Loading dump 1. Parsing dump 1. Loading dump 2. Parsing dump 2. Comparing the two dumps. Comparsion result: CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url10 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\c CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Order CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Ebtre\Fxeviobeq\onyybbacbcjbeqtnzr.rkr CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Serr Jro Tnzrf CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Serr Jro Tnzrf\Onyybba Cbc Jbeq Tnzr.yax CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheLimit CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheOptions CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CachePath CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CachePrefix CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheRepair CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\compatUI.dll,-115 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21760 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21772 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22017 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22022 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22041 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22052 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22062 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22065 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22067 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\TGSETUP0.TMP\TGSETUP.EXE CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Roger\Skrivbord\balloonpopwordgame.exe CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Balloon Pop Word Game 1.0 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Balloon Pop Word Game 1.0\Changed CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Balloon Pop Word Game 1.0\SlowInfoCache CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\(none) CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\iebar CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System service79 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0\DisplayName CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0\DisplayVersion CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0\Publisher CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0\URLInfoAbout CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Balloon Pop Word Game 1.0\UninstallString CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayIcon CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayName CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayVersion CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\Publisher CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\URLInfoAbout CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\UninstallString CRE HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software CRE HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software\Setup CRE HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software\Setup\CurrentVersion CRE HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software\Setup\CurrentVersion\unInstall Specialist CRE HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software\Setup\CurrentVersion\unInstall Specialist\Balloon Pop Word Game@v1.0 (VisaAid Development (http://www.LookOutSoft.net)) CRE HKEY_LOCAL_MACHINE\SOFTWARE\Windows TaskAd CRE HKEY_LOCAL_MACHINE\SOFTWARE\Windows TaskAd\param CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url10 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\c CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Order CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Ebtre\Fxeviobeq\onyybbacbcjbeqtnzr.rkr CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Serr Jro Tnzrf CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Serr Jro Tnzrf\Onyybba Cbc Jbeq Tnzr.yax CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheLimit CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheOptions CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CachePath CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CachePrefix CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005111120051112\CacheRepair CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\compatUI.dll,-115 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21760 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21772 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22017 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22022 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22041 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22052 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22062 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22065 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22067 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\TGSETUP0.TMP\TGSETUP.EXE CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Roger\Skrivbord\balloonpopwordgame.exe CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe CRE c:\Documents and Settings\Roger\Cookies\roger@empnads[2].txt CRE c:\Documents and Settings\Roger\Cookies\roger@rn11[2].txt CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\baloonpop[1].html CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\btn_about[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\btn_careers[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\btn_contact_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\findemails[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\google[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\image_left[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\index[1].html CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\left_01[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\protector[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\screenshot[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\search_mnu[1].pl CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\searchpeople[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\styles[1].css CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\a859-EMINTL[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\balloonpopwordgame[1].gif CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\btn_about_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\btn_home_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\btn_news[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\btn_services[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\dating[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\gph_pageheader[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\image_main[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\ringtones[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\setup_file[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\show_ads[1].js CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\sideb[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\spy_bldos9_720x300[1].gif CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\styles[1].css CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\CAQJMFI9 CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\bg_bottom[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\bg_left[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\btn_contact[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\btn_home[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\btn_news_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\btn_products[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\btn_products_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\default_tbr[1].pl CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\kw[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\lookoutsoft[1] CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\shop[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\silent_install[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\virus[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\CA6N49MB CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\CA8DQ5RS CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\CAC1MVWX CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\adult_tbr[1].pl CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\bg_left[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\bg_rightpage[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\bottom_01[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\btn_careers_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\btn_services_over[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\casino[1].bmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\hosts[1].txt CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\search[2].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\top_01[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\top_02[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005111120051112 CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005111120051112\index.dat CRE c:\Documents and Settings\Roger\Mina dokument\hijackthis2.log CRE c:\Documents and Settings\Roger\Recent\hijackthis2.log.lnk CRE c:\Documents and Settings\Roger\Skrivbord\Balloon Pop Word Game.lnk CRE c:\Documents and Settings\Roger\Skrivbord\balloonpopwordgame.exe CRE c:\Documents and Settings\Roger\Start-meny\Program\Free Web Games CRE c:\Documents and Settings\Roger\Start-meny\Program\Free Web Games\Balloon Pop Word Game.lnk CRE c:\Program\Balloon Pop Word Game CRE c:\Program\Balloon Pop Word Game\SETUP CRE c:\Program\Balloon Pop Word Game\SETUP\SETUP.EXE CRE c:\Program\Balloon Pop Word Game\SETUP\SETUP.INF CRE c:\Program\Balloon Pop Word Game\SETUP\SETUP.PKG CRE c:\Program\Balloon Pop Word Game\SETUP\SETUPLNG.DLL CRE c:\Program\Balloon Pop Word Game\SETUP\SETUPNTR.DLL CRE c:\Program\Balloon Pop Word Game\SETUP\UNINST00.LOG CRE c:\Program\Balloon Pop Word Game\balloonpopwordgame.exe CRE c:\Program\Balloon Pop Word Game\icon.gif CRE c:\Program\Balloon Pop Word Game\loudcash.exe CRE c:\Program\Ethereal\network-log-plain.txt CRE c:\Program\Ethereal\network-log.txt CRE c:\Program\systemsherlock\before.dat CRE c:\Program\systemsherlock\network-log-urls.txt CRE c:\WINDOWS\8271122fab80944254c7664b1ce52051.ini CRE c:\WINDOWS\Prefetch\BALLOONPOPWORDGAME.EXE-26009D97.pf CRE c:\WINDOWS\Prefetch\CASH4TOOLBAR.EXE-1E492941.pf CRE c:\WINDOWS\Prefetch\DKW29DC.TMP.TST-3199F4A3.pf CRE c:\WINDOWS\Prefetch\DKW6166.TMP.TST-280F496C.pf CRE c:\WINDOWS\Prefetch\DKWFD4D.TMP.TST-0644AD23.pf CRE c:\WINDOWS\Prefetch\GREP.EXE-0EA4342B.pf CRE c:\WINDOWS\Prefetch\LOUDCASH.EXE-39AE5ACB.pf CRE c:\WINDOWS\Prefetch\POKAPOKA79.EXE-39009B84.pf CRE c:\WINDOWS\Prefetch\PROTAS.EXE-00CC3802.pf CRE c:\WINDOWS\Prefetch\SETUP_FILE.EXE-08D1BD5E.pf CRE c:\WINDOWS\Prefetch\SIDEBDD.EXE-0788939E.pf CRE c:\WINDOWS\Prefetch\SILENT093.EXE-21D8590E.pf CRE c:\WINDOWS\Prefetch\TEMP7848109.EXE-052F1AEF.pf CRE c:\WINDOWS\Prefetch\TGSETUP.EXE-3ABD35B6.pf CRE c:\WINDOWS\etb CRE c:\WINDOWS\etb\etl CRE c:\WINDOWS\etb\nt_hide79.dll CRE c:\WINDOWS\etb\pokapoka79.exe CRE c:\WINDOWS\etb\xml CRE c:\WINDOWS\etb\xml\adult.tbr CRE c:\WINDOWS\etb\xml\categories CRE c:\WINDOWS\etb\xml\default.tbr CRE c:\WINDOWS\etb\xml\images CRE c:\WINDOWS\etb\xml\images\casino.bmp CRE c:\WINDOWS\etb\xml\images\dating.bmp CRE c:\WINDOWS\etb\xml\images\findemails.bmp CRE c:\WINDOWS\etb\xml\images\ringtones.bmp CRE c:\WINDOWS\etb\xml\images\searchpeople.bmp CRE c:\WINDOWS\etb\xml\images\shop.bmp CRE c:\WINDOWS\etb\xml\images\virus.bmp CRE c:\WINDOWS\etb\xml\search.mnu CRE c:\sidebDD.exe DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613 DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheLimit DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheOptions DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CachePath DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CachePrefix DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheRepair DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614 DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619 DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613 DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheLimit DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheOptions DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CachePath DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CachePrefix DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005060620050613\CacheRepair DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614 DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619 DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair DEL c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\google[1].htm DEL c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\show_ads[1].js DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005060620050613 DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005060620050613\index.dat DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614 DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614\index.dat DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619 DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619\index.dat MOD HKEY_CURRENT_USER\SessionInformation\ProgramCount MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url1 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url2 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url3 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url4 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url5 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url6 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url7 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url8 MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\url9 MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\e MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\f MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\c MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Traiät gvyy UvwnpxGuvf.rkr.yax MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0} MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos800x600(1).x MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos800x600(1).y MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed MOD HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.\HijackThis\WinHeight MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\ActiveTimeBias MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F} MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F} MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2 MOD HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache MOD HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies MOD HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History MOD HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache MOD HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies MOD HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History MOD HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\SessionInformation\ProgramCount MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Download Directory MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Display Inline Images MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Window_Placement MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url1 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url2 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url3 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url4 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url5 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url6 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url7 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url8 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\url9 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\e MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\f MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\c MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Traiät gvyy UvwnpxGuvf.rkr.yax MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0} MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos800x600(1).x MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos800x600(1).y MOD c:\ MOD c:\Documents and Settings\Roger\Application Data\Ethereal\recent MOD c:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Desktop.htt MOD c:\Documents and Settings\Roger\Cookies MOD c:\Documents and Settings\Roger\Cookies\index.dat MOD c:\Documents and Settings\Roger\Lokala inställningar\Temp MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5 MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\index.dat MOD c:\Documents and Settings\Roger\Mina dokument MOD c:\Documents and Settings\Roger\NTUSER.DAT MOD c:\Documents and Settings\Roger\NTUSER.DAT.LOG MOD c:\Documents and Settings\Roger\Recent MOD c:\Documents and Settings\Roger\Skrivbord MOD c:\Documents and Settings\Roger\Start-meny\Program MOD c:\Program MOD c:\Program\Ethereal MOD c:\Program\Ethereal\snmp\mibs\.index MOD c:\Program\hjt MOD c:\Program\systemsherlock MOD c:\WINDOWS MOD c:\WINDOWS\Prefetch MOD c:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf MOD c:\WINDOWS\Prefetch\ETHEREAL.EXE-0D6AF674.pf MOD c:\WINDOWS\Prefetch\HIJACKTHIS.EXE-06DDFE72.pf MOD c:\WINDOWS\Prefetch\IEXPLORE.EXE-350E1020.pf MOD c:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf MOD c:\WINDOWS\Prefetch\SED.EXE-07C7F123.pf MOD c:\WINDOWS\Prefetch\SYSTEMSHERLOCK.EXE-3ABE9B82.pf MOD c:\WINDOWS\Temp MOD c:\WINDOWS\system32\config\default.LOG MOD c:\WINDOWS\system32\config\software.LOG MOD c:\WINDOWS\system32\config\system.LOG MOD c:\WINDOWS\system32\drivers\etc\hosts Compare finished.