I followed all of the instructions on what I need to do before I list my Ad-Aware log file.
Here is my log file.
Any help would be wonderful, thanks ,
kelly
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 17, 2005 4:58:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
5-17-2005 4:54:23 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674
5-17-2005 4:56:06 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:18 %
Total physical memory:260436 kb
Available physical memory:45020 kb
Total page file size:640608 kb
Available on page file:322660 kb
Total virtual memory:2097024 kb
Available virtual memory:2044868 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
5-17-2005 4:58:19 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 548
ThreadCreationTime : 5-17-2005 10:48:23 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 596
ThreadCreationTime : 5-17-2005 10:48:25 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 620
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 664
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 676
ThreadCreationTime : 5-17-2005 10:48:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 852
ThreadCreationTime : 5-17-2005 10:48:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 876
ThreadCreationTime : 5-17-2005 10:48:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1016
ThreadCreationTime : 5-17-2005 10:48:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1044
ThreadCreationTime : 5-17-2005 10:48:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1248
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\Bolger.dll)
VX2 Object Recognized!
Type : Process
Data : Bolger.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 12, 4, 96
ProductVersion : 0, 12, 4, 96
ProductName : bolger
CompanyName : Bolger
FileDescription : www.abetterinternet.com
InternalName : bolger
LegalCopyright : Copyright © 2005
OriginalFilename : bolger.dll
Comments : www.abetterinternet.com
Warning! VX2 Object found in memory(C:\WINDOWS\System32\winup2date.dll)
VX2 Object Recognized!
Type : Process
Data : winup2date.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1276
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1376
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:13 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1420
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1432
ThreadCreationTime : 5-17-2005 10:48:30 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1456
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:16 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.EXE
Command Line : C:\WINDOWS\System32\CTsvcCDA.EXE
ProcessID : 1536
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1568
ThreadCreationTime : 5-17-2005 10:48:31 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [scardsvr.exe]
ModuleName : C:\WINDOWS\System32\SCardSvr.exe
Command Line : C:\WINDOWS\System32\SCardSvr.exe
ProcessID : 1744
ThreadCreationTime : 5-17-2005 10:48:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe
#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1836
ThreadCreationTime : 5-17-2005 10:48:33 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:20 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1916
ThreadCreationTime : 5-17-2005 10:48:33 PM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:21 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 2012
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:22 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 2020
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:23 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 2028
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Apoint\Apoint.exe"Process terminated successfully
#:24 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 2036
ThreadCreationTime : 5-17-2005 10:48:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Dell\QuickSet\quickset.exe"Process terminated successfully
#:25 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 2044
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\BCMSMMSG.exe"Process terminated successfully
#:26 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 152
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"Process terminated successfully
#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 160
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully
#:28 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 176
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"Process terminated successfully
#:29 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 204
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
Warning! "C:\WINDOWS\system32\dla\tfswctrl.exe"Process could not be terminated!
#:30 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 244
ThreadCreationTime : 5-17-2005 10:48:35 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully
#:31 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 328
ThreadCreationTime : 5-17-2005 10:48:36 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:32 [rappni.exe]
ModuleName : C:\WINDOWS\System32\rappni.exe
Command Line : "C:\WINDOWS\System32\rappni.exe"
ProcessID : 460
ThreadCreationTime : 5-17-2005 10:48:37 PM
BasePriority : Normal
Warning! VX2 Object found in memory(C:\WINDOWS\System32\rappni.exe)
VX2 Object Recognized!
Type : Process
Data : rappni.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\WINDOWS\System32\rappni.exe"Process terminated successfully
"C:\WINDOWS\System32\rappni.exe"Process terminated successfully
#:33 [bman1.exe]
ModuleName : C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
Command Line : "C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe"
ProcessID : 480
ThreadCreationTime : 5-17-2005 10:48:37 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : BMan1
InternalName : BMan1
OriginalFilename : BMan1.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe"Process terminated successfully
#:34 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 504
ThreadCreationTime : 5-17-2005 10:48:38 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\PROGRA~1\NORTON~1\navapw32.exe"Process terminated successfully
#:35 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 600
ThreadCreationTime : 5-17-2005 10:48:40 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:36 [bman.exe]
ModuleName : C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe
Command Line : C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe
ProcessID : 796
ThreadCreationTime : 5-17-2005 10:48:40 PM
BasePriority : Normal
FileVersion : 1.07
ProductVersion : 1.07
ProductName : BMan
InternalName : BMan
OriginalFilename : BMan.exe
#:37 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1024
ThreadCreationTime : 5-17-2005 10:48:41 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"Process terminated successfully
#:38 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1580
ThreadCreationTime : 5-17-2005 10:48:47 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\Apoint\Apntex.exe"Process terminated successfully
#:39 [mouse32a.exe]
ModuleName : C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
Command Line : "C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE"
ProcessID : 1592
ThreadCreationTime : 5-17-2005 10:48:49 PM
BasePriority : Normal
FileVersion : 8.0.0.0
ProductVersion : 8.0.0.0
LegalCopyright : Copyright 2002 by LEE,WEI-BIN.
#:40 [cfgipsec.exe]
ModuleName : C:\WINDOWS\System32\cfgipsec.exe
Command Line : "C:\WINDOWS\System32\cfgipsec.exe"
ProcessID : 1828
ThreadCreationTime : 5-17-2005 10:48:50 PM
BasePriority : Normal
#:41 [accagnt.exe]
ModuleName : C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
Command Line : "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
ProcessID : 1768
ThreadCreationTime : 5-17-2005 10:48:51 PM
BasePriority : ?
FileVersion : 1, 1, 0, 98
ProductVersion : 1, 1, 0, 98
ProductName : AOL Computer Check-Up
CompanyName : America Online Inc.
FileDescription : AOL Computer Check-Up
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 America Online Inc.
OriginalFilename : AUAgent.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
"C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe"Process terminated successfully
#:42 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 1880
ThreadCreationTime : 5-17-2005 10:48:51 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
#:43 [gcskkq.exe]
ModuleName : c:\windows\system32\gcskkq.exe
Command Line : "c:\windows\system32\gcskkq.exe" onwyenz
ProcessID : 2068
ThreadCreationTime : 5-17-2005 10:48:53 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:44 [aoltray.exe]
ModuleName : C:\Program Files\America Online 9.0\aoltray.exe
Command Line : "C:\Program Files\America Online 9.0\aoltray.exe" -check
ProcessID : 2116
ThreadCreationTime : 5-17-2005 10:48:55 PM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004
#:45 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 2156
ThreadCreationTime : 5-17-2005 10:48:58 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
#:46 [mmdiag.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 2312
ThreadCreationTime : 5-17-2005 10:49:04 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE
#:47 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0\waol.exe
Command Line : "C:\Program Files\America Online 9.0\waol.exe"
ProcessID : 2612
ThreadCreationTime : 5-17-2005 10:49:18 PM
BasePriority : Normal
#:48 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 3000
ThreadCreationTime : 5-17-2005 10:49:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:49 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3568
ThreadCreationTime : 5-17-2005 10:49:53 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
VX2 Object Recognized!
Type : Process
Data : peiigsy.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
Warning! VX2 Object found in memory(C:\WINDOWS\System32\peiigsy.dll)
"C:\WINDOWS\System32\wuauclt.exe"Process terminated successfully
#:50 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0\shellmon.exe"
ProcessID : 3956
ThreadCreationTime : 5-17-2005 10:50:21 PM
BasePriority : Normal
#:51 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\Aol\aoltpspd.exe
Command Line : -p11523 -S256 -s443 -l443 -G"C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\vph.ph" -c1 -Z -H2612
ProcessID : 4040
ThreadCreationTime : 5-17-2005 10:50:24 PM
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed
CompanyName : America Online Inc
FileDescription : AOL TopSpeed
InternalName : AOL TopSpeed
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed
OriginalFilename : aoltpspd.exe
#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2944
ThreadCreationTime : 5-17-2005 10:54:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9d1OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC9n1trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9o1pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLs9t1icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC1o9d1eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9i1m4eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLD9s1tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BL9N1a4tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLP9D1om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9h1rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLT9h1rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLM9o1deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLI9n1ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLL9a1stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLL9a1stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1677128483-1060284298-1003\software\bolger
Value : BLC9n1tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category
Edited by kelchris, 22 May 2005 - 12:07 AM.