I have eliminated some of the spyware- it seems "Aurora" keeps popping up with windows, and I recall encountering/removing search miracle, ebates, virtual bouncer, bman, elite toolbar, etc.
Here's the log, I eagerly await your help before trying a HiJack this log- thanks very much!
Peter
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 10:06:48 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):25 total references
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):8 total references
Win32.TrojanDowloader.Agent.jq(TAC index:7):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):112 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:24 %
Total physical memory:457712 kb
Available physical memory:106304 kb
Total page file size:1083348 kb
Available on page file:827276 kb
Total virtual memory:2097024 kb
Available virtual memory:2041404 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-11-2005 10:06:48 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 516
ThreadCreationTime : 5-11-2005 10:45:32 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 580
ThreadCreationTime : 5-11-2005 10:45:35 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 604
ThreadCreationTime : 5-11-2005 10:45:37 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 652
ThreadCreationTime : 5-11-2005 10:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 664
ThreadCreationTime : 5-11-2005 10:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 800
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 844
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 880
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1056
ThreadCreationTime : 5-11-2005 10:45:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 5-11-2005 10:45:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1264
ThreadCreationTime : 5-11-2005 10:45:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1364
ThreadCreationTime : 5-11-2005 10:45:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1424
ThreadCreationTime : 5-11-2005 10:45:44 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:14 [vzfw.exe]
ModuleName : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
Command Line : "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe"
ProcessID : 1528
ThreadCreationTime : 5-11-2005 10:45:45 PM
BasePriority : Normal
#:15 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1860
ThreadCreationTime : 5-11-2005 11:02:40 PM
BasePriority : Normal
#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1996
ThreadCreationTime : 5-11-2005 11:02:40 PM
BasePriority : Normal
FileVersion : 6.00.2800.1257 (xpsp2.030808-0218)
ProductVersion : 6.00.2800.1257
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
Warning! VX2 Object found in memory(C:\WINDOWS\System32\winup2date.dll)
VX2 Object Recognized!
Type : Process
Data : winup2date.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:17 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 440
ThreadCreationTime : 5-11-2005 11:02:44 PM
BasePriority : Normal
FileVersion : 5.5.7.136
ProductVersion : 5.5.7.136
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:18 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1292
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal
FileVersion : 6.14.10.5103
ProductVersion : 6.14.10.5103
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:19 [spmgr.exe]
ModuleName : C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
Command Line : "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
ProcessID : 1400
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal
FileVersion : 1.1.00.11060
ProductVersion : 1.1.0
ProductName : Sony Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : © Sony Corporation. All rights reserved.
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"Process terminated successfully
#:20 [hkserv.exe]
ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe
Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
ProcessID : 1828
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Sony\HotKey Utility\HKserv.exe"Process terminated successfully
#:21 [vaioupdt.exe]
ModuleName : C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
Command Line : "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
ProcessID : 1404
ThreadCreationTime : 5-11-2005 11:02:46 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"Process terminated successfully
#:22 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 484
ThreadCreationTime : 5-11-2005 11:02:46 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\WINDOWS\System32\ezSP_Px.exe"Process terminated successfully
#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 564
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully
#:24 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 184
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully
#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 472
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully
#:26 [hpwuschd.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
ProcessID : 508
ThreadCreationTime : 5-11-2005 11:02:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"Process terminated successfully
#:27 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 668
ThreadCreationTime : 5-11-2005 11:02:48 PM
BasePriority : Normal
FileVersion : 1.76.0
ProductVersion : 1.76.0
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"Process terminated successfully
#:28 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1120
ThreadCreationTime : 5-11-2005 11:02:49 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Apoint\Apntex.exe"Process terminated successfully
#:29 [vzkpvk.exe]
ModuleName : C:\WINDOWS\System32\vzkpvk.exe
Command Line : "C:\WINDOWS\System32\vzkpvk.exe"
ProcessID : 1440
ThreadCreationTime : 5-11-2005 11:02:50 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\WINDOWS\System32\vzkpvk.exe"Process terminated successfully
#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1344
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 144
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1632
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\WINDOWS\System32\wuauclt.exe"Process terminated successfully
#:33 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe"
ProcessID : 1020
ThreadCreationTime : 5-11-2005 11:02:56 PM
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : PhotoShow Media Manager
CompanyName : Simple Star, Inc.
FileDescription : PhotoShow Media Manager
LegalCopyright : Copyright © 2003-2004 Simple Star, Inc.
OriginalFilename : mssysmgr.exe
#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 420
ThreadCreationTime : 5-11-2005 11:02:58 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:35 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 1968
ThreadCreationTime : 5-11-2005 11:03:01 PM
BasePriority : Normal
FileVersion : 5.31.0.147
ProductVersion : 005.031.000.147
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:36 [hkwnd.exe]
ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe
Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe"
ProcessID : 2056
ThreadCreationTime : 5-11-2005 11:03:01 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\Program Files\Sony\HotKey Utility\HKWnd.exe"Process terminated successfully
#:37 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 2292
ThreadCreationTime : 5-11-2005 11:03:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:38 [irmtlvc.exe]
ModuleName : c:\windows\system32\irmtlvc.exe
Command Line : "c:\windows\system32\irmtlvc.exe" awyihkl
ProcessID : 4032
ThreadCreationTime : 5-11-2005 11:07:46 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:39 [mskagent.exe]
ModuleName : C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
Command Line : "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe"
ProcessID : 3076
ThreadCreationTime : 5-12-2005 12:11:58 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 4
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SpamKiller
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : MskAgent.exe
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
#:40 [services.exe]
ModuleName : C:\WINDOWS\Help\Help\services.exe
Command Line : C:\WINDOWS\Help\Help\services.exe
ProcessID : 3792
ThreadCreationTime : 5-12-2005 12:28:07 AM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\WINDOWS\Help\Help\services.exe"Process terminated successfully
#:41 [smss.exe]
ModuleName : C:\WINDOWS\Help\Help\smss.exe
Command Line : C:\WINDOWS\Help\Help\smss.exe
ProcessID : 2876
ThreadCreationTime : 5-12-2005 12:28:07 AM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)
"C:\WINDOWS\Help\Help\smss.exe"Process terminated successfully
#:42 [csrss.exe]
ModuleName : C:\WINDOWS\Help\Help\csrss.exe
Command Line : C:\WINDOWS\Help\Help\csrss.exe
ProcessID : 2256
ThreadCreationTime : 5-12-2005 12:28:08 AM
BasePriority : Normal
#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2792
ThreadCreationTime : 5-12-2005 1:59:46 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9d1OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC9n1trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9o1pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC1o9d1eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9i1m4eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLD9s1tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BL9N1a4tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLP9D1om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9h1rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9h1rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLM9o1deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLL9a1stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLL9a1stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC9n1tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLE9v1nt
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3d5OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUS3t5atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3a5stSSChckin
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\lq
Value : AC
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 63
Objects found so far: 83
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 83
MRU List Object Recognized!
Location: : C:\Documents and Settings\Peter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Peter\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput