/rr-xr-xr-x 0 0 1195-128-3 /WINDOWS/inf/printupg.inf 48 .a.. d/dr-xr-xr-x 0 0 120-144-1 /WINDOWS/system32/2052 695 ..c. r/rr-xr-xr-x 0 0 1203-128-1 /WINDOWS/Help/progman.cnt 25771 ..c. r/rr-xr-xr-x 0 0 1204-128-3 /WINDOWS/Help/progman.hlp 799 ..c. r/rr-xr-xr-x 0 0 1205-128-3 /WINDOWS/system32/drivers/etc/protocol 68786 ..c. r/rr-xr-xr-x 0 0 1206-128-3 /WINDOWS/inf/prtupg9x.inf 48 .a.. d/dr-xr-xr-x 0 0 121-144-1 /WINDOWS/system32/3076 3596 ..c. r/rr-xr-xr-x 0 0 1213-128-3 /WINDOWS/inf/ptpusb.inf 31641 ..c. r/rr-xr-xr-x 0 0 1215-128-3 /WINDOWS/Help/pwrmn.chm 44213 ..c. r/rr-xr-xr-x 0 0 1216-128-3 /WINDOWS/Help/pwrmn.hlp 12752 ..c. r/rr-xr-xr-x 0 0 1217-128-3 /WINDOWS/Help/qosconcepts.chm 19598 ..c. r/rr-xr-xr-x 0 0 1228-128-3 /WINDOWS/Help/ratings.chm 294 ..c. r/rr-xr-xr-x 0 0 1229-128-1 /WINDOWS/Help/ratings.cnt 27225 ..c. r/rr-xr-xr-x 0 0 1230-128-3 /WINDOWS/Help/ratings.hlp 34432 ..c. r/rr-xr-xr-x 0 0 1231-128-3 /WINDOWS/system32/drivers/rawwan.sys 22853 ..c. r/rr-xr-xr-x 0 0 1232-128-3 /WINDOWS/Help/reader.chm 11953 ..c. r/rr-xr-xr-x 0 0 1233-128-3 /WINDOWS/Help/reader.hlp 19107 ..c. r/rr-xr-xr-x 0 0 1235-128-3 /WINDOWS/Help/recycle.chm 12886 ..c. r/rr-xr-xr-x 0 0 1237-128-3 /WINDOWS/Help/regedit.hlp 46684 ..c. r/rr-xr-xr-x 0 0 1238-128-3 /WINDOWS/Help/regedit.chm 48 .a.. d/dr-xr-xr-x 0 0 124-144-1 /WINDOWS/system32/inetsrv 14077 ..c. r/rr-xr-xr-x 0 0 1244-128-3 /WINDOWS/Help/reskit.chm 10414 ..c. r/rr-xr-xr-x 0 0 1246-128-3 /WINDOWS/inf/ricoh.inf 12032 ..c. r/rr-xr-xr-x 0 0 1247-128-3 /WINDOWS/system32/drivers/rio8drv.sys 12032 ..c. r/rr-xr-xr-x 0 0 1248-128-3 /WINDOWS/system32/drivers/riodrv.sys 13243 ..c. r/rr-xr-xr-x 0 0 1249-128-3 /WINDOWS/Help/rktoolsold.chm 160 .a.. d/dr-xr-xr-x 0 0 125-144-1 /WINDOWS/mui 859 ..c. r/rr-xr-xr-x 0 0 1251-128-3 /WINDOWS/inf/rootau.inf 5888 ..c. r/rr-xr-xr-x 0 0 1252-128-3 /WINDOWS/system32/drivers/rootmdm.sys 690 ..c. r/rr-xr-xr-x 0 0 1253-128-1 /WINDOWS/security/templates/rootsec.inf 32167 ..c. r/rr-xr-xr-x 0 0 1258-128-3 /WINDOWS/Help/rrc.chm 35699 ..c. r/rr-xr-xr-x 0 0 1262-128-3 /WINDOWS/Help/rsm.hlp 56352 ..c. r/rr-xr-xr-x 0 0 1263-128-3 /WINDOWS/Help/rsmconcepts.chm 14678 ..c. r/rr-xr-xr-x 0 0 1264-128-3 /WINDOWS/Help/rsm.chm 13779 ..c. r/rr-xr-xr-x 0 0 1267-128-3 /WINDOWS/Help/rsopsnp.chm 12977 ..c. r/rr-xr-xr-x 0 0 1278-128-3 /WINDOWS/Help/safer.chm 36011 ..c. r/rr-xr-xr-x 0 0 1279-128-3 /WINDOWS/Help/saferconcepts.chm 175444 ..c. r/rr-xr-xr-x 0 0 1280-128-3 /WINDOWS/inf/sapi5.inf 10111 ..c. r/rr-xr-xr-x 0 0 1281-128-3 /WINDOWS/Help/sapicpl.hlp 1801 ..c. r/rr-xr-xr-x 0 0 1282-128-3 /WINDOWS/inf/sbp2.inf 17571 ..c. r/rr-xr-xr-x 0 0 1284-128-3 /WINDOWS/Help/sc.chm 13955 ..c. r/rr-xr-xr-x 0 0 1285-128-3 /WINDOWS/Help/scarddlg.hlp 27570 ..c. r/rr-xr-xr-x 0 0 1287-128-3 /WINDOWS/Help/sce.chm 87926 ..c. r/rr-xr-xr-x 0 0 1288-128-3 /WINDOWS/Help/sceconcepts.chm 56 .a.. d/dr-xr-xr-x 0 0 129-144-5 /WINDOWS/ime 27414 ..c. r/rr-xr-xr-x 0 0 1290-128-3 /WINDOWS/Help/scm.chm 48025 ..c. r/rr-xr-xr-x 0 0 1291-128-3 /WINDOWS/Help/scmconcepts.chm 22618 ..c. r/rr-xr-xr-x 0 0 1294-128-3 /WINDOWS/inf/scsidev.inf 24146 ..c. r/rr-xr-xr-x 0 0 1296-128-3 /WINDOWS/inf/sdwndr2k.inf 38163 ..c. r/rr-xr-xr-x 0 0 1297-128-3 /WINDOWS/Help/secauth.hlp 734 ..c. r/rr-xr-xr-x 0 0 1298-128-3 /WINDOWS/inf/secdrv.inf 13521 ..c. r/rr-xr-xr-x 0 0 1299-128-3 /WINDOWS/Help/secedit.chm 144 .ac. d/dr-xr-xr-x 0 0 130-144-1 /WINDOWS/ime/imejp 38094 ..c. r/rr-xr-xr-x 0 0 1300-128-3 /WINDOWS/Help/secsetconcepts.chm 26944 ..c. r/rr-xr-xr-x 0 0 1301-128-3 /WINDOWS/Help/secsettings.chm 7789 ..c. r/rr-xr-xr-x 0 0 1303-128-3 /WINDOWS/security/templates/securedc.inf 7713 ..c. r/rr-xr-xr-x 0 0 1304-128-3 /WINDOWS/security/templates/securews.inf 11941 ..c. r/rr-xr-xr-x 0 0 1305-128-3 /WINDOWS/Help/sendcmsg.hlp 81728 ..c. r/rr-xr-xr-x 0 0 1308-128-3 /WINDOWS/Fonts/seriff.fon 7116 ..c. r/rr-xr-xr-x 0 0 1309-128-3 /WINDOWS/system32/drivers/etc/services 360 .a.. d/dr-xr-xr-x 0 0 131-144-1 /WINDOWS/system32/IME 59167 ..c. r/rr-xr-xr-x 0 0 1313-128-3 /WINDOWS/system/setup.inf 15957 ..c. r/rr-xr-xr-x 0 0 1318-128-3 /WINDOWS/Help/sfmmgr.hlp 48 .ac. d/dr-xr-xr-x 0 0 132-144-1 /WINDOWS/system32/IME/PINTLGNT 21787 ..c. r/rr-xr-xr-x 0 0 1321-128-3 /WINDOWS/Help/shell.hlp 12249 ..c. r/rr-xr-xr-x 0 0 1322-128-3 /WINDOWS/Help/sigverif.hlp 18992 ..c. r/rr-xr-xr-x 0 0 1326-128-3 /WINDOWS/Help/smlogcfg.chm 14592 ..c. r/rr-xr-xr-x 0 0 1329-128-3 /WINDOWS/system32/drivers/smclib.sys 48 .ac. d/dr-xr-xr-x 0 0 133-144-1 /WINDOWS/system32/IME/CINTLGNT 42000 ..c. r/rr-xr-xr-x 0 0 1330-128-3 /WINDOWS/Help/snmpconcepts.chm 16043 ..c. r/rr-xr-xr-x 0 0 1331-128-3 /WINDOWS/Help/snmpsnap.hlp 1490 ..c. r/rr-xr-xr-x 0 0 1333-128-3 /WINDOWS/inf/sonypvu1.inf 34041 ..c. r/rr-xr-xr-x 0 0 1335-128-3 /WINDOWS/Help/soundrec.chm 20246 ..c. r/rr-xr-xr-x 0 0 1336-128-3 /WINDOWS/Help/soundrec.hlp 20163 ..c. r/rr-xr-xr-x 0 0 1337-128-3 /WINDOWS/Help/sounds.chm 42687 ..c. r/rr-xr-xr-x 0 0 1338-128-3 /WINDOWS/Help/speech.chm 11594 ..c. r/rr-xr-xr-x 0 0 1339-128-3 /WINDOWS/Help/spider.hlp 48 .ac. d/dr-xr-xr-x 0 0 134-144-1 /WINDOWS/system32/IME/TINTLGNT 12492 ..c. r/rr-xr-xr-x 0 0 1340-128-3 /WINDOWS/Help/splash.chm 5038 ..c. r/rr-xr-xr-x 0 0 1348-128-3 /WINDOWS/inf/sr.inf 144 .ac. d/dr-xr-xr-x 0 0 135-144-1 /WINDOWS/ime/CHTIME 1747 ..c. r/rr-xr-xr-x 0 0 1350-128-3 /WINDOWS/inf/srchasst.inf 5215 ..c. r/rr-xr-xr-x 0 0 1352-128-3 /WINDOWS/inf/srusbusd.inf 89856 ..c. r/rr-xr-xr-x 0 0 1353-128-3 /WINDOWS/Fonts/sseriff.fon 1192 ..c. r/rr-xr-xr-x 0 0 1354-128-3 /WINDOWS/Media/start.wav 5532 ..c. r/rr-xr-xr-x 0 0 1355-128-3 /WINDOWS/system/stdole.tlb 17418 ..c. r/rr-xr-xr-x 0 0 1356-128-3 /WINDOWS/inf/sti.inf 57234 ..c. r/rr-xr-xr-x 0 0 1357-128-3 /WINDOWS/inf/stillcam.inf 48 .ac. d/dr-xr-xr-x 0 0 136-144-1 /WINDOWS/ime/CHTIME/Applets 26241 ..c. r/rr-xr-xr-x 0 0 1361-128-3 /WINDOWS/Help/supp_ed.chm 14807 ..c. r/rr-xr-xr-x 0 0 1362-128-3 /WINDOWS/Help/suptools.chm 137 ..c. r/rr-xr-xr-x 0 0 1364-128-1 /WINDOWS/inf/svcpack.inf 221676 ..c. r/rr-xr-xr-x 0 0 1367-128-3 /WINDOWS/Fonts/sylfaen.ttf 33152 ..c. r/rr-xr-xr-x 0 0 1369-128-3 /WINDOWS/Help/sysprop.chm 48 .ac. d/dr-xr-xr-x 0 0 137-144-1 /WINDOWS/ime/imejp98 410 ..c. r/rr-xr-xr-x 0 0 1370-128-1 /WINDOWS/inf/syscomp.inf 44938 ..c. r/rr-xr-xr-x 0 0 1371-128-3 /WINDOWS/Help/sysdm.chm 75448 ..c. r/rr-xr-xr-x 0 0 1372-128-3 /WINDOWS/Help/sysdm.hlp 62118 ..c. r/rr-xr-xr-x 0 0 1376-128-3 /WINDOWS/Help/sysmon.hlp 17766 ..c. r/rr-xr-xr-x 0 0 1377-128-3 /WINDOWS/Help/sysmon.chm 48 .ac. d/dr-xr-xr-x 0 0 138-144-1 /WINDOWS/ime/imejp/applets 11603 ..c. r/rr-xr-xr-x 0 0 1380-128-3 /WINDOWS/Help/sysrestore.hlp 20688 ..c. r/rr-xr-xr-x 0 0 1384-128-3 /WINDOWS/Help/tapi.hlp 35334 ..c. r/rr-xr-xr-x 0 0 1385-128-3 /WINDOWS/Help/tapi.chm 34461 ..c. r/rr-xr-xr-x 0 0 1388-128-3 /WINDOWS/Help/taskbar.chm 248 .a.. d/dr-xr-xr-x 0 0 139-144-1 /WINDOWS/pchealth 33525 ..c. r/rr-xr-xr-x 0 0 1390-128-3 /WINDOWS/Help/taskmgr.chm 13228 ..c. r/rr-xr-xr-x 0 0 1391-128-3 /WINDOWS/Help/taskmgr.hlp 50586 ..c. r/rr-xr-xr-x 0 0 1393-128-3 /WINDOWS/Help/tcpip.chm 12693 ..c. r/rr-xr-xr-x 0 0 1394-128-3 /WINDOWS/Help/tcpmon.hlp 14698 ..c. r/rr-xr-xr-x 0 0 1397-128-3 /WINDOWS/Help/telnet.hlp 30107 ..c. r/rr-xr-xr-x 0 0 1398-128-3 /WINDOWS/Help/telnet.chm 56 .ac. d/dr-xr-xr-x 0 0 140-144-5 /WINDOWS/pchealth/helpctr 19459 ..c. r/rr-xr-xr-x 0 0 1401-128-3 /WINDOWS/Help/timesrv.chm 51712 ..c. r/rr-xr-xr-x 0 0 1404-128-3 /WINDOWS/system32/drivers/tosdvd.sys 22097 ..c. r/rr-xr-xr-x 0 0 1405-128-3 /WINDOWS/Media/town.mid 3864 ..c. r/rr-xr-xr-x 0 0 1409-128-3 /WINDOWS/inf/tsbvcap.inf 56 .ac. d/dr-xr-xr-x 0 0 141-144-5 /WINDOWS/pchealth/helpctr/binaries 21376 ..c. r/rr-xr-xr-x 0 0 1410-128-3 /WINDOWS/system32/drivers/tsbvcap.sys 14340 ..c. r/rr-xr-xr-x 0 0 1413-128-3 /WINDOWS/inf/tshoot.inf 48 .a.. d/dr-xr-xr-x 0 0 142-144-1 /WINDOWS/system32/3com_dmi 94336 ..c. r/rr-xr-xr-x 0 0 1421-128-3 /WINDOWS/inf/umax.inf 4432 ..c. r/rr-xr-xr-x 0 0 1422-128-3 /WINDOWS/inf/umaxpp.inf 1394 ..c. r/rr-xr-xr-x 0 0 1424-128-3 /WINDOWS/inf/unknown.inf 193 ..c. r/rr-xr-xr-x 0 0 1426-128-1 /WINDOWS/Help/update.cnt 20623 ..c. r/rr-xr-xr-x 0 0 1428-128-3 /WINDOWS/inf/usb.inf 1670 ..c. r/rr-xr-xr-x 0 0 1429-128-3 /WINDOWS/inf/usbprint.inf 360 .a.. d/dr-xr-xr-x 0 0 143-144-1 /WINDOWS/PeerNet 14578 ..c. r/rr-xr-xr-x 0 0 1430-128-3 /WINDOWS/inf/usbstor.inf 13051 ..c. r/rr-xr-xr-x 0 0 1432-128-3 /WINDOWS/Help/users.hlp 16660 ..c. r/rr-xr-xr-x 0 0 1434-128-3 /WINDOWS/Help/utilmgr.chm 12244 ..c. r/rr-xr-xr-x 0 0 1435-128-3 /WINDOWS/Help/utilmgr.hlp 58112 ..c. r/rr-xr-xr-x 0 0 1438-128-3 /WINDOWS/system32/drivers/vdmindvd.sys 14384 ..c. r/rr-xr-xr-x 0 0 1441-128-3 /WINDOWS/Help/verifier.hlp 5232 ..c. r/rr-xr-xr-x 0 0 1444-128-3 /WINDOWS/Fonts/vga850.fon 1302 ..c. r/rr-xr-xr-x 0 0 1445-128-3 /WINDOWS/inf/vgx.inf 1095 ..c. r/rr-xr-xr-x 0 0 1447-128-3 /WINDOWS/inf/volsnap.inf 1018 ..c. r/rr-xr-xr-x 0 0 1448-128-3 /WINDOWS/inf/volume.inf 152 .a.. d/dr-xr-xr-x 0 0 145-144-1 /WINDOWS/ehome 10895 ..c. r/rr-xr-xr-x 0 0 1455-128-3 /WINDOWS/inf/wab50.inf 3581 ..c. r/rr-xr-xr-x 0 0 1456-128-3 /WINDOWS/inf/wave.inf 56 .a.. d/dr-xr-xr-x 0 0 146-144-6 /WINDOWS/Network Diagnostic 216 .a.. d/dr-xr-xr-x 0 0 147-144-6 /WINDOWS/L2Schemas 2592 ..c. r/rr-xr-xr-x 0 0 1471-128-3 /WINDOWS/inf/wbemsnmp.inf 44441 ..c. r/rr-xr-xr-x 0 0 1472-128-3 /WINDOWS/Help/wbemtest.chm 11437 ..c. r/rr-xr-xr-x 0 0 1474-128-3 /WINDOWS/inf/wdma_avc.inf 16408 ..c. r/rr-xr-xr-x 0 0 1475-128-3 /WINDOWS/inf/wdma_azt.inf 22273 ..c. r/rr-xr-xr-x 0 0 1476-128-3 /WINDOWS/inf/wdma_csc.inf 25634 ..c. r/rr-xr-xr-x 0 0 1477-128-3 /WINDOWS/inf/wdma_csf.inf 40466 ..c. r/rr-xr-xr-x 0 0 1478-128-3 /WINDOWS/inf/wdma_ctl.inf 15975 ..c. r/rr-xr-xr-x 0 0 1479-128-3 /WINDOWS/inf/wdma_cwr.inf 496 .a.. d/dr-xr-xr-x 0 0 148-144-1 /WINDOWS/system32/mui/0401 76070 ..c. r/rr-xr-xr-x 0 0 1480-128-3 /WINDOWS/inf/wdma_es2.inf 121790 ..c. r/rr-xr-xr-x 0 0 1481-128-3 /WINDOWS/inf/wdma_es3.inf 25815 ..c. r/rr-xr-xr-x 0 0 1482-128-3 /WINDOWS/inf/wdma_ens.inf 27623 ..c. r/rr-xr-xr-x 0 0 1483-128-3 /WINDOWS/inf/wdma_ess.inf 30835 ..c. r/rr-xr-xr-x 0 0 1484-128-3 /WINDOWS/inf/wdma_m2e.inf 12389 ..c. r/rr-xr-xr-x 0 0 1485-128-3 /WINDOWS/inf/wdma_neo.inf 8296 ..c. r/rr-xr-xr-x 0 0 1486-128-3 /WINDOWS/inf/wdma_ne2.inf 14690 ..c. r/rr-xr-xr-x 0 0 1487-128-3 /WINDOWS/inf/wdma_rip.inf 23848 ..c. r/rr-xr-xr-x 0 0 1488-128-3 /WINDOWS/inf/wdma_sis.inf 57297 ..c. r/rr-xr-xr-x 0 0 1489-128-3 /WINDOWS/inf/wdma_usb.inf 496 .a.. d/dr-xr-xr-x 0 0 149-144-1 /WINDOWS/system32/mui/0404 19024 ..c. r/rr-xr-xr-x 0 0 1490-128-3 /WINDOWS/inf/wdma_ym2.inf 8467 ..c. r/rr-xr-xr-x 0 0 1491-128-3 /WINDOWS/inf/wdma_ymh.inf 23685 ..c. r/rr-xr-xr-x 0 0 1492-128-3 /WINDOWS/inf/wdmaudio.inf 7624 ..c. r/rr-xr-xr-x 0 0 1493-128-3 /WINDOWS/inf/wdmjoy.inf 496 .a.. d/dr-xr-xr-x 0 0 150-144-1 /WINDOWS/system32/mui/0405 21286 ..c. r/rr-xr-xr-x 0 0 1503-128-3 /WINDOWS/Help/win_dos.chm 64 ..c. r/rr-xr-xr-x 0 0 1504-128-1 /WINDOWS/Help/windows.cnt 300163 ..c. r/rr-xr-xr-x 0 0 1505-128-3 /WINDOWS/Help/windows.hlp 69 ..c. r/rr-xr-xr-x 0 0 1509-128-1 /WINDOWS/Help/winhlp32.cnt 496 .a.. d/dr-xr-xr-x 0 0 151-144-1 /WINDOWS/system32/mui/0406 21111 ..c. r/rr-xr-xr-x 0 0 1510-128-3 /WINDOWS/Help/winhlp32.hlp 56661 ..c. r/rr-xr-xr-x 0 0 1512-128-3 /WINDOWS/Help/wininstl.chm 48008 ..c. r/rr-xr-xr-x 0 0 1518-128-3 /WINDOWS/Help/wmic.chm 12305 ..c. r/rr-xr-xr-x 0 0 1519-128-3 /WINDOWS/Help/wmifltr.chm 496 .a.. d/dr-xr-xr-x 0 0 152-144-1 /WINDOWS/system32/mui/0407 25093 ..c. r/rr-xr-xr-x 0 0 1526-128-3 /WINDOWS/Help/wpa.chm 12032 ..c. r/rr-xr-xr-x 0 0 1527-128-3 /WINDOWS/system32/drivers/ws2ifsl.sys 25712 ..c. r/rr-xr-xr-x 0 0 1528-128-3 /WINDOWS/Help/wscript.chm 12377 ..c. r/rr-xr-xr-x 0 0 1529-128-3 /WINDOWS/Help/wscript.hlp 496 .a.. d/dr-xr-xr-x 0 0 153-144-1 /WINDOWS/system32/mui/0408 58126 ..c. r/rr-xr-xr-x 0 0 1530-128-3 /WINDOWS/Help/wsecedit.hlp 8277 ..c. r/rr-xr-xr-x 0 0 1531-128-3 /WINDOWS/inf/wsh.inf 13307 ..c. r/rr-xr-xr-x 0 0 1533-128-3 /WINDOWS/Help/wshconcepts.chm 18880 ..c. r/rr-xr-xr-x 0 0 1536-128-3 /WINDOWS/Fonts/wst_czec.fon 18880 ..c. r/rr-xr-xr-x 0 0 1537-128-3 /WINDOWS/Fonts/wst_engl.fon 18880 ..c. r/rr-xr-xr-x 0 0 1538-128-3 /WINDOWS/Fonts/wst_fren.fon 18880 ..c. r/rr-xr-xr-x 0 0 1539-128-3 /WINDOWS/Fonts/wst_germ.fon 496 .a.. d/dr-xr-xr-x 0 0 154-144-1 /WINDOWS/system32/mui/040b 18880 ..c. r/rr-xr-xr-x 0 0 1540-128-3 /WINDOWS/Fonts/wst_ital.fon 18880 ..c. r/rr-xr-xr-x 0 0 1541-128-3 /WINDOWS/Fonts/wst_span.fon 18880 ..c. r/rr-xr-xr-x 0 0 1542-128-3 /WINDOWS/Fonts/wst_swed.fon 8953 ..c. r/rr-xr-xr-x 0 0 1548-128-3 /WINDOWS/Help/signin.hlp 496 .a.. d/dr-xr-xr-x 0 0 155-144-1 /WINDOWS/system32/mui/040C 4224 ..c. r/rr-xr-xr-x 0 0 1552-128-3 /WINDOWS/system32/drivers/mnmdd.sys 17675 ..c. r/rr-xr-xr-x 0 0 1553-128-3 /WINDOWS/inf/3dfxvs2k.inf 2620 ..c. r/rr-xr-xr-x 0 0 1554-128-3 /WINDOWS/inf/adm_mult.inf 1641 ..c. r/rr-xr-xr-x 0 0 1555-128-3 /WINDOWS/inf/adm_port.inf 2698341 ..c. r/rr-xr-xr-x 0 0 1556-128-3 /WINDOWS/Help/article.chm 7450 ..c. r/rr-xr-xr-x 0 0 1557-128-3 /WINDOWS/inf/asynceqn.inf 25633 ..c. r/rr-xr-xr-x 0 0 1558-128-3 /WINDOWS/inf/atim128.inf 32342 ..c. r/rr-xr-xr-x 0 0 1559-128-3 /WINDOWS/inf/atimpab.inf 3046 ..c. r/rr-xr-xr-x 0 0 1560-128-3 /WINDOWS/inf/atirage3.inf 28113 ..c. r/rr-xr-xr-x 0 0 1561-128-3 /WINDOWS/inf/avmisdn.inf 3149 ..c. r/rr-xr-xr-x 0 0 1562-128-3 /WINDOWS/inf/banshee.inf 17080 ..c. r/rr-xr-xr-x 0 0 1564-128-3 /WINDOWS/Help/compfldr.chm 7159 ..c. r/rr-xr-xr-x 0 0 1566-128-3 /WINDOWS/inf/ctmaport.inf 21964 ..c. r/rr-xr-xr-x 0 0 1568-128-3 /WINDOWS/inf/divac.inf 22554 ..c. r/rr-xr-xr-x 0 0 1569-128-3 /WINDOWS/inf/divasrv.inf 3816 ..c. r/rr-xr-xr-x 0 0 1570-128-3 /WINDOWS/inf/dshowext.inf 3207 ..c. r/rr-xr-xr-x 0 0 1572-128-3 /WINDOWS/inf/eqnport.inf 3651 ..c. r/rr-xr-xr-x 0 0 1574-128-3 /WINDOWS/inf/fsvga.inf 12160 ..c. r/rr-xr-xr-x 0 0 1575-128-3 /WINDOWS/system32/drivers/fsvga.sys 313 ..c. r/rr-xr-xr-x 0 0 1576-128-1 /WINDOWS/inf/fsvgaadd.inf 314 ..c. r/rr-xr-xr-x 0 0 1577-128-1 /WINDOWS/inf/fsvgadel.inf 3874 ..c. r/rr-xr-xr-x 0 0 1578-128-3 /WINDOWS/inf/g200.inf 2773 ..c. r/rr-xr-xr-x 0 0 1579-128-3 /WINDOWS/inf/i740nt5.inf 4228 ..c. r/rr-xr-xr-x 0 0 1580-128-3 /WINDOWS/inf/irdaalif.inf 10619 ..c. r/rr-xr-xr-x 0 0 1581-128-3 /WINDOWS/inf/irtos4mo.inf 25938 ..c. r/rr-xr-xr-x 0 0 1583-128-3 /WINDOWS/inf/mdm3cpcm.inf 55764 ..c. r/rr-xr-xr-x 0 0 1584-128-3 /WINDOWS/inf/mdm3mini.inf 30934 ..c. r/rr-xr-xr-x 0 0 1585-128-3 /WINDOWS/inf/mdm656n5.inf 48170 ..c. r/rr-xr-xr-x 0 0 1586-128-3 /WINDOWS/inf/mdmbcmsm.inf 620730 ..c. r/rr-xr-xr-x 0 0 1587-128-3 /WINDOWS/inf/mdmcxsft.inf 19125 ..c. r/rr-xr-xr-x 0 0 1588-128-3 /WINDOWS/inf/mdmdigi.inf 43975 ..c. r/rr-xr-xr-x 0 0 1589-128-3 /WINDOWS/inf/mdmess.inf 48980 ..c. r/rr-xr-xr-x 0 0 1590-128-3 /WINDOWS/inf/mdmltleo.inf 49556 ..c. r/rr-xr-xr-x 0 0 1591-128-3 /WINDOWS/inf/mdmltsft.inf 29028 ..c. r/rr-xr-xr-x 0 0 1592-128-3 /WINDOWS/inf/mdmosice.inf 38179 ..c. r/rr-xr-xr-x 0 0 1593-128-3 /WINDOWS/inf/mdmpctel.inf 2020 ..c. r/rr-xr-xr-x 0 0 1594-128-3 /WINDOWS/inf/mdmrisa.inf 1544841 ..c. r/rr-xr-xr-x 0 0 1595-128-3 /WINDOWS/inf/mdmrpciw.inf 1802 ..c. r/rr-xr-xr-x 0 0 1596-128-3 /WINDOWS/inf/mdmsgsml.inf 13982 ..c. r/rr-xr-xr-x 0 0 1597-128-3 /WINDOWS/inf/mdmsgsmu.inf 48940 ..c. r/rr-xr-xr-x 0 0 1598-128-3 /WINDOWS/inf/mdmxircc.inf 46837 ..c. r/rr-xr-xr-x 0 0 1599-128-3 /WINDOWS/inf/mdmxirmp.inf 2224 ..c. r/rr-xr-xr-x 0 0 1600-128-3 /WINDOWS/inf/mfcem28.inf 2073 ..c. r/rr-xr-xr-x 0 0 1601-128-3 /WINDOWS/inf/mfcem33.inf 10508 ..c. r/rr-xr-xr-x 0 0 1602-128-3 /WINDOWS/inf/mfcem56.inf 3936 ..c. r/rr-xr-xr-x 0 0 1603-128-3 /WINDOWS/inf/mff56n5.inf 6433 ..c. r/rr-xr-xr-x 0 0 1604-128-3 /WINDOWS/inf/mfmhzn5.inf 4750 ..c. r/rr-xr-xr-x 0 0 1605-128-3 /WINDOWS/inf/mflm.inf 4753 ..c. r/rr-xr-xr-x 0 0 1606-128-3 /WINDOWS/inf/mflm56.inf 6337 ..c. r/rr-xr-xr-x 0 0 1607-128-3 /WINDOWS/inf/mfosi5.inf 3512 ..c. r/rr-xr-xr-x 0 0 1608-128-3 /WINDOWS/inf/mfx56nf.inf 3322 ..c. r/rr-xr-xr-x 0 0 1609-128-3 /WINDOWS/inf/mgau.inf 7611 ..c. r/rr-xr-xr-x 0 0 1613-128-3 /WINDOWS/inf/mpsstln.inf 173 ..c. r/rr-xr-xr-x 0 0 1614-128-1 /WINDOWS/Help/msnauth.cnt 10556 ..c. r/rr-xr-xr-x 0 0 1615-128-3 /WINDOWS/Help/msnauth.hlp 24853 ..c. r/rr-xr-xr-x 0 0 1621-128-3 /WINDOWS/inf/mwavmdm1.inf 5089 ..c. r/rr-xr-xr-x 0 0 1622-128-3 /WINDOWS/inf/mwmbatam.inf 8627 ..c. r/rr-xr-xr-x 0 0 1623-128-3 /WINDOWS/inf/mwremove.inf 56891 ..c. r/rr-xr-xr-x 0 0 1624-128-3 /WINDOWS/inf/mwtpdsp.inf 4664 ..c. r/rr-xr-xr-x 0 0 1625-128-3 /WINDOWS/inf/mxboard.inf 4222 ..c. r/rr-xr-xr-x 0 0 1626-128-3 /WINDOWS/inf/mxport.inf 11209 ..c. r/rr-xr-xr-x 0 0 1627-128-3 /WINDOWS/inf/neo20xx.inf 1616 ..c. r/rr-xr-xr-x 0 0 1628-128-3 /WINDOWS/inf/net10.inf 3200 ..c. r/rr-xr-xr-x 0 0 1629-128-3 /WINDOWS/inf/net3c556.inf 5798 ..c. r/rr-xr-xr-x 0 0 1630-128-3 /WINDOWS/inf/net3c589.inf 8967 ..c. r/rr-xr-xr-x 0 0 1631-128-3 /WINDOWS/inf/net3c985.inf 1739 ..c. r/rr-xr-xr-x 0 0 1632-128-3 /WINDOWS/inf/net3sr.inf 65589 ..c. r/rr-xr-xr-x 0 0 1633-128-3 /WINDOWS/inf/net557.inf 4082 ..c. r/rr-xr-xr-x 0 0 1634-128-3 /WINDOWS/inf/net559ib.inf 4929 ..c. r/rr-xr-xr-x 0 0 1635-128-3 /WINDOWS/inf/net575nt.inf 4370 ..c. r/rr-xr-xr-x 0 0 1636-128-3 /WINDOWS/inf/net656n5.inf 3302 ..c. r/rr-xr-xr-x 0 0 1637-128-3 /WINDOWS/inf/net656c5.inf 3606 ..c. r/rr-xr-xr-x 0 0 1638-128-3 /WINDOWS/inf/net713.inf 7315 ..c. r/rr-xr-xr-x 0 0 1639-128-3 /WINDOWS/inf/net83820.inf 18333 ..c. r/rr-xr-xr-x 0 0 1640-128-3 /WINDOWS/inf/net8511.inf 2519 ..c. r/rr-xr-xr-x 0 0 1641-128-3 /WINDOWS/inf/netali.inf 7020 ..c. r/rr-xr-xr-x 0 0 1642-128-3 /WINDOWS/inf/netan983.inf 5417 ..c. r/rr-xr-xr-x 0 0 1643-128-3 /WINDOWS/inf/netamd.inf 15158 ..c. r/rr-xr-xr-x 0 0 1644-128-3 /WINDOWS/inf/netamd2.inf 2129 ..c. r/rr-xr-xr-x 0 0 1645-128-3 /WINDOWS/inf/netambi.inf 4861 ..c. r/rr-xr-xr-x 0 0 1646-128-3 /WINDOWS/inf/netamdhl.inf 6215 ..c. r/rr-xr-xr-x 0 0 1647-128-3 /WINDOWS/inf/netasp2k.inf 26729 ..c. r/rr-xr-xr-x 0 0 1648-128-3 /WINDOWS/inf/netb57xp.inf 2758 ..c. r/rr-xr-xr-x 0 0 1649-128-3 /WINDOWS/inf/netbcm4p.inf 2539 ..c. r/rr-xr-xr-x 0 0 1650-128-3 /WINDOWS/inf/netbcm4u.inf 3038 ..c. r/rr-xr-xr-x 0 0 1651-128-3 /WINDOWS/inf/netbcm4e.inf 6612 ..c. r/rr-xr-xr-x 0 0 1652-128-3 /WINDOWS/inf/netbrzw.inf 7513 ..c. r/rr-xr-xr-x 0 0 1653-128-3 /WINDOWS/inf/netcicap.inf 11177 ..c. r/rr-xr-xr-x 0 0 1654-128-3 /WINDOWS/inf/netcb325.inf 8599 ..c. r/rr-xr-xr-x 0 0 1655-128-3 /WINDOWS/inf/netcbe.inf 2961 ..c. r/rr-xr-xr-x 0 0 1656-128-3 /WINDOWS/inf/netcb102.inf 5462 ..c. r/rr-xr-xr-x 0 0 1657-128-3 /WINDOWS/inf/netce2.inf 8181 ..c. r/rr-xr-xr-x 0 0 1658-128-3 /WINDOWS/inf/netce3.inf 4274 ..c. r/rr-xr-xr-x 0 0 1659-128-3 /WINDOWS/inf/netcem28.inf 4260 ..c. r/rr-xr-xr-x 0 0 1660-128-3 /WINDOWS/inf/netcem33.inf 8329 ..c. r/rr-xr-xr-x 0 0 1661-128-3 /WINDOWS/inf/netcem56.inf 6268 ..c. r/rr-xr-xr-x 0 0 1662-128-3 /WINDOWS/inf/netcpqc.inf 13080 ..c. r/rr-xr-xr-x 0 0 1663-128-3 /WINDOWS/inf/netcpqg.inf 12085 ..c. r/rr-xr-xr-x 0 0 1664-128-3 /WINDOWS/inf/netcpqi.inf 6030 ..c. r/rr-xr-xr-x 0 0 1665-128-3 /WINDOWS/inf/netcpqmt.inf 5095 ..c. r/rr-xr-xr-x 0 0 1666-128-3 /WINDOWS/inf/netctmrk.inf 8138 ..c. r/rr-xr-xr-x 0 0 1667-128-3 /WINDOWS/inf/netdlh5x.inf 3257 ..c. r/rr-xr-xr-x 0 0 1668-128-3 /WINDOWS/inf/netdf650.inf 4443 ..c. r/rr-xr-xr-x 0 0 1669-128-3 /WINDOWS/inf/netdm.inf 2950 ..c. r/rr-xr-xr-x 0 0 1670-128-3 /WINDOWS/inf/net650d.inf 22319 ..c. r/rr-xr-xr-x 0 0 1671-128-3 /WINDOWS/inf/nete1000.inf 5822 ..c. r/rr-xr-xr-x 0 0 1672-128-3 /WINDOWS/inf/nete100i.inf 3467 ..c. r/rr-xr-xr-x 0 0 1673-128-3 /WINDOWS/inf/netejxmp.inf 3027 ..c. r/rr-xr-xr-x 0 0 1674-128-3 /WINDOWS/inf/netel515.inf 5552 ..c. r/rr-xr-xr-x 0 0 1675-128-3 /WINDOWS/inf/netel574.inf 3045 ..c. r/rr-xr-xr-x 0 0 1676-128-3 /WINDOWS/inf/netel5x9.inf 7072 ..c. r/rr-xr-xr-x 0 0 1677-128-3 /WINDOWS/inf/netel980.inf 11262 ..c. r/rr-xr-xr-x 0 0 1678-128-3 /WINDOWS/inf/netel99x.inf 4897 ..c. r/rr-xr-xr-x 0 0 1679-128-3 /WINDOWS/inf/netepicn.inf 4040 ..c. r/rr-xr-xr-x 0 0 1680-128-3 /WINDOWS/inf/netepro.inf 2478 ..c. r/rr-xr-xr-x 0 0 1681-128-3 /WINDOWS/inf/netex10.inf 3687 ..c. r/rr-xr-xr-x 0 0 1682-128-3 /WINDOWS/inf/netf56n5.inf 4475 ..c. r/rr-xr-xr-x 0 0 1683-128-3 /WINDOWS/inf/netfa312.inf 3031 ..c. r/rr-xr-xr-x 0 0 1684-128-3 /WINDOWS/inf/netfa410.inf 2998 ..c. r/rr-xr-xr-x 0 0 1685-128-3 /WINDOWS/inf/netfjvi.inf 2883 ..c. r/rr-xr-xr-x 0 0 1686-128-3 /WINDOWS/inf/netfjvj.inf 3092 ..c. r/rr-xr-xr-x 0 0 1687-128-3 /WINDOWS/inf/netforeh.inf 12602 ..c. r/rr-xr-xr-x 0 0 1688-128-3 /WINDOWS/inf/netibm.inf 8339 ..c. r/rr-xr-xr-x 0 0 1689-128-3 /WINDOWS/inf/netibm2.inf 2849 ..c. r/rr-xr-xr-x 0 0 1690-128-3 /WINDOWS/inf/netktc.inf 2398 ..c. r/rr-xr-xr-x 0 0 1691-128-3 /WINDOWS/inf/netlm.inf 2320 ..c. r/rr-xr-xr-x 0 0 1692-128-3 /WINDOWS/inf/netlm56.inf 2694 ..c. r/rr-xr-xr-x 0 0 1693-128-3 /WINDOWS/inf/netlnev2.inf 4507 ..c. r/rr-xr-xr-x 0 0 1694-128-3 /WINDOWS/inf/netmhzn5.inf 24491 ..c. r/rr-xr-xr-x 0 0 1695-128-3 /WINDOWS/inf/netnf3.inf 5037 ..c. r/rr-xr-xr-x 0 0 1696-128-3 /WINDOWS/inf/netngr.inf 10008 ..c. r/rr-xr-xr-x 0 0 1697-128-3 /WINDOWS/inf/netosi2c.inf 7919 ..c. r/rr-xr-xr-x 0 0 1698-128-3 /WINDOWS/inf/netosi5.inf 3204 ..c. r/rr-xr-xr-x 0 0 1699-128-3 /WINDOWS/inf/netpc100.inf 4945 ..c. r/rr-xr-xr-x 0 0 1700-128-3 /WINDOWS/inf/netpnic.inf 6308 ..c. r/rr-xr-xr-x 0 0 1701-128-3 /WINDOWS/inf/netpwr2.inf 3208 ..c. r/rr-xr-xr-x 0 0 1702-128-3 /WINDOWS/inf/netrlw2k.inf 4645 ..c. r/rr-xr-xr-x 0 0 1703-128-3 /WINDOWS/inf/netrtpnt.inf 14374 ..c. r/rr-xr-xr-x 0 0 1704-128-3 /WINDOWS/inf/netsis.inf 17766 ..c. r/rr-xr-xr-x 0 0 1705-128-3 /WINDOWS/inf/netsk_fp.inf 7790 ..c. r/rr-xr-xr-x 0 0 1706-128-3 /WINDOWS/inf/netsk98.inf 2158 ..c. r/rr-xr-xr-x 0 0 1707-128-3 /WINDOWS/inf/netsla30.inf 2038 ..c. r/rr-xr-xr-x 0 0 1708-128-3 /WINDOWS/inf/netsmc.inf 3474 ..c. r/rr-xr-xr-x 0 0 1709-128-3 /WINDOWS/inf/netsnip.inf 160 .a.. d/dr-xr-xr-x 0 0 171-144-1 /WINDOWS/system32/mui/0402 4637 ..c. r/rr-xr-xr-x 0 0 1710-128-3 /WINDOWS/inf/nettb155.inf 2999 ..c. r/rr-xr-xr-x 0 0 1711-128-3 /WINDOWS/inf/nettdkb.inf 6520 ..c. r/rr-xr-xr-x 0 0 1712-128-3 /WINDOWS/inf/nettiger.inf 2879 ..c. r/rr-xr-xr-x 0 0 1713-128-3 /WINDOWS/inf/nettpro.inf 8415 ..c. r/rr-xr-xr-x 0 0 1714-128-3 /WINDOWS/inf/netvt86.inf 4980 ..c. r/rr-xr-xr-x 0 0 1715-128-3 /WINDOWS/inf/netw840.inf 2293 ..c. r/rr-xr-xr-x 0 0 1716-128-3 /WINDOWS/inf/netw926.inf 2175 ..c. r/rr-xr-xr-x 0 0 1717-128-3 /WINDOWS/inf/netw940.inf 12323 ..c. r/rr-xr-xr-x 0 0 1718-128-3 /WINDOWS/inf/netx500.inf 4538 ..c. r/rr-xr-xr-x 0 0 1719-128-3 /WINDOWS/inf/netx56n5.inf 4612 ..c. r/rr-xr-xr-x 0 0 1720-128-3 /WINDOWS/inf/netxcpq.inf 1761 ..c. r/rr-xr-xr-x 0 0 1721-128-3 /WINDOWS/inf/ntapm.inf 4177 ..c. r/rr-xr-xr-x 0 0 1722-128-3 /WINDOWS/inf/nv3.inf 2048 ..c. r/rr-xr-xr-x 0 0 1725-128-3 /WINDOWS/inf/ppa.inf 2076 ..c. r/rr-xr-xr-x 0 0 1726-128-3 /WINDOWS/inf/ppa3.inf 757717 ..c. r/rr-xr-xr-x 0 0 1727-128-3 /WINDOWS/Help/Tours/mmTour/intro.swf 807 ..c. r/rr-xr-xr-x 0 0 1728-128-3 /WINDOWS/Help/Tours/mmTour/intro.txt 175759 ..c. r/rr-xr-xr-x 0 0 1729-128-3 /WINDOWS/Help/Tours/mmTour/nav.swf 407 ..c. r/rr-xr-xr-x 0 0 1730-128-1 /WINDOWS/Help/Tours/mmTour/nav.txt 2103945 ..c. r/rr-xr-xr-x 0 0 1731-128-3 /WINDOWS/Help/Tours/mmTour/segment1.swf 747 ..c. r/rr-xr-xr-x 0 0 1732-128-3 /WINDOWS/Help/Tours/mmTour/segment1.txt 1637375 ..c. r/rr-xr-xr-x 0 0 1733-128-3 /WINDOWS/Help/Tours/mmTour/segment2.swf 772 ..c. r/rr-xr-xr-x 0 0 1734-128-3 /WINDOWS/Help/Tours/mmTour/segment2.txt 1635503 ..c. r/rr-xr-xr-x 0 0 1735-128-3 /WINDOWS/Help/Tours/mmTour/segment3.swf 717 ..c. r/rr-xr-xr-x 0 0 1736-128-1 /WINDOWS/Help/Tours/mmTour/segment3.txt 2794421 ..c. r/rr-xr-xr-x 0 0 1737-128-3 /WINDOWS/Help/Tours/mmTour/segment4.swf 633 ..c. r/rr-xr-xr-x 0 0 1738-128-1 /WINDOWS/Help/Tours/mmTour/segment4.txt 7679963 ..c. r/rr-xr-xr-x 0 0 1739-128-3 /WINDOWS/Help/Tours/mmTour/segment5.swf 799 ..c. r/rr-xr-xr-x 0 0 1740-128-3 /WINDOWS/Help/Tours/mmTour/segment5.txt 3167 ..c. r/rr-xr-xr-x 0 0 1741-128-3 /WINDOWS/inf/s3sav3d.inf 3246 ..c. r/rr-xr-xr-x 0 0 1742-128-3 /WINDOWS/inf/s3sav4.inf 3258 ..c. r/rr-xr-xr-x 0 0 1743-128-3 /WINDOWS/inf/s3savmx.inf 2219 ..c. r/rr-xr-xr-x 0 0 1744-128-3 /WINDOWS/inf/s3trio3d.inf 2883 ..c. r/rr-xr-xr-x 0 0 1745-128-3 /WINDOWS/inf/sgiu.inf 3788 ..c. r/rr-xr-xr-x 0 0 1746-128-3 /WINDOWS/inf/sis300i.inf 3166 ..c. r/rr-xr-xr-x 0 0 1747-128-3 /WINDOWS/inf/sis6306.inf 5445 ..c. r/rr-xr-xr-x 0 0 1748-128-3 /WINDOWS/inf/sisgr.inf 3102 ..c. r/rr-xr-xr-x 0 0 1749-128-3 /WINDOWS/inf/sisv6326.inf 9197 ..c. r/rr-xr-xr-x 0 0 1750-128-3 /WINDOWS/inf/smi.inf 14782 ..c. r/rr-xr-xr-x 0 0 1751-128-3 /WINDOWS/inf/spx.inf 9856 ..c. r/rr-xr-xr-x 0 0 1752-128-3 /WINDOWS/inf/spxports.inf 2565 ..c. r/rr-xr-xr-x 0 0 1753-128-3 /WINDOWS/inf/stalport.inf 29998 ..c. r/rr-xr-xr-x 0 0 1754-128-3 /WINDOWS/inf/swnt.inf 2812 ..c. r/rr-xr-xr-x 0 0 1755-128-3 /WINDOWS/inf/tgiu.inf 3374640 ..c. r/rr-xr-xr-x 0 0 1756-128-3 /WINDOWS/Help/Tours/mmTour/tour.exe 3609 ..c. r/rr-xr-xr-x 0 0 1757-128-3 /WINDOWS/inf/trid3d.inf 4044 ..c. r/rr-xr-xr-x 0 0 1758-128-3 /WINDOWS/inf/tridkb.inf 3121 ..c. r/rr-xr-xr-x 0 0 1759-128-3 /WINDOWS/inf/tridxp.inf 4898 ..c. r/rr-xr-xr-x 0 0 1777-128-3 /WINDOWS/inf/viafir2k.inf 4100 ..c. r/rr-xr-xr-x 0 0 1779-128-3 /WINDOWS/inf/wbfirdma.inf 4726 ..c. r/rr-xr-xr-x 0 0 1780-128-3 /WINDOWS/inf/wceusbsh.inf 267903 ..c. r/rr-xr-xr-x 0 0 1781-128-3 /WINDOWS/inf/wdma10k1.inf 86985 ..c. r/rr-xr-xr-x 0 0 1782-128-3 /WINDOWS/inf/wdma_aur.inf 872679 ..c. r/rr-xr-xr-x 0 0 1783-128-3 /WINDOWS/Help/windows.chm 166 ..c. r/rr-xr-xr-x 0 0 1785-128-1 /WINDOWS/Help/Tours/htmlTour/bluearrow.gif 53 ..c. r/rr-xr-xr-x 0 0 1786-128-1 /WINDOWS/Help/Tours/htmlTour/bot_bar.gif 6222 ..c. r/rr-xr-xr-x 0 0 1787-128-3 /WINDOWS/Help/Tours/htmlTour/connected_data.jpg 14433 ..c. r/rr-xr-xr-x 0 0 1788-128-3 /WINDOWS/Help/Tours/htmlTour/connected_data_big.jpg 4967 ..c. r/rr-xr-xr-x 0 0 1789-128-3 /WINDOWS/Help/Tours/htmlTour/connected_data_ghost.jpg 7192 ..c. r/rr-xr-xr-x 0 0 1790-128-3 /WINDOWS/Help/Tours/htmlTour/connected_multiple.jpg 17059 ..c. r/rr-xr-xr-x 0 0 1791-128-3 /WINDOWS/Help/Tours/htmlTour/connected_multiple_big.jpg 5683 ..c. r/rr-xr-xr-x 0 0 1792-128-3 /WINDOWS/Help/Tours/htmlTour/connected_multiple_ghost.jpg 7236 ..c. r/rr-xr-xr-x 0 0 1793-128-3 /WINDOWS/Help/Tours/htmlTour/connected_networks.jpg 18137 ..c. r/rr-xr-xr-x 0 0 1794-128-3 /WINDOWS/Help/Tours/htmlTour/connected_networks_big.jpg 5628 ..c. r/rr-xr-xr-x 0 0 1795-128-3 /WINDOWS/Help/Tours/htmlTour/connected_networks_ghost.jpg 6778 ..c. r/rr-xr-xr-x 0 0 1796-128-3 /WINDOWS/Help/Tours/htmlTour/connected_wizard.jpg 17214 ..c. r/rr-xr-xr-x 0 0 1797-128-3 /WINDOWS/Help/Tours/htmlTour/connected_wizard_big.jpg 5314 ..c. r/rr-xr-xr-x 0 0 1798-128-3 /WINDOWS/Help/Tours/htmlTour/connected_wizard_ghost.jpg 4407 ..c. r/rr-xr-xr-x 0 0 1799-128-3 /WINDOWS/Help/Tours/htmlTour/control_up.jpg 56 .a.. d/dr-xr-xr-x 0 0 180-144-5 /WINDOWS/system32/en 22890 ..c. r/rr-xr-xr-x 0 0 1800-128-3 /WINDOWS/Help/Tours/htmlTour/desktop_screen_shot.jpg 4232 ..c. r/rr-xr-xr-x 0 0 1801-128-3 /WINDOWS/Help/Tours/htmlTour/desktop_up.jpg 4399 ..c. r/rr-xr-xr-x 0 0 1802-128-3 /WINDOWS/Help/Tours/htmlTour/end_up.jpg 4326 ..c. r/rr-xr-xr-x 0 0 1803-128-3 /WINDOWS/Help/Tours/htmlTour/folder_up.jpg 644 ..c. r/rr-xr-xr-x 0 0 1804-128-1 /WINDOWS/Help/Tours/htmlTour/gradient.jpg 4322 ..c. r/rr-xr-xr-x 0 0 1805-128-3 /WINDOWS/Help/Tours/htmlTour/icon_up.jpg 63270 ..c. r/rr-xr-xr-x 0 0 1806-128-3 /WINDOWS/Help/Tours/htmlTour/img004b.jpg 8639 ..c. r/rr-xr-xr-x 0 0 1807-128-3 /WINDOWS/Help/Tours/htmlTour/img014.jpg 66232 ..c. r/rr-xr-xr-x 0 0 1808-128-3 /WINDOWS/Help/Tours/htmlTour/img033.jpg 67797 ..c. r/rr-xr-xr-x 0 0 1809-128-3 /WINDOWS/Help/Tours/htmlTour/img033a.jpg 31079 ..c. r/rr-xr-xr-x 0 0 1810-128-3 /WINDOWS/Help/Tours/htmlTour/img034.jpg 37207 ..c. r/rr-xr-xr-x 0 0 1811-128-3 /WINDOWS/Help/Tours/htmlTour/img040.jpg 44618 ..c. r/rr-xr-xr-x 0 0 1812-128-3 /WINDOWS/Help/Tours/htmlTour/img060.jpg 24137 ..c. r/rr-xr-xr-x 0 0 1813-128-3 /WINDOWS/Help/Tours/htmlTour/img068.jpg 41453 ..c. r/rr-xr-xr-x 0 0 1814-128-3 /WINDOWS/Help/Tours/htmlTour/img072.jpg 87264 ..c. r/rr-xr-xr-x 0 0 1815-128-3 /WINDOWS/Help/Tours/htmlTour/img089.jpg 43292 ..c. r/rr-xr-xr-x 0 0 1816-128-3 /WINDOWS/Help/Tours/htmlTour/img100.jpg 43667 ..c. r/rr-xr-xr-x 0 0 1817-128-3 /WINDOWS/Help/Tours/htmlTour/img109.jpg 16257 ..c. r/rr-xr-xr-x 0 0 1818-128-3 /WINDOWS/Help/Tours/htmlTour/img110.jpg 21987 ..c. r/rr-xr-xr-x 0 0 1819-128-3 /WINDOWS/Help/Tours/htmlTour/img116.jpg 31637 ..c. r/rr-xr-xr-x 0 0 1820-128-3 /WINDOWS/Help/Tours/htmlTour/img121.jpg 20762 ..c. r/rr-xr-xr-x 0 0 1821-128-3 /WINDOWS/Help/Tours/htmlTour/img123.jpg 18782 ..c. r/rr-xr-xr-x 0 0 1822-128-3 /WINDOWS/Help/Tours/htmlTour/img126.jpg 77688 ..c. r/rr-xr-xr-x 0 0 1823-128-3 /WINDOWS/Help/Tours/htmlTour/img136.jpg 100686 ..c. r/rr-xr-xr-x 0 0 1824-128-3 /WINDOWS/Help/Tours/htmlTour/img149.jpg 25420 ..c. r/rr-xr-xr-x 0 0 1825-128-3 /WINDOWS/Help/Tours/htmlTour/intro_logo.jpg 4651 ..c. r/rr-xr-xr-x 0 0 1826-128-3 /WINDOWS/Help/Tours/htmlTour/logo.jpg 855 ..c. r/rr-xr-xr-x 0 0 1827-128-3 /WINDOWS/Help/Tours/htmlTour/nav_blank.gif 1221 ..c. r/rr-xr-xr-x 0 0 1828-128-3 /WINDOWS/Help/Tours/htmlTour/nav_best.gif 1161 ..c. r/rr-xr-xr-x 0 0 1829-128-3 /WINDOWS/Help/Tours/htmlTour/nav_best_down.gif 1211 ..c. r/rr-xr-xr-x 0 0 1830-128-3 /WINDOWS/Help/Tours/htmlTour/nav_connected.gif 1179 ..c. r/rr-xr-xr-x 0 0 1831-128-3 /WINDOWS/Help/Tours/htmlTour/nav_connected_down.gif 1496 ..c. r/rr-xr-xr-x 0 0 1832-128-3 /WINDOWS/Help/Tours/htmlTour/nav_gray.gif 1237 ..c. r/rr-xr-xr-x 0 0 1833-128-3 /WINDOWS/Help/Tours/htmlTour/nav_safe_easy.gif 1176 ..c. r/rr-xr-xr-x 0 0 1834-128-3 /WINDOWS/Help/Tours/htmlTour/nav_safe_easy_down.gif 1130 ..c. r/rr-xr-xr-x 0 0 1835-128-3 /WINDOWS/Help/Tours/htmlTour/nav_start_here.gif 761 ..c. r/rr-xr-xr-x 0 0 1836-128-3 /WINDOWS/Help/Tours/htmlTour/nav_start_here_down.gif 1237 ..c. r/rr-xr-xr-x 0 0 1837-128-3 /WINDOWS/Help/Tours/htmlTour/nav_unlock.gif 1131 ..c. r/rr-xr-xr-x 0 0 1838-128-3 /WINDOWS/Help/Tours/htmlTour/nav_unlock_down.gif 2580 ..c. r/rr-xr-xr-x 0 0 1839-128-3 /WINDOWS/Help/Tours/htmlTour/pen_icon.jpg 2626 ..c. r/rr-xr-xr-x 0 0 1840-128-3 /WINDOWS/Help/Tours/htmlTour/question_icon.jpg 1535 ..c. r/rr-xr-xr-x 0 0 1841-128-3 /WINDOWS/Help/Tours/htmlTour/read_icon.jpg 6416 ..c. r/rr-xr-xr-x 0 0 1842-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_better.jpg 13378 ..c. r/rr-xr-xr-x 0 0 1843-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_better_big.jpg 5159 ..c. r/rr-xr-xr-x 0 0 1844-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_better_ghost.jpg 6293 ..c. r/rr-xr-xr-x 0 0 1845-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_easier.jpg 15707 ..c. r/rr-xr-xr-x 0 0 1846-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_easier_big.jpg 5040 ..c. r/rr-xr-xr-x 0 0 1847-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_easier_ghost.jpg 6782 ..c. r/rr-xr-xr-x 0 0 1848-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_faster.jpg 18151 ..c. r/rr-xr-xr-x 0 0 1849-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_faster_big.jpg 5330 ..c. r/rr-xr-xr-x 0 0 1850-128-3 /WINDOWS/Help/Tours/htmlTour/safe_easy_faster_ghost.jpg 43 ..c. r/rr-xr-xr-x 0 0 1851-128-1 /WINDOWS/Help/Tours/htmlTour/spacer.gif 4337 ..c. r/rr-xr-xr-x 0 0 1852-128-3 /WINDOWS/Help/Tours/htmlTour/start_up.jpg 4222 ..c. r/rr-xr-xr-x 0 0 1853-128-3 /WINDOWS/Help/Tours/htmlTour/taskbar_up.jpg 6566 ..c. r/rr-xr-xr-x 0 0 1854-128-3 /WINDOWS/Help/Tours/htmlTour/ul_logo.jpg 6514 ..c. r/rr-xr-xr-x 0 0 1855-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_built.jpg 14770 ..c. r/rr-xr-xr-x 0 0 1856-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_built_big.jpg 5063 ..c. r/rr-xr-xr-x 0 0 1857-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_built_ghost.jpg 6290 ..c. r/rr-xr-xr-x 0 0 1858-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_optimized.jpg 14093 ..c. r/rr-xr-xr-x 0 0 1859-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_optimized_big.jpg 5135 ..c. r/rr-xr-xr-x 0 0 1860-128-3 /WINDOWS/Help/Tours/htmlTour/unlock_optimized_ghost.jpg 4366 ..c. r/rr-xr-xr-x 0 0 1861-128-3 /WINDOWS/Help/Tours/htmlTour/window_up.jpg 7951 ..c. r/rr-xr-xr-x 0 0 1862-128-3 /WINDOWS/Help/Tours/htmlTour/best_road.jpg 21352 ..c. r/rr-xr-xr-x 0 0 1863-128-3 /WINDOWS/Help/Tours/htmlTour/best_road_big.jpg 6253 ..c. r/rr-xr-xr-x 0 0 1864-128-3 /WINDOWS/Help/Tours/htmlTour/best_road_ghost.jpg 6452 ..c. r/rr-xr-xr-x 0 0 1865-128-3 /WINDOWS/Help/Tours/htmlTour/best_robust.jpg 13667 ..c. r/rr-xr-xr-x 0 0 1866-128-3 /WINDOWS/Help/Tours/htmlTour/best_robust_big.jpg 5065 ..c. r/rr-xr-xr-x 0 0 1867-128-3 /WINDOWS/Help/Tours/htmlTour/best_robust_ghost.jpg 6645 ..c. r/rr-xr-xr-x 0 0 1868-128-3 /WINDOWS/Help/Tours/htmlTour/best_secure.jpg 17777 ..c. r/rr-xr-xr-x 0 0 1869-128-3 /WINDOWS/Help/Tours/htmlTour/best_secure_big.jpg 5168 ..c. r/rr-xr-xr-x 0 0 187-128-3 /WINDOWS/Fonts/vgaoem.fon 5249 ..c. r/rr-xr-xr-x 0 0 1870-128-3 /WINDOWS/Help/Tours/htmlTour/best_secure_ghost.jpg 42914 ..c. r/rr-xr-xr-x 0 0 1871-128-3 /WINDOWS/Help/Tours/htmlTour/img074a.jpg 1135 ..c. r/rr-xr-xr-x 0 0 1872-128-3 /WINDOWS/Help/Tours/htmlTour/scripts.js 2595 ..c. r/rr-xr-xr-x 0 0 1873-128-3 /WINDOWS/Help/Tours/htmlTour/style.css 3212 ..c. r/rr-xr-xr-x 0 0 1874-128-3 /WINDOWS/inf/xscan_xp.inf 1481 ..c. r/rr-xr-xr-x 0 0 1875-128-3 /WINDOWS/inf/wmtour.inf 1885 ..c. r/rr-xr-xr-x 0 0 1878-128-3 /WINDOWS/Help/mplayer2.cnt 97117 ..c. r/rr-xr-xr-x 0 0 1879-128-3 /WINDOWS/Help/mplayer2.hlp 4352 ..c. r/rr-xr-xr-x 0 0 188-128-3 /WINDOWS/system32/drivers/wmilib.sys 11648 ..c. r/rr-xr-xr-x 0 0 1882-128-3 /WINDOWS/system32/drivers/acpiec.sys 3456 ..c. r/rr-xr-xr-x 0 0 1883-128-3 /WINDOWS/system32/drivers/oprghdlr.sys 3328 ..c. r/rr-xr-xr-x 0 0 1884-128-3 /WINDOWS/system32/drivers/pciide.sys 4736 ..c. r/rr-xr-xr-x 0 0 1885-128-3 /WINDOWS/system32/drivers/usbd.sys 96512 ..c. r/rr-xr-xr-x 0 0 1886-128-3 /WINDOWS/system32/drivers/atapi.sys 36352 ..c. r/rr-xr-xr-x 0 0 1887-128-3 /WINDOWS/system32/drivers/disk.sys 49536 ..c. r/rr-xr-xr-x 0 0 1888-128-3 /WINDOWS/system32/drivers/classpnp.sys 153344 ..c. r/rr-xr-xr-x 0 0 1889-128-3 /WINDOWS/system32/drivers/dmio.sys 5888 ..c. r/rr-xr-xr-x 0 0 189-128-3 /WINDOWS/system32/drivers/dmload.sys 24960 ..c. r/rr-xr-xr-x 0 0 1890-128-3 /WINDOWS/system32/drivers/pciidex.sys 92288 ..c. r/rr-xr-xr-x 0 0 1891-128-3 /WINDOWS/system32/drivers/ksecdd.sys 42368 ..c. r/rr-xr-xr-x 0 0 1892-128-3 /WINDOWS/system32/drivers/mountmgr.sys 180608 ..c. r/rr-xr-xr-x 0 0 1893-128-3 /WINDOWS/system32/drivers/mrxdav.sys 19072 ..c. r/rr-xr-xr-x 0 0 1894-128-3 /WINDOWS/system32/drivers/tdi.sys 182656 ..c. r/rr-xr-xr-x 0 0 1895-128-3 /WINDOWS/system32/drivers/ndis.sys 456576 ..c. r/rr-xr-xr-x 0 0 1896-128-3 /WINDOWS/system32/drivers/mrxsmb.sys 175744 ..c. r/rr-xr-xr-x 0 0 1897-128-3 /WINDOWS/system32/drivers/rdbss.sys 19072 ..c. r/rr-xr-xr-x 0 0 1898-128-3 /WINDOWS/system32/drivers/msfs.sys 105344 ..c. r/rr-xr-xr-x 0 0 1899-128-3 /WINDOWS/system32/drivers/mup.sys 125056 ..c. r/rr-xr-xr-x 0 0 190-128-3 /WINDOWS/system32/drivers/ftdisk.sys 34688 ..c. r/rr-xr-xr-x 0 0 1900-128-3 /WINDOWS/system32/drivers/netbios.sys 30848 ..c. r/rr-xr-xr-x 0 0 1901-128-3 /WINDOWS/system32/drivers/npfs.sys 19712 ..c. r/rr-xr-xr-x 0 0 1902-128-3 /WINDOWS/system32/drivers/partmgr.sys 52352 ..c. r/rr-xr-xr-x 0 0 1903-128-3 /WINDOWS/system32/drivers/volsnap.sys 42752 ..c. r/rr-xr-xr-x 0 0 1904-128-3 /WINDOWS/system32/drivers/p3.sys 81664 ..c. r/rr-xr-xr-x 0 0 1905-128-3 /WINDOWS/system32/drivers/videoprt.sys 141056 ..c. r/rr-xr-xr-x 0 0 1906-128-3 /WINDOWS/system32/drivers/ks.sys 30080 ..c. r/rr-xr-xr-x 0 0 1907-128-3 /WINDOWS/system32/drivers/modem.sys 27392 ..c. r/rr-xr-xr-x 0 0 1908-128-3 /WINDOWS/system32/drivers/fdc.sys 64512 ..c. r/rr-xr-xr-x 0 0 1909-128-3 /WINDOWS/system32/drivers/serial.sys 17792 ..c. r/rr-xr-xr-x 0 0 191-128-3 /WINDOWS/system32/drivers/ptilink.sys 15744 ..c. r/rr-xr-xr-x 0 0 1910-128-3 /WINDOWS/system32/drivers/serenum.sys 80128 ..c. r/rr-xr-xr-x 0 0 1911-128-3 /WINDOWS/system32/drivers/parport.sys 62976 ..c. r/rr-xr-xr-x 0 0 1912-128-3 /WINDOWS/system32/drivers/cdrom.sys 51328 ..c. r/rr-xr-xr-x 0 0 1913-128-3 /WINDOWS/system32/drivers/rasl2tp.sys 10112 ..c. r/rr-xr-xr-x 0 0 1914-128-3 /WINDOWS/system32/drivers/ndistapi.sys 91520 ..c. r/rr-xr-xr-x 0 0 1915-128-3 /WINDOWS/system32/drivers/ndiswan.sys 41472 ..c. r/rr-xr-xr-x 0 0 1916-128-3 /WINDOWS/system32/drivers/raspppoe.sys 48384 ..c. r/rr-xr-xr-x 0 0 1917-128-3 /WINDOWS/system32/drivers/raspptp.sys 69120 ..c. r/rr-xr-xr-x 0 0 1918-128-3 /WINDOWS/system32/drivers/psched.sys 35072 ..c. r/rr-xr-xr-x 0 0 1919-128-3 /WINDOWS/system32/drivers/msgpc.sys 16512 ..c. r/rr-xr-xr-x 0 0 192-128-3 /WINDOWS/system32/drivers/raspti.sys 4352 ..c. r/rr-xr-xr-x 0 0 1920-128-3 /WINDOWS/system32/drivers/swenum.sys 40576 ..c. r/rr-xr-xr-x 0 0 1921-128-3 /WINDOWS/system32/drivers/ndproxy.sys 20480 ..c. r/rr-xr-xr-x 0 0 1922-128-3 /WINDOWS/system32/drivers/flpydisk.sys 11392 ..c. r/rr-xr-xr-x 0 0 1923-128-3 /WINDOWS/system32/drivers/sfloppy.sys 20992 ..c. r/rr-xr-xr-x 0 0 1924-128-3 /WINDOWS/system32/drivers/vga.sys 75264 ..c. r/rr-xr-xr-x 0 0 1925-128-3 /WINDOWS/system32/drivers/ipsec.sys 361344 ..c. r/rr-xr-xr-x 0 0 1926-128-3 /WINDOWS/system32/drivers/tcpip.sys 162816 ..c. r/rr-xr-xr-x 0 0 1927-128-3 /WINDOWS/system32/drivers/netbt.sys 34560 ..c. r/rr-xr-xr-x 0 0 1928-128-3 /WINDOWS/system32/drivers/wanarp.sys 42112 ..c. r/rr-xr-xr-x 0 0 1929-128-3 /WINDOWS/system32/drivers/imapi.sys 18688 ..c. r/rr-xr-xr-x 0 0 193-128-3 /WINDOWS/system32/drivers/cdaudio.sys 44544 ..c. r/rr-xr-xr-x 0 0 1930-128-3 /WINDOWS/system32/drivers/fips.sys 143744 ..c. r/rr-xr-xr-x 0 0 1934-128-3 /WINDOWS/system32/drivers/fastfat.sys 7936 ..c. r/rr-xr-xr-x 0 0 194-128-3 /WINDOWS/system32/drivers/fs_rec.sys 2944 ..c. r/rr-xr-xr-x 0 0 195-128-3 /WINDOWS/system32/drivers/null.sys 4224 ..c. r/rr-xr-xr-x 0 0 196-128-3 /WINDOWS/system32/drivers/beep.sys 4224 ..c. r/rr-xr-xr-x 0 0 197-128-3 /WINDOWS/system32/drivers/rdpcdd.sys 71168 ..c. r/rr-xr-xr-x 0 0 1970-128-3 /WINDOWS/system32/drivers/dxg.sys 8832 ..c. r/rr-xr-xr-x 0 0 198-128-3 /WINDOWS/system32/drivers/rasacd.sys 355680 ..c. r/rr-xr-xr-x 0 0 1981-128-3 /WINDOWS/Fonts/tahomabd.ttf 383804 ..c. r/rr-xr-xr-x 0 0 1982-128-3 /WINDOWS/Fonts/tahoma.ttf 138112 ..c. r/rr-xr-xr-x 0 0 2022-128-3 /WINDOWS/system32/drivers/afd.sys 461672 ..c. r/rr-xr-xr-x 0 0 2027-128-3 /WINDOWS/Fonts/micross.ttf 148624 ..c. r/rr-xr-xr-x 0 0 2028-128-3 /WINDOWS/Fonts/tunga.ttf 3328 ..c. r/rr-xr-xr-x 0 0 203-128-3 /WINDOWS/system32/drivers/dxgthk.sys 7280 ..c. r/rr-xr-xr-x 0 0 204-128-3 /WINDOWS/Fonts/vgasys.fon 5360 ..c. r/rr-xr-xr-x 0 0 205-128-3 /WINDOWS/Fonts/vgafix.fon 334848 ..c. r/rr-xr-xr-x 0 0 2075-128-3 /WINDOWS/system32/drivers/srv.sys 36656 ..c. r/rr-xr-xr-x 0 0 208-128-3 /WINDOWS/Fonts/dosapp.fon 5312 ..c. r/rr-xr-xr-x 0 0 209-128-3 /WINDOWS/Fonts/ega80woa.fon 8368 ..c. r/rr-xr-xr-x 0 0 210-128-3 /WINDOWS/Fonts/ega40woa.fon 4304 ..c. r/rr-xr-xr-x 0 0 211-128-3 /WINDOWS/Fonts/cga80woa.fon 6336 ..c. r/rr-xr-xr-x 0 0 212-128-3 /WINDOWS/Fonts/cga40woa.fon 13312 ..c. r/rr-xr-xr-x 0 0 215-128-3 /WINDOWS/Fonts/roman.fon 14592 ..c. r/rr-xr-xr-x 0 0 2150-128-3 /WINDOWS/system32/drivers/ndisuio.sys 97016 ..c. r/rr-xr-xr-x 0 0 2156-128-3 /WINDOWS/Media/chord.wav 12288 ..c. r/rr-xr-xr-x 0 0 216-128-3 /WINDOWS/Fonts/script.fon 367112 ..c. r/rr-xr-xr-x 0 0 2169-128-3 /WINDOWS/Fonts/arial.ttf 8704 ..c. r/rr-xr-xr-x 0 0 217-128-3 /WINDOWS/Fonts/modern.fon 134108 ..c. r/rr-xr-xr-x 0 0 2170-128-3 /WINDOWS/Fonts/trebuc.ttf 171792 ..c. r/rr-xr-xr-x 0 0 2171-128-3 /WINDOWS/Fonts/verdana.ttf 14208 ..c. r/rr-xr-xr-x 0 0 2172-128-3 /WINDOWS/system32/drivers/diskdump.sys 35840 ..c. r/rr-xr-xr-x 0 0 2173-128-3 /WINDOWS/system32/drivers/processr.sys 352224 ..c. r/rr-xr-xr-x 0 0 2179-128-3 /WINDOWS/Fonts/arialbd.ttf 26112 ..c. r/rr-xr-xr-x 0 0 218-128-3 /WINDOWS/Fonts/smalle.fon 118832 ..c. r/rr-xr-xr-x 0 0 2180-128-3 /WINDOWS/Fonts/ariblk.ttf 127596 ..c. r/rr-xr-xr-x 0 0 2182-128-3 /WINDOWS/Fonts/comic.ttf 155068 ..c. r/rr-xr-xr-x 0 0 2184-128-3 /WINDOWS/Fonts/georgia.ttf 137448 ..c. r/rr-xr-xr-x 0 0 2185-128-3 /WINDOWS/Fonts/impact.ttf 398372 ..c. r/rr-xr-xr-x 0 0 2188-128-3 /WINDOWS/Fonts/timesbd.ttf 56336 ..c. r/rr-xr-xr-x 0 0 219-128-3 /WINDOWS/Fonts/symbole.fon 409280 ..c. r/rr-xr-xr-x 0 0 2190-128-3 /WINDOWS/Fonts/times.ttf 25815 ..c. r/rr-xr-xr-x 0 0 2192-128-3 /WINDOWS/inf/accessor.inf 1852928 ..c. r/rr-xr-xr-x 0 0 2193-128-3 /WINDOWS/AppPatch/AcGenral.dll 39424 ..c. r/rr-xr-xr-x 0 0 2194-128-3 /WINDOWS/AppPatch/AcAdProc.dll 451072 ..c. r/rr-xr-xr-x 0 0 2195-128-3 /WINDOWS/AppPatch/AcLayers.dll 141312 ..c. r/rr-xr-xr-x 0 0 2196-128-3 /WINDOWS/AppPatch/AcLua.dll 4727 ..c. r/rr-xr-xr-x 0 0 2197-128-3 /WINDOWS/inf/acpi.inf 245248 ..c. r/rr-xr-xr-x 0 0 2198-128-3 /WINDOWS/AppPatch/AcSpecfc.dll 23408 ..c. r/rr-xr-xr-x 0 0 220-128-3 /WINDOWS/Fonts/coure.fon 116224 ..c. r/rr-xr-xr-x 0 0 2200-128-3 /WINDOWS/AppPatch/AcXtrnal.dll 24064 ..c. r/rr-xr-xr-x 0 0 2206-128-3 /WINDOWS/msagent/agentanm.dll 214016 ..c. r/rr-xr-xr-x 0 0 2207-128-3 /WINDOWS/msagent/agentctl.dll 42496 ..c. r/rr-xr-xr-x 0 0 2208-128-3 /WINDOWS/msagent/agentdp2.dll 57344 ..c. r/rr-xr-xr-x 0 0 2209-128-3 /WINDOWS/msagent/agentdpv.dll 64656 ..c. r/rr-xr-xr-x 0 0 221-128-3 /WINDOWS/Fonts/sserife.fon 49152 ..c. r/rr-xr-xr-x 0 0 2210-128-3 /WINDOWS/msagent/agentmpx.dll 24064 ..c. r/rr-xr-xr-x 0 0 2211-128-3 /WINDOWS/msagent/agentpsh.dll 44032 ..c. r/rr-xr-xr-x 0 0 2212-128-3 /WINDOWS/msagent/agentsr.dll 256512 ..c. r/rr-xr-xr-x 0 0 2213-128-3 /WINDOWS/msagent/agentsvr.exe 3976 ..c. r/rr-xr-xr-x 0 0 2214-128-3 /WINDOWS/inf/agp.inf 19456 ..c. r/rr-xr-xr-x 0 0 2215-128-3 /WINDOWS/msagent/intl/agt0406.dll 8783 ..c. r/rr-xr-xr-x 0 0 2216-128-3 /WINDOWS/Help/agt0406.hlp 21504 ..c. r/rr-xr-xr-x 0 0 2217-128-3 /WINDOWS/msagent/intl/agt0407.dll 8856 ..c. r/rr-xr-xr-x 0 0 2218-128-3 /WINDOWS/Help/agt0407.hlp 19968 ..c. r/rr-xr-xr-x 0 0 2219-128-3 /WINDOWS/msagent/intl/agt0409.dll 57936 ..c. r/rr-xr-xr-x 0 0 222-128-3 /WINDOWS/Fonts/serife.fon 8648 ..c. r/rr-xr-xr-x 0 0 2220-128-3 /WINDOWS/Help/agt0409.hlp 19456 ..c. r/rr-xr-xr-x 0 0 2221-128-3 /WINDOWS/msagent/intl/agt040b.dll 8662 ..c. r/rr-xr-xr-x 0 0 2222-128-3 /WINDOWS/Help/agt040b.hlp 21504 ..c. r/rr-xr-xr-x 0 0 2223-128-3 /WINDOWS/msagent/intl/agt040c.dll 8882 ..c. r/rr-xr-xr-x 0 0 2224-128-3 /WINDOWS/Help/agt040c.hlp 20992 ..c. r/rr-xr-xr-x 0 0 2225-128-3 /WINDOWS/msagent/intl/agt0410.dll 8746 ..c. r/rr-xr-xr-x 0 0 2226-128-3 /WINDOWS/Help/agt0410.hlp 20992 ..c. r/rr-xr-xr-x 0 0 2227-128-3 /WINDOWS/msagent/intl/agt0413.dll 9309 ..c. r/rr-xr-xr-x 0 0 2228-128-3 /WINDOWS/Help/agt0413.hlp 19456 ..c. r/rr-xr-xr-x 0 0 2229-128-3 /WINDOWS/msagent/intl/agt0414.dll 24124 ..c. r/rr-xr-xr-x 0 0 223-128-3 /WINDOWS/Fonts/marlett.ttf 8654 ..c. r/rr-xr-xr-x 0 0 2230-128-3 /WINDOWS/Help/agt0414.hlp 20480 ..c. r/rr-xr-xr-x 0 0 2231-128-3 /WINDOWS/msagent/intl/agt0416.dll 8758 ..c. r/rr-xr-xr-x 0 0 2232-128-3 /WINDOWS/Help/agt0416.hlp 19456 ..c. r/rr-xr-xr-x 0 0 2233-128-3 /WINDOWS/msagent/intl/agt041d.dll 9251 ..c. r/rr-xr-xr-x 0 0 2234-128-3 /WINDOWS/Help/agt041d.hlp 20992 ..c. r/rr-xr-xr-x 0 0 2235-128-3 /WINDOWS/msagent/intl/agt0816.dll 8799 ..c. r/rr-xr-xr-x 0 0 2236-128-3 /WINDOWS/Help/agt0816.hlp 20480 ..c. r/rr-xr-xr-x 0 0 2237-128-3 /WINDOWS/msagent/intl/agt0c0a.dll 8830 ..c. r/rr-xr-xr-x 0 0 2238-128-3 /WINDOWS/Help/agt0c0a.hlp 18432 ..c. r/rr-xr-xr-x 0 0 2239-128-3 /WINDOWS/msagent/agtctl15.tlb 7766 ..c. r/rr-xr-xr-x 0 0 2240-128-3 /WINDOWS/inf/agtinst.inf 24064 ..c. r/rr-xr-xr-x 0 0 2241-128-3 /WINDOWS/msagent/agtintl.dll 37376 ..c. r/rr-xr-xr-x 0 0 2244-128-3 /WINDOWS/system32/drivers/amdk6.sys 37760 ..c. r/rr-xr-xr-x 0 0 2245-128-3 /WINDOWS/system32/drivers/amdk7.sys 785972 ..c. r/rr-xr-xr-x 0 0 2247-128-3 /WINDOWS/AppPatch/apph_sp.sdb 218134 ..c. r/rr-xr-xr-x 0 0 2248-128-3 /WINDOWS/AppPatch/apphelp.sdb 80546 ..c. r/rr-xr-xr-x 0 0 2251-128-3 /WINDOWS/Help/apps.chm 306716 ..c. r/rr-xr-xr-x 0 0 2252-128-3 /WINDOWS/Help/apps_sp.chm 60800 ..c. r/rr-xr-xr-x 0 0 2253-128-3 /WINDOWS/system32/drivers/arp1394.sys 14336 ..c. r/rr-xr-xr-x 0 0 2258-128-3 /WINDOWS/system32/drivers/asyncmac.sys 79744 ..c. r/rr-xr-xr-x 0 0 226-128-3 /WINDOWS/Fonts/estre.ttf 29632 ..c. r/rr-xr-xr-x 0 0 2260-128-3 /WINDOWS/inf/ati1xwdm.inf 22219 ..c. r/rr-xr-xr-x 0 0 2261-128-3 /WINDOWS/Help/atm.chm 59904 ..c. r/rr-xr-xr-x 0 0 2263-128-3 /WINDOWS/system32/drivers/atmarpc.sys 55808 ..c. r/rr-xr-xr-x 0 0 2265-128-3 /WINDOWS/system32/drivers/atmlane.sys 214936 ..c. r/rr-xr-xr-x 0 0 227-128-3 /WINDOWS/Fonts/gautami.ttf 612 ..c. r/rr-xr-xr-x 0 0 2273-128-4 /WINDOWS/Provisioning/Schemas/baseeapmethodconfig.xsd 648 ..c. r/rr-xr-xr-x 0 0 2274-128-4 /WINDOWS/Provisioning/Schemas/baseeapmethodusercredentials.xsd 1066 ..c. r/rr-xr-xr-x 0 0 2275-128-3 /WINDOWS/Provisioning/Schemas/baseeapconnectionpropertiesv1.xsd 1116 ..c. r/rr-xr-xr-x 0 0 2276-128-3 /WINDOWS/Provisioning/Schemas/baseeapuserpropertiesv1.xsd 5442 ..c. r/rr-xr-xr-x 0 0 2277-128-3 /WINDOWS/inf/battery.inf 9921 ..c. r/rr-xr-xr-x 0 0 2278-128-3 /WINDOWS/inf/bda.inf 73292 ..c. r/rr-xr-xr-x 0 0 228-128-3 /WINDOWS/Fonts/latha.ttf 50059 ..c. r/rr-xr-xr-x 0 0 2280-128-3 /WINDOWS/Help/blutooth.chm 71552 ..c. r/rr-xr-xr-x 0 0 2282-128-3 /WINDOWS/system32/drivers/bridge.sys 11681 ..c. r/rr-xr-xr-x 0 0 2284-128-3 /WINDOWS/inf/bth.inf 1997 ..c. r/rr-xr-xr-x 0 0 2286-128-3 /WINDOWS/inf/bthprint.inf 1943 ..c. r/rr-xr-xr-x 0 0 2289-128-3 /WINDOWS/inf/bthspp.inf 143864 ..c. r/rr-xr-xr-x 0 0 229-128-3 /WINDOWS/Fonts/mangal.ttf 2563 ..c. r/rr-xr-xr-x 0 0 2290-128-3 /WINDOWS/inf/bthpan.inf 3776 ..c. r/rr-xr-xr-x 0 0 2296-128-3 /WINDOWS/inf/ccdecode.inf 63744 ..c. r/rr-xr-xr-x 0 0 2297-128-3 /WINDOWS/system32/drivers/cdfs.sys 40500 ..c. r/rr-xr-xr-x 0 0 230-128-3 /WINDOWS/Fonts/mvboli.ttf 35450 ..c. r/rr-xr-xr-x 0 0 2301-128-3 /WINDOWS/inf/cdrom.inf 55776 ..c. r/rr-xr-xr-x 0 0 2303-128-3 /WINDOWS/Media/chimes.wav 57348 ..c. r/rr-xr-xr-x 0 0 231-128-3 /WINDOWS/Fonts/raavi.ttf 234280 ..c. r/rr-xr-xr-x 0 0 232-128-3 /WINDOWS/Fonts/shruti.ttf 81776 ..c. r/rr-xr-xr-x 0 0 2321-128-3 /WINDOWS/inf/comnt5.inf 40282 ..c. r/rr-xr-xr-x 0 0 2326-128-3 /WINDOWS/inf/conf.adm 22555 ..c. r/rr-xr-xr-x 0 0 2327-128-3 /WINDOWS/Help/conf1.chm 734 ..c. r/rr-xr-xr-x 0 0 233-128-3 /WINDOWS/system32/drivers/etc/hosts 8134 ..c. r/rr-xr-xr-x 0 0 2331-128-3 /WINDOWS/inf/cpu.inf 36736 ..c. r/rr-xr-xr-x 0 0 2333-128-3 /WINDOWS/system32/drivers/crusoe.sys 33792 ..c. r/rr-xr-xr-x 0 0 2338-128-3 /WINDOWS/Network Diagnostic/custsat.dll 18855 ..c. r/rr-xr-xr-x 0 0 2344-128-3 /WINDOWS/Help/datetime.chm 6784 ..c. r/rr-xr-xr-x 0 0 235-128-3 /WINDOWS/system32/drivers/parvdm.sys 300422 ..c. r/rr-xr-xr-x 0 0 2355-128-3 /WINDOWS/inf/defltwk.inf 39513 ..c. r/rr-xr-xr-x 0 0 2358-128-3 /WINDOWS/inf/devxprop.inf 80856 ..c. r/rr-xr-xr-x 0 0 2369-128-3 /WINDOWS/Media/ding.wav 5327 ..c. r/rr-xr-xr-x 0 0 2372-128-3 /WINDOWS/inf/disk.inf 799744 ..c. r/rr-xr-xr-x 0 0 2379-128-3 /WINDOWS/system32/drivers/dmboot.sys 67899 ..c. r/rr-xr-xr-x 0 0 2414-128-3 /WINDOWS/inf/drvindex.inf 9424 ..c. r/rr-xr-xr-x 0 0 2415-128-3 /WINDOWS/AppPatch/drvmain.sdb 54004 ..c. r/rr-xr-xr-x 0 0 2423-128-3 /WINDOWS/Help/dskquoui.chm 3285 ..c. r/rr-xr-xr-x 0 0 2432-128-3 /WINDOWS/inf/dtcnt5.inf 320562 ..c. r/rr-xr-xr-x 0 0 2435-128-3 /WINDOWS/inf/dwup.inf 24759 ..c. r/rr-xr-xr-x 0 0 2440-128-3 /WINDOWS/Help/dxdiag.chm 752 ..c. r/rr-xr-xr-x 0 0 2444-128-3 /WINDOWS/Provisioning/Schemas/eapcommon.xsd 1120 ..c. r/rr-xr-xr-x 0 0 2445-128-3 /WINDOWS/Provisioning/Schemas/eapgenericusercredentials.xsd 1275 ..c. r/rr-xr-xr-x 0 0 2446-128-3 /WINDOWS/Provisioning/Schemas/eaphostconfig.xsd 1353 ..c. r/rr-xr-xr-x 0 0 2447-128-3 /WINDOWS/Provisioning/Schemas/eaphostusercredentials.xsd 1159 ..c. r/rr-xr-xr-x 0 0 2448-128-3 /WINDOWS/Provisioning/Schemas/eapconnectionpropertiesv1.xsd 789 ..c. r/rr-xr-xr-x 0 0 2449-128-3 /WINDOWS/Provisioning/Schemas/eapuserpropertiesv1.xsd 3192 ..c. r/rr-xr-xr-x 0 0 2450-128-3 /WINDOWS/Provisioning/Schemas/eaptlsconnectionpropertiesv1.xsd 1329 ..c. r/rr-xr-xr-x 0 0 2451-128-3 /WINDOWS/Provisioning/Schemas/eaptlsuserpropertiesv1.xsd 64768 ..c. r/rr-xr-xr-x 0 0 2467-128-3 /WINDOWS/Help/evconcepts.chm 48494 ..c. r/rr-xr-xr-x 0 0 2480-128-3 /WINDOWS/Help/file_srv.chm 77945 ..c. r/rr-xr-xr-x 0 0 2481-128-3 /WINDOWS/Help/filefold.chm 1224 ..c. r/rr-xr-xr-x 0 0 2485-128-3 /WINDOWS/inf/fltmgr.inf 123096 ..c. r/rr-xr-xr-x 0 0 249-128-3 /WINDOWS/Fonts/trebucbd.ttf 7946 ..c. r/rr-xr-xr-x 0 0 2492-128-3 /WINDOWS/inf/fp40ext.inf 50680 ..c. r/rr-xr-xr-x 0 0 2498-128-3 /WINDOWS/inf/fxsocm.inf 226748 ..c. r/rr-xr-xr-x 0 0 250-128-3 /WINDOWS/Fonts/arialbi.ttf 32171 ..c. r/rr-xr-xr-x 0 0 2509-128-3 /WINDOWS/Help/hardware.chm 207808 ..c. r/rr-xr-xr-x 0 0 251-128-3 /WINDOWS/Fonts/ariali.ttf 15071 ..c. r/rr-xr-xr-x 0 0 2510-128-3 /WINDOWS/Help/hardware.hlp 2464 ..c. r/rr-xr-xr-x 0 0 2511-128-3 /WINDOWS/inf/hdaudbus.inf 144384 ..c. r/rr-xr-xr-x 0 0 2512-128-3 /WINDOWS/system32/drivers/hdaudbus.sys 1995 ..c. r/rr-xr-xr-x 0 0 2519-128-3 /WINDOWS/inf/hidbth.inf 111476 ..c. r/rr-xr-xr-x 0 0 252-128-3 /WINDOWS/Fonts/comicbd.ttf 4433 ..c. r/rr-xr-xr-x 0 0 2521-128-3 /WINDOWS/inf/hidserv.inf 48179 ..c. r/rr-xr-xr-x 0 0 2527-128-3 /WINDOWS/Help/howto.chm 33427 ..c. r/rr-xr-xr-x 0 0 2528-128-3 /WINDOWS/Help/hschelp.chm 303296 ..c. r/rr-xr-xr-x 0 0 253-128-3 /WINDOWS/Fonts/cour.ttf 264832 ..c. r/rr-xr-xr-x 0 0 2530-128-3 /WINDOWS/system32/drivers/http.sys 54131 ..c. r/rr-xr-xr-x 0 0 2537-128-3 /WINDOWS/inf/ie.inf 815 ..c. r/rr-xr-xr-x 0 0 2538-128-3 /WINDOWS/inf/ieaccess.inf 312920 ..c. r/rr-xr-xr-x 0 0 254-128-3 /WINDOWS/Fonts/courbd.ttf 204810 ..c. r/rr-xr-xr-x 0 0 2545-128-3 /WINDOWS/Help/iexplore.chm 236148 ..c. r/rr-xr-xr-x 0 0 255-128-3 /WINDOWS/Fonts/courbi.ttf 836490 ..c. r/rr-xr-xr-x 0 0 2550-128-3 /WINDOWS/inf/iis.inf 38132 ..c. r/rr-xr-xr-x 0 0 2551-128-3 /WINDOWS/Help/iis.chm 48885 ..c. r/rr-xr-xr-x 0 0 2555-128-3 /WINDOWS/inf/ims.inf 245032 ..c. r/rr-xr-xr-x 0 0 256-128-3 /WINDOWS/Fonts/couri.ttf 1719224 ..c. r/rr-xr-xr-x 0 0 2560-128-3 /WINDOWS/inf/inetres.adm 165024 ..c. r/rr-xr-xr-x 0 0 2561-128-3 /WINDOWS/Help/inetres.chm 18516 ..c. r/rr-xr-xr-x 0 0 2562-128-3 /WINDOWS/inf/inetset.adm 81568 ..c. r/rr-xr-xr-x 0 0 2563-128-3 /WINDOWS/Help/infrared.chm 69990 ..c. r/rr-xr-xr-x 0 0 2565-128-3 /WINDOWS/inf/input.inf 34703 ..c. r/rr-xr-xr-x 0 0 2566-128-3 /WINDOWS/Help/input.chm 24285 ..c. r/rr-xr-xr-x 0 0 2567-128-3 /WINDOWS/Help/input.hlp 141032 ..c. r/rr-xr-xr-x 0 0 257-128-3 /WINDOWS/Fonts/georgiab.ttf 36352 ..c. r/rr-xr-xr-x 0 0 2570-128-3 /WINDOWS/system32/drivers/intelppm.sys 868116 ..c. r/rr-xr-xr-x 0 0 2572-128-3 /WINDOWS/inf/intl.inf 36608 ..c. r/rr-xr-xr-x 0 0 2573-128-3 /WINDOWS/system32/drivers/ip6fw.sys 20864 ..c. r/rr-xr-xr-x 0 0 2575-128-3 /WINDOWS/system32/drivers/ipinip.sys 152832 ..c. r/rr-xr-xr-x 0 0 2577-128-3 /WINDOWS/system32/drivers/ipnat.sys 157388 ..c. r/rr-xr-xr-x 0 0 258-128-3 /WINDOWS/Fonts/georgiai.ttf 159736 ..c. r/rr-xr-xr-x 0 0 259-128-3 /WINDOWS/Fonts/georgiaz.ttf 219609 ..c. r/rr-xr-xr-x 0 0 2592-128-3 /WINDOWS/Help/ipsecconcepts.chm 154065 ..c. r/rr-xr-xr-x 0 0 2594-128-3 /WINDOWS/Help/Ipv6.chm 27483 ..c. r/rr-xr-xr-x 0 0 2599-128-3 /WINDOWS/inf/irbus.inf 323980 ..c. r/rr-xr-xr-x 0 0 260-128-3 /WINDOWS/Fonts/l_10646.ttf 115068 ..c. r/rr-xr-xr-x 0 0 261-128-3 /WINDOWS/Fonts/lucon.ttf 489884 ..c. r/rr-xr-xr-x 0 0 262-128-3 /WINDOWS/Fonts/pala.ttf 43203 ..c. r/rr-xr-xr-x 0 0 2623-128-3 /WINDOWS/inf/keyboard.inf 278 ..c. r/rr-xr-xr-x 0 0 2628-128-1 /WINDOWS/inf/koc.inf 36992 ..c. r/rr-xr-xr-x 0 0 2629-128-3 /WINDOWS/inf/ks.inf 434004 ..c. r/rr-xr-xr-x 0 0 263-128-3 /WINDOWS/Fonts/palab.ttf 23978 ..c. r/rr-xr-xr-x 0 0 2630-128-3 /WINDOWS/inf/kscaptur.inf 9904 ..c. r/rr-xr-xr-x 0 0 2631-128-3 /WINDOWS/inf/ksfilter.inf 2687 ..c. r/rr-xr-xr-x 0 0 2633-128-3 /WINDOWS/L2Schemas/lan_policy_v1.xsd 2241 ..c. r/rr-xr-xr-x 0 0 2634-128-3 /WINDOWS/L2Schemas/lan_profile_v1.xsd 78519 ..c. r/rr-xr-xr-x 0 0 2635-128-3 /WINDOWS/Help/langbar.chm 417419 ..c. r/rr-xr-xr-x 0 0 2636-128-3 /WINDOWS/inf/layout.inf 101723 ..c. r/rr-xr-xr-x 0 0 2637-128-3 /WINDOWS/Help/mstsc.chm 31785 ..c. r/rr-xr-xr-x 0 0 2638-128-3 /WINDOWS/Help/rdesktop.chm 32564 ..c. r/rr-xr-xr-x 0 0 2639-128-3 /WINDOWS/Help/license.chm 344288 ..c. r/rr-xr-xr-x 0 0 264-128-3 /WINDOWS/Fonts/palabi.ttf 58740 ..c. r/rr-xr-xr-x 0 0 2649-128-3 /WINDOWS/Fonts/lsans.ttf 430800 ..c. r/rr-xr-xr-x 0 0 265-128-3 /WINDOWS/Fonts/palai.ttf 54320 ..c. r/rr-xr-xr-x 0 0 2650-128-3 /WINDOWS/Fonts/lsansd.ttf 60664 ..c. r/rr-xr-xr-x 0 0 2651-128-3 /WINDOWS/Fonts/lsansdi.ttf 59636 ..c. r/rr-xr-xr-x 0 0 2652-128-3 /WINDOWS/Fonts/lsansi.ttf 4190352 ..c. r/rr-xr-xr-x 0 0 2654-128-3 /WINDOWS/Resources/Themes/Luna/luna.msstyles 85547 ..c. r/rr-xr-xr-x 0 0 2655-128-3 /WINDOWS/inf/machine.inf 16322 ..c. r/rr-xr-xr-x 0 0 2659-128-3 /WINDOWS/inf/mchgr.inf 69464 ..c. r/rr-xr-xr-x 0 0 266-128-3 /WINDOWS/Fonts/symbol.ttf 11790 ..c. r/rr-xr-xr-x 0 0 2664-128-3 /WINDOWS/inf/mdac.inf 26756 ..c. r/rr-xr-xr-x 0 0 2665-128-3 /WINDOWS/inf/mdmbtmdm.inf 41011 ..c. r/rr-xr-xr-x 0 0 2666-128-3 /WINDOWS/inf/mdmetech.inf 49296 ..c. r/rr-xr-xr-x 0 0 2667-128-3 /WINDOWS/inf/mdmgen.inf 80087 ..c. r/rr-xr-xr-x 0 0 2669-128-3 /WINDOWS/inf/mdmirmdm.inf 239692 ..c. r/rr-xr-xr-x 0 0 267-128-3 /WINDOWS/Fonts/timesbi.ttf 27971 ..c. r/rr-xr-xr-x 0 0 2670-128-3 /WINDOWS/inf/mdmsuprv.inf 49661 ..c. r/rr-xr-xr-x 0 0 2671-128-3 /WINDOWS/inf/mdmusrk1.inf 15527 ..c. r/rr-xr-xr-x 0 0 2672-128-3 /WINDOWS/inf/mdmvv.inf 2180663 ..c. r/rr-xr-xr-x 0 0 2673-128-3 /WINDOWS/msagent/chars/merlin.acs 63744 ..c. r/rr-xr-xr-x 0 0 2674-128-3 /WINDOWS/system32/drivers/mf.sys 248368 ..c. r/rr-xr-xr-x 0 0 268-128-3 /WINDOWS/Fonts/timesi.ttf 79196 ..c. r/rr-xr-xr-x 0 0 2684-128-3 /WINDOWS/Help/misc.chm 28672 ..c. r/rr-xr-xr-x 0 0 2688-128-3 /WINDOWS/system32/en/microsoft.managementconsole.resources.dll 131188 ..c. r/rr-xr-xr-x 0 0 269-128-3 /WINDOWS/Fonts/trebucbi.ttf 40960 ..c. r/rr-xr-xr-x 0 0 2690-128-3 /WINDOWS/system32/en/mmcex.resources.dll 6656 ..c. r/rr-xr-xr-x 0 0 2692-128-3 /WINDOWS/system32/en/mmcfxcommon.resources.dll 143747 ..c. r/rr-xr-xr-x 0 0 2695-128-3 /WINDOWS/Help/mmc.chm 20776 ..c. r/rr-xr-xr-x 0 0 2698-128-3 /WINDOWS/inf/mmopt.inf 139288 ..c. r/rr-xr-xr-x 0 0 270-128-3 /WINDOWS/Fonts/trebucit.ttf 56768 ..c. r/rr-xr-xr-x 0 0 2702-128-3 /WINDOWS/Help/mode.chm 7379 ..c. r/rr-xr-xr-x 0 0 2705-128-3 /WINDOWS/inf/moviemk.inf 3353 ..c. r/rr-xr-xr-x 0 0 2706-128-3 /WINDOWS/inf/mpe.inf 155076 ..c. r/rr-xr-xr-x 0 0 271-128-3 /WINDOWS/Fonts/verdanai.ttf 92544 ..c. r/rr-xr-xr-x 0 0 2710-128-3 /WINDOWS/system32/drivers/mqac.sys 154800 ..c. r/rr-xr-xr-x 0 0 272-128-3 /WINDOWS/Fonts/verdanaz.ttf 118752 ..c. r/rr-xr-xr-x 0 0 273-128-3 /WINDOWS/Fonts/webdings.ttf 1271 ..c. r/rr-xr-xr-x 0 0 2730-128-3 /WINDOWS/Provisioning/Schemas/mschapv2connectionpropertiesv1.xsd 1410 ..c. r/rr-xr-xr-x 0 0 2731-128-3 /WINDOWS/Provisioning/Schemas/mschapv2userpropertiesv1.xsd 27604 ..c. r/rr-xr-xr-x 0 0 2738-128-3 /WINDOWS/inf/mshdc.inf 81000 ..c. r/rr-xr-xr-x 0 0 274-128-3 /WINDOWS/Fonts/wingding.ttf 204396 ..c. r/rr-xr-xr-x 0 0 2745-128-3 /WINDOWS/AppPatch/msimain.sdb 44271 ..c. r/rr-xr-xr-x 0 0 2746-128-3 /WINDOWS/Help/msinfo32.chm 137616 ..c. r/rr-xr-xr-x 0 0 275-128-3 /WINDOWS/Fonts/verdanab.ttf 39936 ..c. r/rr-xr-xr-x 0 0 2753-128-3 /WINDOWS/msagent/mslwvtts.dll 488023 ..c. r/rr-xr-xr-x 0 0 2754-128-3 /WINDOWS/Help/msmqconcepts.chm 18400 ..c. r/rr-xr-xr-x 0 0 2757-128-3 /WINDOWS/inf/msoe50.inf 2843 ..c. r/rr-xr-xr-x 0 0 2761-128-3 /WINDOWS/Provisioning/Schemas/mspeapconnectionpropertiesv1.xsd 1484 ..c. r/rr-xr-xr-x 0 0 2762-128-3 /WINDOWS/Provisioning/Schemas/mspeapuserpropertiesv1.xsd 15488 ..c. r/rr-xr-xr-x 0 0 2771-128-3 /WINDOWS/system32/drivers/mssmbios.sys 16957 ..c. r/rr-xr-xr-x 0 0 2772-128-3 /WINDOWS/inf/mstape.inf 37318 ..c. r/rr-xr-xr-x 0 0 2773-128-3 /WINDOWS/Help/mstask.chm 879 ..c. r/rr-xr-xr-x 0 0 2788-128-3 /Documents and Settings/malware/Local Settings/Temp/smtmp/1/Programs/Accessories/WordPad.lnk 7895 ..c. r/rr-xr-xr-x 0 0 279-128-3 /WINDOWS/inf/1394.inf 5748 ..c. r/rr-xr-xr-x 0 0 2790-128-3 /WINDOWS/inf/multimed.inf 4097 ..c. r/rr-xr-xr-x 0 0 2791-128-3 /WINDOWS/inf/nabtsfec.inf 1352 ..c. r/rr-xr-xr-x 0 0 280-128-3 /WINDOWS/inf/1394vdbg.inf 6742 ..c. r/rr-xr-xr-x 0 0 2801-128-3 /WINDOWS/inf/ndisip.inf 787 ..c. r/rr-xr-xr-x 0 0 2803-128-3 /WINDOWS/inf/netbeac.inf 535789 ..c. r/rr-xr-xr-x 0 0 2804-128-3 /WINDOWS/Help/netcfg.chm 111115 ..c. r/rr-xr-xr-x 0 0 2808-128-3 /WINDOWS/inf/netfxocm.inf 696 ..c. r/rr-xr-xr-x 0 0 2809-128-1 /WINDOWS/inf/netfw.inf 2505 ..c. r/rr-xr-xr-x 0 0 281-128-3 /WINDOWS/inf/61883.inf 6151 ..c. r/rr-xr-xr-x 0 0 2811-128-3 /WINDOWS/inf/netip6.inf 11747 ..c. r/rr-xr-xr-x 0 0 2812-128-3 /WINDOWS/inf/netmscli.inf 8847 ..c. r/rr-xr-xr-x 0 0 2813-128-3 /WINDOWS/inf/netnm.inf 9074 ..c. r/rr-xr-xr-x 0 0 2815-128-3 /WINDOWS/inf/netoc.inf 39025 ..c. r/rr-xr-xr-x 0 0 2817-128-3 /WINDOWS/inf/netrass.inf 2938 ..c. r/rr-xr-xr-x 0 0 2818-128-3 /WINDOWS/inf/netrndis.inf 24362 ..c. r/rr-xr-xr-x 0 0 2822-128-3 /WINDOWS/inf/nettcpip.inf 1997 ..c. r/rr-xr-xr-x 0 0 2823-128-3 /WINDOWS/inf/nettun.inf 3243 ..c. r/rr-xr-xr-x 0 0 2824-128-3 /WINDOWS/inf/netupnph.inf 3998 ..c. r/rr-xr-xr-x 0 0 2826-128-3 /WINDOWS/inf/netwzc.inf 61824 ..c. r/rr-xr-xr-x 0 0 2827-128-3 /WINDOWS/system32/drivers/nic1394.sys 40320 ..c. r/rr-xr-xr-x 0 0 2829-128-3 /WINDOWS/system32/drivers/nmnt.sys 20832 ..c. r/rr-xr-xr-x 0 0 283-128-3 /WINDOWS/Help/acc_dis.chm 119384 ..c. r/rr-xr-xr-x 0 0 2830-128-3 /WINDOWS/Media/notify.wav 20257 ..c. r/rr-xr-xr-x 0 0 2835-128-3 /WINDOWS/Help/ntchowto.chm 574976 ..c. r/rr-xr-xr-x 0 0 2837-128-3 /WINDOWS/system32/drivers/ntfs.sys 35919 ..c. r/rr-xr-xr-x 0 0 284-128-3 /WINDOWS/Help/access.chm 21138 ..c. r/rr-xr-xr-x 0 0 285-128-3 /WINDOWS/Help/accessib.chm 1498946 ..c. r/rr-xr-xr-x 0 0 2850-128-3 /WINDOWS/inf/ntprint.inf 271333 ..c. r/rr-xr-xr-x 0 0 2853-128-3 /WINDOWS/Help/nusrmgr.chm 88320 ..c. r/rr-xr-xr-x 0 0 2855-128-3 /WINDOWS/system32/drivers/nwlnkipx.sys 163584 ..c. r/rr-xr-xr-x 0 0 2857-128-3 /WINDOWS/system32/drivers/nwrdr.sys 3237 ..c. r/rr-xr-xr-x 0 0 286-128-3 /WINDOWS/inf/acerscan.inf 771 ..c. r/rr-xr-xr-x 0 0 2878-128-3 /WINDOWS/inf/oeaccess.inf 51552 ..c. r/rr-xr-xr-x 0 0 288-128-3 /WINDOWS/Help/aclui.chm 15263 ..c. r/rr-xr-xr-x 0 0 2884-128-3 /WINDOWS/L2Schemas/WLAN_profile_v1.xsd 6786 ..c. r/rr-xr-xr-x 0 0 2889-128-3 /WINDOWS/inf/p2p.inf 17277 ..c. r/rr-xr-xr-x 0 0 289-128-3 /WINDOWS/Help/aclui.hlp 13358 ..c. r/rr-xr-xr-x 0 0 2896-128-3 /WINDOWS/inf/parhmse.inf 21891 ..c. r/rr-xr-xr-x 0 0 2897-128-3 /WINDOWS/Help/password.chm 5089 ..c. r/rr-xr-xr-x 0 0 2898-128-3 /WINDOWS/inf/pchealth.inf 120192 ..c. r/rr-xr-xr-x 0 0 2899-128-3 /WINDOWS/system32/drivers/pcmcia.sys 284160 ..c. r/rr-xr-xr-x 0 0 2900-128-1 /WINDOWS/system32/dllcache/pdh.dll 15481 ..c. r/rr-xr-xr-x 0 0 291-128-3 /WINDOWS/Help/addremov.chm 53259 ..c. r/rr-xr-xr-x 0 0 2914-128-3 /WINDOWS/inf/pnpscsi.inf 98833 ..c. r/rr-xr-xr-x 0 0 2919-128-3 /WINDOWS/Help/printing.chm 27532 ..c. r/rr-xr-xr-x 0 0 292-128-3 /WINDOWS/Help/ade.hlp 35422 ..c. r/rr-xr-xr-x 0 0 293-128-3 /WINDOWS/Help/admtools.chm 6547 ..c. r/rr-xr-xr-x 0 0 2932-128-3 /WINDOWS/inf/qmgr.inf 1894 ..c. r/rr-xr-xr-x 0 0 2935-128-3 /WINDOWS/inf/ramdisk.inf 105608 ..c. r/rr-xr-xr-x 0 0 294-128-3 /WINDOWS/Help/adprop.hlp 25434 ..c. r/rr-xr-xr-x 0 0 2947-128-3 /WINDOWS/Media/recycle.wav 24567 ..c. r/rr-xr-xr-x 0 0 2950-128-3 /WINDOWS/Help/regopt.chm 20126 ..c. r/rr-xr-xr-x 0 0 2952-128-3 /WINDOWS/Help/remasst.chm 10026 ..c. r/rr-xr-xr-x 0 0 2957-128-3 /WINDOWS/Media/ringin.wav 5212 ..c. r/rr-xr-xr-x 0 0 2958-128-3 /WINDOWS/Media/ringout.wav 202624 ..c. r/rr-xr-xr-x 0 0 2959-128-3 /WINDOWS/system32/drivers/RMCast.sys 30592 ..c. r/rr-xr-xr-x 0 0 2960-128-3 /WINDOWS/system32/drivers/rndismp.sys 45830 ..c. r/rr-xr-xr-x 0 0 2965-128-3 /WINDOWS/Help/rsop.chm 17708 ..c. r/rr-xr-xr-x 0 0 2978-128-3 /WINDOWS/inf/sceregvl.inf 3843 ..c. r/rr-xr-xr-x 0 0 298-128-3 /WINDOWS/inf/apcompat.inf 10822 ..c. r/rr-xr-xr-x 0 0 2984-128-3 /WINDOWS/inf/scsi.inf 96384 ..c. r/rr-xr-xr-x 0 0 2985-128-3 /WINDOWS/system32/drivers/scsiport.sys 3669 ..c. r/rr-xr-xr-x 0 0 2988-128-3 /WINDOWS/inf/sdbus.inf 79232 ..c. r/rr-xr-xr-x 0 0 2989-128-3 /WINDOWS/system32/drivers/sdbus.sys 20480 ..c. r/rr-xr-xr-x 0 0 2991-128-3 /WINDOWS/system32/drivers/secdrv.sys 8339 ..c. r/rr-xr-xr-x 0 0 2993-128-3 /WINDOWS/inf/secrecs.inf 18379 ..c. r/rr-xr-xr-x 0 0 2998-128-3 /WINDOWS/Help/sendcmsg.chm 56 .a.. d/dr-xr-xr-x 0 0 30-144-5 /WINDOWS/system32/config 43229 ..c. r/rr-xr-xr-x 0 0 3004-128-3 /WINDOWS/inf/setupqry.inf 4433 ..c. r/rr-xr-xr-x 0 0 3006-128-3 /WINDOWS/inf/sffdisk.inf 11904 ..c. r/rr-xr-xr-x 0 0 3007-128-3 /WINDOWS/system32/drivers/sffdisk.sys 11008 ..c. r/rr-xr-xr-x 0 0 3008-128-3 /WINDOWS/system32/drivers/sffp_sd.sys 10240 ..c. r/rr-xr-xr-x 0 0 3009-128-3 /WINDOWS/system32/drivers/sffp_mmc.sys 404 ..c. r/rr-xr-xr-x 0 0 301-128-1 /WINDOWS/inf/appmig.inf 26411 ..c. r/rr-xr-xr-x 0 0 3011-128-3 /WINDOWS/inf/shell.inf 6540 ..c. r/rr-xr-xr-x 0 0 3014-128-3 /WINDOWS/inf/shl_img.inf 62517 ..c. r/rr-xr-xr-x 0 0 302-128-3 /WINDOWS/inf/apps.inf 3599 ..c. r/rr-xr-xr-x 0 0 3026-128-3 /WINDOWS/inf/slip.inf 23714 ..c. r/rr-xr-xr-x 0 0 3027-128-3 /WINDOWS/inf/smartcrd.inf 34816 ..c. r/rr-xr-xr-x 0 0 3030-128-3 /WINDOWS/Help/sniffpol.dll 25344 ..c. r/rr-xr-xr-x 0 0 3033-128-3 /WINDOWS/system32/drivers/sonydcam.sys 20056462 ..c. r/rr-xr-xr-x 0 0 3034-128-3 /WINDOWS/Driver Cache/i386/sp3.cab 20233 ..c. r/rr-xr-xr-x 0 0 3035-128-3 /WINDOWS/Help/spad.chm 202413 ..c. r/rr-xr-xr-x 0 0 3036-128-3 /WINDOWS/Help/spconcepts.chm 119885 ..c. r/rr-xr-xr-x 0 0 3038-128-3 /WINDOWS/Help/spolsconcepts.chm 151552 ..c. r/rr-xr-xr-x 0 0 3039-128-3 /WINDOWS/PeerNet/sqldb20.dll 462848 ..c. r/rr-xr-xr-x 0 0 3040-128-3 /WINDOWS/PeerNet/sqlqp20.dll 110592 ..c. r/rr-xr-xr-x 0 0 3041-128-3 /WINDOWS/PeerNet/sqlse20.dll 17304 ..c. r/rr-xr-xr-x 0 0 3045-128-3 /WINDOWS/Help/sr_ui.chm 392 ..c. r/rr-xr-xr-x 0 0 305-128-1 /WINDOWS/inf/asroc.inf 33280 ..c. r/rr-xr-xr-x 0 0 3057-128-3 /WINDOWS/Help/sstub.dll 29798 ..c. r/rr-xr-xr-x 0 0 306-128-3 /WINDOWS/inf/atividin.inf 49408 ..c. r/rr-xr-xr-x 0 0 3062-128-3 /WINDOWS/system32/drivers/stream.sys 5884 ..c. r/rr-xr-xr-x 0 0 3063-128-3 /WINDOWS/inf/streamip.inf 1863 ..c. r/rr-xr-xr-x 0 0 3065-128-3 /WINDOWS/inf/swflash.inf 32400 ..c. r/rr-xr-xr-x 0 0 3068-128-3 /WINDOWS/Help/sys_srv.chm 1896 ..c. r/rr-xr-xr-x 0 0 3072-128-3 /WINDOWS/inf/sysoc.inf 35403 ..c. r/rr-xr-xr-x 0 0 3074-128-3 /WINDOWS/Help/sysrestore.chm 35862 ..c. r/rr-xr-xr-x 0 0 3075-128-3 /WINDOWS/inf/syssetup.inf 1745720 ..c. r/rr-xr-xr-x 0 0 3076-128-3 /WINDOWS/inf/system.adm 462338 ..c. r/rr-xr-xr-x 0 0 3077-128-3 /WINDOWS/Help/system.chm 171100 ..c. r/rr-xr-xr-x 0 0 3079-128-3 /WINDOWS/Media/tada.wav 31360 ..c. r/rr-xr-xr-x 0 0 308-128-3 /WINDOWS/system32/drivers/atmepvc.sys 33550 ..c. r/rr-xr-xr-x 0 0 3080-128-3 /WINDOWS/inf/tape.inf 14976 ..c. r/rr-xr-xr-x 0 0 3081-128-3 /WINDOWS/system32/drivers/tape.sys 225664 ..c. r/rr-xr-xr-x 0 0 3087-128-3 /WINDOWS/system32/drivers/tcpip6.sys 4473 ..c. r/rr-xr-xr-x 0 0 3092-128-3 /WINDOWS/inf/tdibth.inf 56 .a.. d/dr-xr-xr-x 0 0 31-144-6 /WINDOWS/system32/drivers 352256 ..c. r/rr-xr-xr-x 0 0 310-128-3 /WINDOWS/system32/drivers/atmuni.sys 313676 ..c. r/rr-xr-xr-x 0 0 3106-128-3 /WINDOWS/Help/tshoot.chm 279040 ..c. r/rr-xr-xr-x 0 0 3107-128-3 /WINDOWS/Help/tshoot.dll 119855 ..c. r/rr-xr-xr-x 0 0 3109-128-3 /WINDOWS/inf/tsoc.inf 11445 ..c. r/rr-xr-xr-x 0 0 311-128-3 /WINDOWS/Help/audiocdc.hlp 12288 ..c. r/rr-xr-xr-x 0 0 3110-128-3 /WINDOWS/system32/drivers/tunmp.sys 45068 ..c. r/rr-xr-xr-x 0 0 3112-128-3 /WINDOWS/Help/twclient.chm 12488 ..c. r/rr-xr-xr-x 0 0 3113-128-3 /WINDOWS/Help/twclient.hlp 66048 ..c. r/rr-xr-xr-x 0 0 3117-128-3 /WINDOWS/system32/drivers/udfs.sys 32750 ..c. r/rr-xr-xr-x 0 0 312-128-3 /WINDOWS/Help/audit.chm 61279 ..c. r/rr-xr-xr-x 0 0 3125-128-3 /WINDOWS/Help/update1.chm 12800 ..c. r/rr-xr-xr-x 0 0 3131-128-3 /WINDOWS/system32/drivers/usb8023.sys 25600 ..c. r/rr-xr-xr-x 0 0 3132-128-3 /WINDOWS/system32/drivers/usbcamd.sys 25728 ..c. r/rr-xr-xr-x 0 0 3133-128-3 /WINDOWS/system32/drivers/usbcamd2.sys 23708 ..c. r/rr-xr-xr-x 0 0 3134-128-3 /WINDOWS/inf/usbport.inf 9026 ..c. r/rr-xr-xr-x 0 0 3135-128-3 /WINDOWS/inf/usbvideo.inf 30284 ..c. r/rr-xr-xr-x 0 0 3136-128-3 /WINDOWS/Help/usercpl.chm 4269 ..c. r/rr-xr-xr-x 0 0 314-128-3 /WINDOWS/inf/avc.inf 5955 ..c. r/rr-xr-xr-x 0 0 3150-128-3 /WINDOWS/inf/wbemoc.inf 63292 ..c. r/rr-xr-xr-x 0 0 3152-128-3 /WINDOWS/inf/wdma_ali.inf 18734 ..c. r/rr-xr-xr-x 0 0 3153-128-3 /WINDOWS/inf/wdma_via.inf 16643 ..c. r/rr-xr-xr-x 0 0 3154-128-3 /WINDOWS/Help/webpub.chm 46008 ..c. r/rr-xr-xr-x 0 0 3157-128-3 /WINDOWS/Help/whatsnew.chm 8047 ..c. r/rr-xr-xr-x 0 0 3173-128-3 /WINDOWS/inf/wordpad.inf 1633 ..c. r/rr-xr-xr-x 0 0 318-128-3 /WINDOWS/inf/axant5.inf 3612 ..c. r/rr-xr-xr-x 0 0 3192-128-3 /WINDOWS/inf/wstcodec.inf 6091 ..c. r/rr-xr-xr-x 0 0 3199-128-3 /WINDOWS/inf/au.inf 56 .a.. d/dr-xr-xr-x 0 0 32-144-5 /WINDOWS/system 40856 ..c. r/rr-xr-xr-x 0 0 3200-128-3 /WINDOWS/inf/wuau.adm 20170 ..c. r/rr-xr-xr-x 0 0 3201-128-3 /WINDOWS/Help/wuau.chm 73873 ..c. r/rr-xr-xr-x 0 0 3202-128-3 /WINDOWS/Help/wuauhelp.chm 520 ..c. r/rr-xr-xr-x 0 0 3206-128-1 /WINDOWS/Provisioning/Schemas/baseeapconnectionpropertiesv1.xdr 580 ..c. r/rr-xr-xr-x 0 0 3207-128-4 /WINDOWS/Provisioning/Schemas/baseeapuserpropertiesv1.xdr 1426 ..c. r/rr-xr-xr-x 0 0 3208-128-3 /WINDOWS/Provisioning/Schemas/branding.xdr 689 ..c. r/rr-xr-xr-x 0 0 3209-128-3 /WINDOWS/Provisioning/Schemas/eapconnectionpropertiesv1.xdr 361472 ..c. r/rr-xr-xr-x 0 0 321-128-3 /WINDOWS/Resources/Themes/Luna/Shell/NormalColor/shellstyle.dll 378 ..c. r/rr-xr-xr-x 0 0 3210-128-1 /WINDOWS/Provisioning/Schemas/eapuserpropertiesv1.xdr 9924 ..c. r/rr-xr-xr-x 0 0 3211-128-3 /WINDOWS/Provisioning/Schemas/flashconfigdevice.xdr 4089 ..c. r/rr-xr-xr-x 0 0 3212-128-3 /WINDOWS/Provisioning/Schemas/flashconfig.xdr 732 ..c. r/rr-xr-xr-x 0 0 3213-128-3 /WINDOWS/Provisioning/Schemas/help.xdr 1721 ..c. r/rr-xr-xr-x 0 0 3214-128-3 /WINDOWS/Provisioning/Schemas/locations.xdr 2459 ..c. r/rr-xr-xr-x 0 0 3215-128-3 /WINDOWS/Provisioning/Schemas/masterfile.xdr 395 ..c. r/rr-xr-xr-x 0 0 3216-128-1 /WINDOWS/Provisioning/Schemas/mschapv2connectionpropertiesv1.xdr 861 ..c. r/rr-xr-xr-x 0 0 3217-128-3 /WINDOWS/Provisioning/Schemas/mschapv2userpropertiesv1.xdr 1911 ..c. r/rr-xr-xr-x 0 0 3218-128-3 /WINDOWS/Provisioning/Schemas/mspeapconnectionpropertiesv1.xdr 698 ..c. r/rr-xr-xr-x 0 0 3219-128-3 /WINDOWS/Provisioning/Schemas/mspeapuserpropertiesv1.xdr 19007 ..c. r/rr-xr-xr-x 0 0 322-128-3 /WINDOWS/Help/blurbs.chm 1032 ..c. r/rr-xr-xr-x 0 0 3220-128-3 /WINDOWS/Provisioning/Schemas/register.xdr 1673 ..c. r/rr-xr-xr-x 0 0 3221-128-3 /WINDOWS/Provisioning/Schemas/ssid.xdr 22405 ..c. r/rr-xr-xr-x 0 0 3222-128-3 /WINDOWS/Provisioning/Schemas/wizard.xdr 2036 ..c. r/rr-xr-xr-x 0 0 3223-128-3 /WINDOWS/Provisioning/Schemas/wirelessprofile.xdr 6400 ..c. r/rr-xr-xr-x 0 0 3226-128-3 /WINDOWS/Media/Windows XP Balloon.wav 36910 ..c. r/rr-xr-xr-x 0 0 3227-128-3 /WINDOWS/Media/Windows XP Battery Critical.wav 53864 ..c. r/rr-xr-xr-x 0 0 3228-128-3 /WINDOWS/Media/Windows XP Battery Low.wav 29444 ..c. r/rr-xr-xr-x 0 0 3229-128-3 /WINDOWS/Media/Windows XP Pop-up Blocked.wav 152576 ..c. r/rr-xr-xr-x 0 0 323-128-3 /WINDOWS/Help/bnts.dll 39382 ..c. r/rr-xr-xr-x 0 0 3230-128-3 /WINDOWS/Media/Windows XP Critical Stop.wav 24530 ..c. r/rr-xr-xr-x 0 0 3231-128-3 /WINDOWS/Media/Windows XP Default.wav 17132 ..c. r/rr-xr-xr-x 0 0 3232-128-3 /WINDOWS/Media/Windows XP Ding.wav 44136 ..c. r/rr-xr-xr-x 0 0 3233-128-3 /WINDOWS/Media/Windows XP Error.wav 42576 ..c. r/rr-xr-xr-x 0 0 3234-128-3 /WINDOWS/Media/Windows XP Exclamation.wav 36614 ..c. r/rr-xr-xr-x 0 0 3235-128-3 /WINDOWS/Media/Windows XP Hardware Fail.wav 36636 ..c. r/rr-xr-xr-x 0 0 3236-128-3 /WINDOWS/Media/Windows XP Hardware Insert.wav 36538 ..c. r/rr-xr-xr-x 0 0 3237-128-3 /WINDOWS/Media/Windows XP Hardware Remove.wav 20336 ..c. r/rr-xr-xr-x 0 0 3238-128-3 /WINDOWS/Media/Windows XP Information Bar.wav 179704 ..c. r/rr-xr-xr-x 0 0 3239-128-3 /WINDOWS/Media/Windows XP Logoff Sound.wav 39622 ..c. r/rr-xr-xr-x 0 0 324-128-3 /WINDOWS/Help/bootcons.chm 190208 ..c. r/rr-xr-xr-x 0 0 3240-128-3 /WINDOWS/Media/Windows XP Logon Sound.wav 1404 ..c. r/rr-xr-xr-x 0 0 3241-128-3 /WINDOWS/Media/Windows XP Menu Command.wav 22580 ..c. r/rr-xr-xr-x 0 0 3242-128-3 /WINDOWS/Media/Windows XP Minimize.wav 558080 ..c. r/rr-xr-xr-x 0 0 3243-128-3 /WINDOWS/Network Diagnostic/xpnetdiag.exe 1692 ..c. r/rr-xr-xr-x 0 0 3244-128-3 /WINDOWS/Network Diagnostic/xpnetdiag.xsl 48988 ..c. r/rr-xr-xr-x 0 0 3245-128-3 /WINDOWS/Media/Windows XP Notify.wav 43762 ..c. r/rr-xr-xr-x 0 0 3246-128-3 /WINDOWS/Media/Windows XP Print complete.wav 22816 ..c. r/rr-xr-xr-x 0 0 3247-128-3 /WINDOWS/Media/Windows XP Recycle.wav 19458 ..c. r/rr-xr-xr-x 0 0 3248-128-3 /WINDOWS/Media/Windows XP Restore.wav 38930 ..c. r/rr-xr-xr-x 0 0 3249-128-3 /WINDOWS/Media/Windows XP Ringin.wav 22070 ..c. r/rr-xr-xr-x 0 0 3250-128-3 /WINDOWS/Media/Windows XP Ringout.wav 282608 ..c. r/rr-xr-xr-x 0 0 3251-128-3 /WINDOWS/Media/Windows XP Shutdown.wav 2202 ..c. r/rr-xr-xr-x 0 0 3252-128-3 /WINDOWS/Media/Windows XP Start.wav 424644 ..c. r/rr-xr-xr-x 0 0 3253-128-3 /WINDOWS/Media/Windows XP Startup.wav 6344 ..c. r/rr-xr-xr-x 0 0 3255-128-3 /WINDOWS/inf/oobe.inf 121452 ..c. r/rr-xr-xr-x 0 0 3256-128-3 /WINDOWS/Fonts/kartika.ttf 252820 ..c. r/rr-xr-xr-x 0 0 3262-128-3 /WINDOWS/Fonts/vrinda.ttf 250368 ..c. r/rr-xr-xr-x 0 0 3266-128-3 /WINDOWS/ime/SPTIP.dll 62976 ..c. r/rr-xr-xr-x 0 0 3267-128-3 /WINDOWS/ime/SPGRMR.dll 18991 ..c. r/rr-xr-xr-x 0 0 327-128-3 /WINDOWS/Help/brief.chm 220160 ..c. r/rr-xr-xr-x 0 0 3270-128-3 /WINDOWS/ime/mscandui.dll 130048 ..c. r/rr-xr-xr-x 0 0 3271-128-3 /WINDOWS/ime/SOFTKBD.DLL 401259 ..c. r/rr-xr-xr-x 0 0 3275-128-3 /WINDOWS/inf/tabletpc.inf 95597 ..c. r/rr-xr-xr-x 0 0 3277-128-3 /WINDOWS/inf/medctroc.inf 33792 ..c. r/rr-xr-xr-x 0 0 3278-128-3 /WINDOWS/ehome/custsat.dll 90624 ..c. r/rr-xr-xr-x 0 0 3279-128-3 /WINDOWS/mui/muisetup.exe 28644 ..c. r/rr-xr-xr-x 0 0 328-128-3 /WINDOWS/inf/brmfcmdm.inf 186880 ..c. r/rr-xr-xr-x 0 0 3281-128-3 /WINDOWS/system32/mui/0401/xpsp1res.dll 161280 ..c. r/rr-xr-xr-x 0 0 3282-128-3 /WINDOWS/system32/mui/0404/xpsp1res.dll 188928 ..c. r/rr-xr-xr-x 0 0 3283-128-3 /WINDOWS/system32/mui/0405/xpsp1res.dll 192000 ..c. r/rr-xr-xr-x 0 0 3284-128-3 /WINDOWS/system32/mui/0406/xpsp1res.dll 199680 ..c. r/rr-xr-xr-x 0 0 3285-128-3 /WINDOWS/system32/mui/0407/xpsp1res.dll 197632 ..c. r/rr-xr-xr-x 0 0 3286-128-3 /WINDOWS/system32/mui/0408/xpsp1res.dll 186368 ..c. r/rr-xr-xr-x 0 0 3287-128-3 /WINDOWS/system32/mui/040b/xpsp1res.dll 48055 ..c. r/rr-xr-xr-x 0 0 329-128-3 /WINDOWS/inf/brmfcmf.inf 3029 ..c. r/rr-xr-xr-x 0 0 330-128-3 /WINDOWS/inf/brmfcsto.inf 189440 ..c. r/rr-xr-xr-x 0 0 3304-128-3 /WINDOWS/system32/mui/0402/xpsp1res.dll 2556 ..c. r/rr-xr-xr-x 0 0 331-128-3 /WINDOWS/inf/brmfcumd.inf 2869248 ..c. r/rr-xr-xr-x 0 0 3314-128-3 /WINDOWS/system32/mui/0401/xpsp2res.dll 477696 ..c. r/rr-xr-xr-x 0 0 3315-128-3 /WINDOWS/system32/mui/0404/xpsp2res.dll 734720 ..c. r/rr-xr-xr-x 0 0 3316-128-3 /WINDOWS/system32/mui/0405/xpsp2res.dll 742912 ..c. r/rr-xr-xr-x 0 0 3317-128-3 /WINDOWS/system32/mui/0406/xpsp2res.dll 788480 ..c. r/rr-xr-xr-x 0 0 3318-128-3 /WINDOWS/system32/mui/0407/xpsp2res.dll 801280 ..c. r/rr-xr-xr-x 0 0 3319-128-3 /WINDOWS/system32/mui/0408/xpsp2res.dll 23444 ..c. r/rr-xr-xr-x 0 0 332-128-3 /WINDOWS/inf/brmfcwia.inf 729088 ..c. r/rr-xr-xr-x 0 0 3320-128-3 /WINDOWS/system32/mui/040b/xpsp2res.dll 5295 ..c. r/rr-xr-xr-x 0 0 333-128-3 /WINDOWS/inf/brmfport.inf 656896 ..c. r/rr-xr-xr-x 0 0 3340-128-3 /WINDOWS/system32/mui/0401/xpsp3res.dll 327680 ..c. r/rr-xr-xr-x 0 0 3341-128-3 /WINDOWS/system32/mui/0404/xpsp3res.dll 601088 ..c. r/rr-xr-xr-x 0 0 3342-128-3 /WINDOWS/system32/mui/0405/xpsp3res.dll 605696 ..c. r/rr-xr-xr-x 0 0 3343-128-3 /WINDOWS/system32/mui/0406/xpsp3res.dll 663552 ..c. r/rr-xr-xr-x 0 0 3344-128-3 /WINDOWS/system32/mui/0407/xpsp3res.dll 679936 ..c. r/rr-xr-xr-x 0 0 3345-128-3 /WINDOWS/system32/mui/0408/xpsp3res.dll 604672 ..c. r/rr-xr-xr-x 0 0 3346-128-3 /WINDOWS/system32/mui/040b/xpsp3res.dll 393728 ..c. r/rr-xr-xr-x 0 0 3366-128-3 /WINDOWS/system32/mui/0401/xpob2res.dll 212480 ..c. r/rr-xr-xr-x 0 0 3367-128-3 /WINDOWS/system32/mui/0404/xpob2res.dll 428032 ..c. r/rr-xr-xr-x 0 0 3368-128-3 /WINDOWS/system32/mui/0405/xpob2res.dll 418816 ..c. r/rr-xr-xr-x 0 0 3369-128-3 /WINDOWS/system32/mui/0406/xpob2res.dll 403456 ..c. r/rr-xr-xr-x 0 0 3370-128-3 /WINDOWS/system32/mui/0407/xpob2res.dll 419328 ..c. r/rr-xr-xr-x 0 0 3371-128-3 /WINDOWS/system32/mui/0408/xpob2res.dll 405504 ..c. r/rr-xr-xr-x 0 0 3372-128-3 /WINDOWS/system32/mui/040b/xpob2res.dll 410624 ..c. r/rr-xr-xr-x 0 0 3373-128-3 /WINDOWS/system32/mui/040C/xpob2res.dll 384768 ..c. r/rr-xr-xr-x 0 0 3391-128-3 /WINDOWS/system32/drivers/update.sys 1202774 ..c. r/rr-xr-xr-x 0 0 3392-128-3 /WINDOWS/AppPatch/sysmain.sdb 208896 ..c. r/rr-xr-xr-x 0 0 3398-128-3 /WINDOWS/inf/unregmp2.exe 18286 ..c. r/rr-xr-xr-x 0 0 3402-128-3 /WINDOWS/inf/mplayer2.inf 14455 ..c. r/rr-xr-xr-x 0 0 3404-128-3 /WINDOWS/inf/atiixpaa.inf 60304 ..c. r/rr-xr-xr-x 0 0 3405-128-3 /WINDOWS/inf/atiixpag.inf 30548 ..c. r/rr-xr-xr-x 0 0 3406-128-3 /WINDOWS/inf/atixpwdm.inf 48044 ..c. r/rr-xr-xr-x 0 0 3407-128-3 /WINDOWS/inf/biosinfo.inf 376086 ..c. r/rr-xr-xr-x 0 0 3409-128-3 /WINDOWS/Help/cpanel.chq