HKLM\...\Run: [40uIGqLFae94KbA] C:\Documents and Settings\User\Application Data\JfCqQ5JC.exe [250727 2012-09-17] ()
HKU\User\...\Run: [4249330759] C:\Documents and Settings\User\Local Settings\Application Data\xry.exe [1679360 2011-06-21] (Microsoft Corporation)
HKU\User\...\Run: [40uIGqLFae94KbA] C:\Documents and Settings\User\Application Data\JfCqQ5JC.exe [250727 2012-09-17] ()
HKU\User\...\Policies\system: [DisableTaskMgr] 1
HKU\User\...\Policies\system: [DisableRegistryTools] 1
HKU\User\...\Policies\Explorer: [NoDesktop] 1
HKU\User\...\Winlogon: [Shell] C:\Documents and Settings\User\Application Data\JfCqQ5JC.exe [250727 2012-09-17] ()
HKLM\...\Winlogon: [Shell] C:\Documents and Settings\User\Application Data\JfCqQ5JC.exe [x ] ()
2012-09-17 10:49 - 2012-09-17 10:49 - 00250727 ____A C:\Documents and Settings\User\ms.exe
2012-09-17 10:49 - 2012-09-17 10:49 - 00250727 ____A C:\Documents and Settings\User\Application Data\JfCqQ5JC.exe
2012-09-17 10:40 - 2011-06-21 11:08 - 00017550 __ASH C:\Documents and Settings\User\Local Settings\Application Data\44ac61mpu26vuwj12330qu71824
2012-09-17 10:40 - 2011-06-21 11:08 - 00017550 __ASH C:\Documents and Settings\All Users\Application Data\44ac61mpu26vuwj12330qu71824