here is my log file from 5 minutes ago. TIA
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 17, 2005 12:56:17 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:18 %
Total physical memory:261104 kb
Available physical memory:45316 kb
Total page file size:641836 kb
Available on page file:403788 kb
Total virtual memory:2097024 kb
Available virtual memory:2047636 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
5-17-2005 12:56:17 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 5-17-2005 4:54:20 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 820
ThreadCreationTime : 5-17-2005 4:54:23 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 5-17-2005 4:54:24 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 5-17-2005 4:54:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 5-17-2005 4:54:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 1060
ThreadCreationTime : 5-17-2005 4:54:27 AM
BasePriority : Normal
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1092
ThreadCreationTime : 5-17-2005 4:54:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1288
ThreadCreationTime : 5-17-2005 4:54:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1532
ThreadCreationTime : 5-17-2005 4:54:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1604
ThreadCreationTime : 5-17-2005 4:54:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1864
ThreadCreationTime : 5-17-2005 4:54:32 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 2040
ThreadCreationTime : 5-17-2005 4:54:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:13 [tp4mon.exe]
ModuleName : C:\WINDOWS\System32\tp4mon.exe
Command Line : "C:\WINDOWS\System32\tp4mon.exe"
ProcessID : 488
ThreadCreationTime : 5-17-2005 4:54:37 AM
BasePriority : Normal
FileVersion : 6.03 (XPClient.010817-1148)
ProductVersion : 6.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Application
InternalName : tp4mon.exe
LegalCopyright : Copyright © IBM Corporation 1996-2000
OriginalFilename : tp4mon.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\System32\tp4mon.exe"Process terminated successfully
#:14 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 516
ThreadCreationTime : 5-17-2005 4:54:37 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"Process terminated successfully
#:15 [mmdiag.exe]
ModuleName : C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 524
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe"Process terminated successfully
#:16 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 552
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:17 [optimize.exe]
ModuleName : C:\Program Files\Internet Optimizer\optimize.exe
Command Line : "C:\Program Files\Internet Optimizer\optimize.exe"
ProcessID : 608
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal
DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Internet Optimizer\
Warning! DyFuCA Object found in memory(C:\Program Files\Internet Optimizer\optimize.exe)
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
#:18 [bargains.exe]
ModuleName : C:\Program Files\BullsEye Network\bin\bargains.exe
Command Line : "C:\Program Files\BullsEye Network\bin\bargains.exe"
ProcessID : 664
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\BullsEye Network\bin\bargains.exe"Process terminated successfully
#:19 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 680
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:20 [wtoolsa.exe]
ModuleName : C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Command Line : "C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"
ProcessID : 760
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal
IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\COMMON~1\WinTools\
Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe)
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
#:21 [ap9h4qmo.exe]
ModuleName : C:\WINDOWS\System32\ap9h4qmo.exe
Command Line : "C:\WINDOWS\System32\ap9h4qmo.exe"
ProcessID : 788
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\ap9h4qmo.exe)
SahAgent Object Recognized!
Type : Process
Data : ap9h4qmo.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
"C:\WINDOWS\System32\ap9h4qmo.exe"Process terminated successfully
"C:\WINDOWS\System32\ap9h4qmo.exe"Process terminated successfully
#:22 [tbps.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPS.exe
Command Line : "C:\PROGRA~1\Toolbar\TBPS.exe"
ProcessID : 980
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:23 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.exe
Command Line : "C:\WINDOWS\System32\RUNDLL32.exe" AUNPS2.DLL,_Run@16
ProcessID : 1188
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\System32\RUNDLL32.exe"Process terminated successfully
#:24 [ikvrpn.exe]
ModuleName : C:\WINDOWS\System32\ikvrpn.exe
Command Line : "C:\WINDOWS\System32\ikvrpn.exe"
ProcessID : 1204
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal
Warning! VX2 Object found in memory(C:\WINDOWS\System32\ikvrpn.exe)
VX2 Object Recognized!
Type : Process
Data : ikvrpn.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\System32\ikvrpn.exe"Process terminated successfully
"C:\WINDOWS\System32\ikvrpn.exe"Process terminated successfully
#:25 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1248
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal
#:26 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 960
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe
#:27 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 1404
ThreadCreationTime : 5-17-2005 4:54:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:28 [tbpssvc.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPSSvc.exe
Command Line : C:\PROGRA~1\Toolbar\TBPSSvc.exe
ProcessID : 956
ThreadCreationTime : 5-17-2005 4:54:43 AM
BasePriority : Normal
#:29 [grevenc.exe]
ModuleName : C:\WINDOWS\GREVENC.EXE
Command Line : "C:\WINDOWS\GREVENC.EXE"
ProcessID : 1568
ThreadCreationTime : 5-17-2005 4:54:44 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe
#:30 [lutlgew.exe]
ModuleName : C:\WINDOWS\system\lutlgew.exe
Command Line : "C:\WINDOWS\system\lutlgew.exe"
ProcessID : 1676
ThreadCreationTime : 5-17-2005 4:54:46 AM
BasePriority : Normal
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\system\lutlgew.exe"Process terminated successfully
#:31 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\MSMSGS.EXE
Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background
ProcessID : 1724
ThreadCreationTime : 5-17-2005 4:54:47 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Messenger\MSMSGS.EXE"Process terminated successfully
#:32 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 1924
ThreadCreationTime : 5-17-2005 4:54:50 AM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe
#:33 [hhg8xkvz.exe]
ModuleName : C:\WINDOWS\TEMP\hHg8XKvz.exe
Command Line : C:\WINDOWS\TEMP\hHg8XKvz.exe protect
ProcessID : 644
ThreadCreationTime : 5-17-2005 4:54:57 AM
BasePriority : Normal
#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 700
ThreadCreationTime : 5-17-2005 4:54:59 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:35 [pib.exe]
ModuleName : C:\PROGRA~1\Toolbar\PIB.exe
Command Line : C:\PROGRA~1\Toolbar\PIB.exe
ProcessID : 1444
ThreadCreationTime : 5-17-2005 4:55:03 AM
BasePriority : Realtime
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)
VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\PROGRA~1\Toolbar\PIB.exe"Process terminated successfully
#:36 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2192
ThreadCreationTime : 5-17-2005 4:55:08 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:37 [wsup.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WSup.exe
Command Line : "C:\Program Files\Common Files\WinTools\WSup.exe"
ProcessID : 3040
ThreadCreationTime : 5-17-2005 4:55:35 AM
BasePriority : Normal
IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\
Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
#:38 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[508]SUSDS62b252d3005f6648944122ee073b9fa8
ProcessID : 3672
ThreadCreationTime : 5-17-2005 4:56:01 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}
Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :
Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :
AdRotator Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}
AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
Value :
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2342db04-08ce-4cf6-976d-bd9efa960efb}
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2342db04-08ce-4cf6-976d-bd9efa960efb}
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac}
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac}
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsdockwindow
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsdockwindow
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsfwbar
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsfwbar
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3116ed38-8599-4261-8f81-f43266ffaaff}
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3116ed38-8599-4261-8f81-f43266ffaaff}
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}
Value :
FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{549ad254-492d-42b5-8909-34f14348d4bc}
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454}
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Edited by cookiebug, 17 May 2005 - 06:43 AM.