Fresh HJT logLogfile of HijackThis v1.99.1
Scan saved at 3:45:15 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Chrisprograms\RFA\rfagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{34DEC74A-0AF0-1033-0126-050916200001}] "C:\Program Files\Common Files\{34DEC74A-0AF0-1033-0126-050916200001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: ["C:\QooBox\Purity\WINDOWS\system32\SKS~1\wowexec.exe" -vt yazb] "C:\WINDOWS\system32\SKS~1\wowexec.exe" -vt yazb
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) -
http://www.in.honda....AX/RraainAX.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1162182568609O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
http://www.trendmicr...scan/as4web.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8539BD0C-CC17-4668-A261-5292639D69FF}: NameServer = 205.188.146.145
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Fresh ad-aware log followed by the older oneAd-Aware SE Build 1.06r1
Logfile Created on:Wednesday, February 07, 2007 3:46:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R149 05.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):30 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2-7-2007 3:46:22 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Compaq_Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Compaq_Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 2-7-2007 6:50:04 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 2-7-2007 6:50:07 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 2-7-2007 6:50:07 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 868
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 1.1.1592.0
ProductVersion : 1.1.1592.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 912
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccproxy.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1244
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:13 [ccsetmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1312
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1320
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [navapsvc.exe]
FilePath : c:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1332
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 11.0.2.4
ProductVersion : 11.0.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:16 [ccevtmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1424
ThreadCreationTime : 2-7-2007 6:50:11 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1876
ThreadCreationTime : 2-7-2007 6:50:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:18 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 192
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal
#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 220
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:20 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 336
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [symwsc.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 856
ThreadCreationTime : 2-7-2007 6:50:22 PM
BasePriority : Normal
FileVersion : 2005.1.00.111
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:22 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 2264
ThreadCreationTime : 2-7-2007 6:50:32 PM
BasePriority : Normal
#:23 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 2376
ThreadCreationTime : 2-7-2007 6:50:39 PM
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:24 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 2436
ThreadCreationTime : 2-7-2007 6:50:42 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:25 [rfagent.exe]
FilePath : C:\Program Files\Chrisprograms\RFA\
ProcessID : 2548
ThreadCreationTime : 2-7-2007 6:50:45 PM
BasePriority : Normal
FileVersion : 3.4.0.515
ProductVersion : 3.4.0.515
ProductName : Registry First Aid
CompanyName : KsL Software
FileDescription : Registry First Aid, the easy powerful registry cleanup program
InternalName : reg1aid
LegalCopyright : Copyright © KsL Software, 2001-2004
OriginalFilename : reg1aid.exe
#:26 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2596
ThreadCreationTime : 2-7-2007 6:50:46 PM
BasePriority : Normal
FileVersion : 1.1.1592.0
ProductVersion : 1.1.1592.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2648
ThreadCreationTime : 2-7-2007 6:50:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:28 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2664
ThreadCreationTime : 2-7-2007 6:50:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:29 [cseraser.exe]
FilePath : C:\Program Files\SysShield Tools\Internet Eraser\
ProcessID : 3136
ThreadCreationTime : 2-7-2007 6:51:02 PM
BasePriority : Normal
FileVersion : 2, 6, 1, 0
ProductVersion : 2, 6, 1, 0
ProductName : AbsoluteShield Internet Eraser Lite
CompanyName : SysShield Consulting, Inc.
FileDescription : AbsoluteShield Internet Eraser Lite
InternalName : Internet Eraser
LegalCopyright : Copyright © 2001-2006
OriginalFilename : cseraser.exe
#:30 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 3224
ThreadCreationTime : 2-7-2007 6:51:06 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe
#:31 [wisptis.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 2-7-2007 6:58:25 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE
#:32 [waol.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 15200
ThreadCreationTime : 2-7-2007 11:36:10 PM
BasePriority : Normal
#:33 [shellmon.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 15348
ThreadCreationTime : 2-7-2007 11:36:20 PM
BasePriority : Normal
#:34 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\Aol\
ProcessID : 15456
ThreadCreationTime : 2-7-2007 11:36:23 PM
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed
CompanyName : America Online Inc
FileDescription : AOL TopSpeed
InternalName : AOL TopSpeed
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed
OriginalFilename : aoltpspd.exe
#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2576
ThreadCreationTime : 2-7-2007 11:42:44 PM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 7512
ThreadCreationTime : 2-7-2007 11:46:09 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/
Expires : 2-6-2012 12:53:22 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:
[email protected]/
Expires : 12-31-2037 2:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:
[email protected]/
Expires : 2-6-2009 12:03:46 PM
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:154
Value : Cookie:
[email protected]/
Expires : 2-6-2008 6:58:32 AM
LastSync : Hits:154
UseCount : 0
Hits : 154
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:
[email protected]/
Expires : 2-6-2012 3:37:54 PM
LastSync : Hits:34
UseCount : 0
Hits : 34
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:
[email protected]/
Expires : 2-7-2008 7:22:20 AM
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:
[email protected]/adrevolver/
Expires : 11-2-2009 11:52:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:978
Value : Cookie:
[email protected]/
Expires : 8-13-2017 4:00:00 PM
LastSync : Hits:978
UseCount : 0
Hits : 978
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:107
Value : Cookie:
[email protected]/
Expires : 2-7-2008 3:39:34 PM
LastSync : Hits:107
UseCount : 0
Hits : 107
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:
[email protected]/
Expires : 2-2-2027 9:27:56 AM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:80
Value : Cookie:
[email protected]/
Expires : 1-29-2008 10:35:40 AM
LastSync : Hits:80
UseCount : 0
Hits : 80
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:
[email protected]/
Expires : 2-4-2012 4:00:00 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:
[email protected]/
Expires : 12-31-2020 4:00:00 PM
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 2-4-2017 7:14:44 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/
Expires : 2-3-2017 5:50:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:
[email protected]/
Expires : 12-31-2009 4:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:
[email protected]/
Expires : 2-10-2012 9:18:30 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 2-2-2027 12:14:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 2-5-2012 5:49:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 12-31-2037 2:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:
[email protected]/
Expires : 2-5-2010 6:37:08 AM
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:
[email protected]/
Expires : 6-21-2009 4:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:
[email protected]/
Expires : 2-3-2017 6:47:22 AM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:
[email protected]/
Expires : 2-5-2012 6:36:28 AM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:
[email protected]/
Expires : 2-7-2008 3:44:12 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:
[email protected]/
Expires : 2-7-2008 3:44:12 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:318
Value : Cookie:
[email protected]/
Expires : 2-6-2012 3:38:44 PM
LastSync : Hits:318
UseCount : 0
Hits : 318
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 43
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0025294.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP441\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 44
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44
4:11:39 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:16.937
Objects scanned:259540
Objects identified:31
Objects ignored:0
New critical objects:31
Old logfile from two days agoArchiveData(auto-quarantine- 2007-02-05 21-13-26.bckp)
Referencefile : SE1R149 05.02.2007
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\Application Data\microsoft\office\recent\2006-Calendar.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\05 thanksgiving.lnk
obj[2]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c2
obj[4]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c3
obj[5]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\1204.lnk
obj[6]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\direct3d\mostrecentapplication name
obj[7]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[8]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\direct3d\mostrecentapplication name
obj[9]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[10]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[11]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer download directory
obj[12]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer\typedurls
obj[13]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[14]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\player\recentfilelist
obj[15]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[16]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences lastplaylist
obj[17]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences searchpath
obj[18]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[19]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\excel\recent files
obj[20]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\excel\recent templates
obj[21]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\search assistant\acmru\5603
obj[22]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\search assistant\acmru\5604
obj[23]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\11.0\word\recent templates
obj[24]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[25]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.art
obj[26]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[27]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.cda
obj[28]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[29]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[30]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[31]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[32]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[33]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.wps
obj[34]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[35]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[36]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\html
obj[37]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows media\wmsdk\general computername
obj[38]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPE
obj[39]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPEG
obj[40]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPG
obj[41]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\log
obj[42]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mdi
obj[43]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mp3
obj[44]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpeg
obj[45]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpg
obj[46]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\msi
obj[47]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pdf
obj[48]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pps
obj[49]=MR