My wife opened up e-mail from supposively earthlink but nothing was there. That night; after 1030pm, viruses executed. That morning, I had the blue screen stating I had spyware, etc.
It disabled my Norton, Spybot S&D, Microsoft Antispyware Beta, and Adaware SE programs. Rebooted in safemode and uninstalled Norton. Reinstalled Norton and updated virus definitions, ran a scan. I had the following:
Trojan.Thun Trojan
Trojan.Downloader.wldr
Trojan.StartPage
Trojan.Desktophijack
Trojan.Backdoor
Trojan.Dropper
Once removed; adaware programs was enabled.
Spybot detected:
Security IGuard
Security Smarts
Flashtrack Flashenhancer
Went to symantec for each identified virus and did their recommended removals. I have full control of my PC now; however, I don't have rights to change my desktop settings. It wants too, but it won't.
I'm at my wits end... Please help me. Here's my log:
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 11:14:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):30 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
5-12-2005 11:05:03 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
5-12-2005 11:05:13 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:63 %
Total physical memory:1046320 kb
Available physical memory:656892 kb
Total page file size:2996872 kb
Available on page file:2754348 kb
Total virtual memory:2097024 kb
Available virtual memory:2045156 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-12-2005 11:14:09 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 460
ThreadCreationTime : 5-12-2005 9:55:35 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 5-12-2005 9:55:42 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 5-12-2005 9:55:43 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 5-12-2005 9:55:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 5-12-2005 9:55:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 748
ThreadCreationTime : 5-12-2005 9:55:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 792
ThreadCreationTime : 5-12-2005 9:55:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 864
ThreadCreationTime : 5-12-2005 9:55:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 916
ThreadCreationTime : 5-12-2005 9:55:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 964
ThreadCreationTime : 5-12-2005 9:55:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1204
ThreadCreationTime : 5-12-2005 9:55:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1392
ThreadCreationTime : 5-12-2005 9:55:48 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1480
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 3.0.0.2331
ProductVersion : 7.0.0.2331
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:14 [directcd.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 1492
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe
#:15 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 1548
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe
#:16 [e_s4i2g1.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
ProcessID : 1564
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S4I2G1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S4I2G1.EXE
#:17 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1572
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:18 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 1616
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
#:19 [vptray.exe]
ModuleName : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
Command Line : "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe"
ProcessID : 1632
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 8.1.1.323
ProductVersion : 8.1.1.323
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003
#:20 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1676
ThreadCreationTime : 5-12-2005 9:55:50 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:21 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 1764
ThreadCreationTime : 5-12-2005 9:55:51 PM
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:22 [gwremind.exe]
ModuleName : C:\Program Files\Greetings Workshop\GWREMIND.EXE
Command Line : "C:\Program Files\Greetings Workshop\GWREMIND.EXE"
ProcessID : 1780
ThreadCreationTime : 5-12-2005 9:55:51 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 1470
ProductVersion : 2, 0, 1, 0
ProductName : Microsoft Greetings Workshop Reminder
CompanyName : Microsoft Corporation
FileDescription : gwremind
InternalName : gwremind
LegalCopyright : Copyright © 1996
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : gwremind.exe
Comments : Greetings Workshop Reminder 2.0 for Windows® 95
#:23 [windows clean-up pro.uzy]
ModuleName : C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
Command Line : "C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy"
ProcessID : 1888
ThreadCreationTime : 5-12-2005 9:55:53 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Windows Clean-Up Pro
CompanyName : WyvernWorks Dot Com
FileDescription : Windows Clean-Up Pro
InternalName : Windows Clean-Up Pro
LegalCopyright : Copyright © 2000-2003 WyvernWorks Dot Com
LegalTrademarks : Windows Clean-Up Pro
OriginalFilename : Windows Clean-Up Pro.exe
Comments : Windows Clean-Up Pro
#:24 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 220
ThreadCreationTime : 5-12-2005 9:55:57 PM
BasePriority : Normal
FileVersion : 8.1.1.323
ProductVersion : 8.1.1.323
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:25 [rtvscan.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
ProcessID : 312
ThreadCreationTime : 5-12-2005 9:55:57 PM
BasePriority : Normal
FileVersion : 8.1.1.323
ProductVersion : 8.1.1.323
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003
#:26 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 496
ThreadCreationTime : 5-12-2005 9:56:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:27 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 836
ThreadCreationTime : 5-12-2005 9:56:01 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:28 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 2692
ThreadCreationTime : 5-12-2005 9:56:12 PM
BasePriority : Normal
#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2640
ThreadCreationTime : 5-13-2005 4:04:49 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\automap\9.0\findmru
Description : list of recently used find queries used in microsoft automap-based products
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1343024091-725345543-1002361594-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-11-2005 10:01:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : minton@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 7-3-2006 2:56:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 6-11-2005 10:01:08 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 33
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
11:22:47 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:38.469
Objects scanned:143408
Objects identified:3
Objects ignored:0
New critical objects:3
Thanks