Here I go again

I seem to have been attacked by spyware again. My computer runs slow, especially the internet and email. I keep getting redirected to a web site called something like Spotchecker. This especially happens if I try to go to a web site that deals with spyware or virus protection etc. I ran Ad-Aware and got rid of all but one entry. That entry, VX2, couldn't be deleted it said. I also can't seem to download Spybot Search and Destroy. I had deleted it several months ago because I could never get any updates to it and I was running Ad-Aware as well. I think maybe it might help me now because of its immunizing feature, but most of the time I get redirected when I try to get to the Spybot site. If I am able to get to the site, I can't successfully download it because the download operation times out after about an hour and 27% downloaded. Usually downloading programs with my cable modem is a snap, but not anymore. I tried a System Restore back to the date that the kind folks at this forum rescued me last month, but it didn't help. Oh, and also, my Norton caught and deleted a downloader.trojan virus about a week ago.

I may be forgetting some other aspect of this problem, but frankly, I'm feeling a little overwhelmed right now by this. Any advice is appreciated as always!

 

First, end task on any unrecognized processes running under your name in task manager, ie; random names (brqtfsk2.dll), *.tmp.exe.
Download and run the Hosts file reader. Once it's open, click use default. Then try downloading Spybot again. Immediately update and run. Remove all it prechecks. Update Ad-aware, configure for a custom full scan and run. Delete all it finds. Download the latest version of HijackThis and post a log.

 

Hello, again. Thanks for taking the time to address my problem.
I'm afraid I didn't understand your instructions related to Task Manager.
Also, I downloaded Host File Reader (took two tries, as the first time I got redirected to my friend Spotcheck). I opened it but didn't see a button to click labeled Use Default. There was a button that said Reset Default. I thought I better ask before going any further.

 

That's it.

 

Guess I should have explained further on the task manager. Open it to the processes tab, click where it says user name and it will group the processes by yourname, system and network/local services. If there are any suspicious items shown running under your name, such as was I listed above, highlight then end process on them.

 

Logfile of HijackThis v1.97.7
Scan saved at 7:51:04 AM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.wowway.com/portal/index.asp?RG=Col
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.gateway.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.5665625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

OK, above is the log. Unfortunately, I didn't see your reply regarding my task manager questions until just a moment ago, so I did all the other stuff without first taking care of the task manager instructions. Hopefully that will not adversely affect what I did. If it does, let me know and I can do all of the other stuff again and repost. I will list below some notes regarding my completion of that stuff.
I was able to successfully download Spybot Search and Destroy. When I checked for updates, there were two listed, but I am not confident I was able to install those updates, as it said something about a checksum error, or something like that. The only problem it found was Wild Tangent, in red. When I clicked to fix the problem, I got a box labeled spybotsd.exe that said something like, application failed to start because WDENGINE.dll was not found. Reinstalling the application may fix this problem. I clicked OK several times on that same message. Finally the box went away and it fixed the one problem found.
I followed the instructions for customizing the Ad-Aware search. The only question during that I have is in the cleaning engine, the was a box checked in green that said, "delete quarantined objects after restoring." Since that wasn't mention in the instructions, I unchecked it. All of the other instructions regarding the customizing went fine. I then scanned and 168 items were found. I selected all for removal. I got a box saying that one of them couldn't be removed. It was C:\winnt\system32\arsldp.dll. I clicked OK on trying to remove it on next reboot.
I think I am going to hold off on doing anything else, including dealing with the task manager instructions you provided. I'm getting tired, as I have been up all night (working third shift) and it was the first day of my work week as well, which means I have been up over 24 hours. I know from past experience that I start making more mistakes than usual when I'm tired.
Thanks again for the help.

 

Looking good so far. Continue to hold off on Ad-aware fixing that one dll for now. Scan again with HJT and place a check next to the following entries. Close ALL other windows and click fix.


O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab


Did you download the latest version of HijackThis from the link I provided above? You are still using an older version. Please get the new one, overwrite the one you have and post a new log with your next reply, as well as the information below.

Copy and paste the following command into the address bar then hit enter.

javascript:navigator.userAgent

Copt the text of the resulting window and paste it here.

Additionally, Open Spybot and click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates weekly.
Then download and install IESpyads.

That will give you an added layer of protection against unwanted parasites.

 

Logfile of HijackThis v1.98.0
Scan saved at 8:01:12 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.wowway.com/portal/index.asp?RG=Col
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {FBE9ED3F-D00D-4ADF-B23A-8259538DDDE2}; .NET CLR 1.0.3705)


OK, I think I have followed all of the instructions. The only snag I had was downloading the latest version of Hijack This from the link you provided. I eventually google searched it and downloaded it from another link. The version I used was V.1.98.0.0. Hopefully that will suffice.


Regarding Task Manager, I'm going to list what was running under my name.

rundll.32.exe (?)
explorer.exe (?)
ccApp.exe (related to Norton, I think)
Directcd.exe (I forget what this is, but it looked familiar)
hkcmd.exe (related to Intel chipset, I believe)
zlclient.exe (related to Zone Alarm, I think)
WebshotsTray.exe (related to a program where we get screensavers)
ctfmon.exe (related to Office XP, I think)
IEXPLORE.EXE (?)
msmsgs.exe (related to Windows Messenger, I think)
taskmgr.exe (related to Task Manager, I assume)

In the spirit of one who is always afraid of doing something to ***** up his computer, I am hesitant to end process on anything without advice.

Also, the site that we keep getting redirected to is called Spotresults, not Spotchecker as I earlier reported. We have discovered that hitting the back button will then usually take us to where we intended to go in the first place.

Thanks again for the assistance.

 

In my last reply, I see ******* used in place of the word I typed. Just to be clear, the word I used was what you use a screwdriver for. I guess I should have used the phrase "messed up! "

 

Those running processes are all OK.

Download VX2Finder from this link:

http://www.downloads.subratam.org/VX2Finder.exe

Open Vx2Finder and click on the click to find VX2.BetterInternet button. Then click make log.

Copy and paste the contents of the log into your next reply here.

 

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---
{FBE9ED3F-D00D-4ADF-B23A-8259538DDDE2}

 

Hmmm.....was expecting different results with VX2Finder. Would you do the same thing with this older version and paste in next reply please?

http://download.broadbandmedic.com/VX2Finder.exe

Additionally, would you go into the Lavasoft folder (should be in C:\Program Files), then the Ad-aware 6 folder, then the logs folder, open the log (with notepad) from the other day, after doing the custom full scan, and copy/paste it here also. It will be quite large so you may have to split it up in several posts.

Additionally, make sure hidden files and folders are set to show and do a search of the drive for that dll Ad-aware offered to remove on reboot. arsldp.dll Let me know if found and location. If you have a registry cleaner that will search, such as RegSeeker, use the find in registry feature to search the entire registry for entries named arsldp.dll and let me know what, if anything, is found.

Are you still getting redirects?

 

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---
{FBE9ED3F-D00D-4ADF-B23A-8259538DDDE2}


I searched the C drive for that dll file and it was not found.

I searched the registry with that RegSeeker and the result is below.
HKEY_Current_User
Software\Microsoft\SearchAssistant\ACMru\5603

Yes I am still getting redirects to Spotresults.

If it helps any, you helped me with a similar problem about a month ago that I know involved that VX2 thing.

I have to split up the Ad-Aware log into a bunch of posts because of its length, so please bear with me.

Thanks once again.

 

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, July 18, 2004 6:58:31 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R333 18.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520
7-18-2004 6:48:04 AM Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R333 18.07.2004
Internal build : 265
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1314436 Bytes
Signature data size : 1293449 Bytes
Reference data size : 20923 Bytes
Signatures total : 28676
Target categories : 10
Target families : 526

7-18-2004 6:48:11 AM Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:34 %
Total physical memory:252656 kb
Available physical memory:85620 kb
Total page file size:620436 kb
Available on page file:446688 kb
Total virtual memory:2097024 kb
Available virtual memory:2048548 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


7-18-2004 6:58:31 AM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-18-2004 10:15:40 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:43 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:43 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:15:43 AM
Last modified : 8/29/2002 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:43 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:15:43 AM
Last modified : 8/29/2002 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:44 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:16:17 AM
Last modified : 8/29/2002 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-18-2004 10:15:44 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:16:17 AM
Last modified : 8/29/2002 12:00:00 PM

#:7 [rundll32.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:45 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:15:45 AM
Last modified : 8/29/2002 12:00:00 PM

#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:46 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 8/29/2002 12:00:00 PM

#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-18-2004 10:15:46 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 9/1/2003 9:19:49 PM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 7/17/2003 3:16:38 PM

#:10 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 7-18-2004 10:15:49 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:18:34 AM
Last modified : 8/29/2002 12:00:00 PM

 

#:11 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-18-2004 10:15:49 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 1/2/2004 8:40:58 PM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 12/2/2003 9:11:04 PM

#:12 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 7-18-2004 10:15:50 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
Copyright : Copyright (c) 2001-2003, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 7/2/2003 1:11:29 AM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 3/26/2003 5:15:24 PM

#:13 [hkcmd.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-18-2004 10:15:50 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 3.0.0.2331
ProductVersion : 7.0.0.2331
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel(R) Common User Interface
Created on : 11/18/2003 5:11:00 AM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 11/18/2003 5:11:00 AM

#:14 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ThreadCreationTime : 7-18-2004 10:15:50 AM
BasePriority : Normal
FileSize : 681 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 5/8/2004 3:16:01 AM
Last accessed : 7/18/2004 10:15:50 AM
Last modified : 5/17/2004 8:56:14 AM

#:15 [webshotstray.exe]
FilePath : C:\Program Files\Webshots\
ThreadCreationTime : 7-18-2004 10:15:50 AM
BasePriority : Normal
FileSize : 204 KB
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
Copyright : Copyright (C) 1998
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
OriginalFilename : WEBSHOTSTRAY.EXE
ProductName : Webshots Tray Application
Created on : 9/4/2003 1:08:07 PM
Last accessed : 7/18/2004 10:15:50 AM
Last modified : 6/21/2002 7:55:56 PM

#:16 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 7-18-2004 10:15:53 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 9/1/2003 9:19:39 PM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 11/14/2002 11:41:26 PM

#:17 [slserv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-18-2004 10:15:57 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
Copyright : Copyright
FileDescription : User-Level Modem Service
InternalName : slserv
OriginalFilename : slserv.exe
ProductName : Modem
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:15:40 AM
Last modified : 5/20/2003 6:24:20 PM

#:18 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-18-2004 10:15:57 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/18/2004 10:16:17 AM
Last modified : 8/29/2002 12:00:00 PM

#:19 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ThreadCreationTime : 7-18-2004 10:15:57 AM
BasePriority : Normal
FileSize : 893 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 6/19/2004 1:37:50 AM
Last accessed : 7/18/2004 10:15:57 AM
Last modified : 5/17/2004 8:55:26 AM

#:20 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-18-2004 10:47:49 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 3/24/2004 11:58:59 PM
Last accessed : 7/18/2004 10:47:54 AM
Last modified : 7/13/2003 3:00:20 AM

 

#:21 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 7-18-2004 10:48:25 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 5/16/2003 4:27:00 PM
Last accessed : 7/18/2004 10:48:28 AM
Last modified : 8/29/2002 12:00:00 PM

#:22 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 7-18-2004 10:56:36 AM
BasePriority : Normal
FileSize : 1476 KB
FileVersion : 4.7.0041
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 5/16/2003 4:25:25 PM
Last accessed : 7/18/2004 10:56:37 AM
Last modified : 8/20/2002 8:08:38 PM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : owner@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 7/18/2004 10:25:31 AM
Last accessed : 7/18/2004 10:25:31 AM
Last modified : 7/18/2004 10:25:31 AM



Roings Object recognized!
Type : File
Data : mm20.ocx
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\ICD8.tmp\
FileSize : 60 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : mm20
OriginalFilename : mm20.ocx
ProductName : DemoCtla
Created on : 6/16/2004 4:03:16 AM
Last accessed : 7/18/2004 11:01:55 AM
Last modified : 6/16/2004 4:03:16 AM



Golden Palace Casino Object recognized!
Type : File
Data : bridge.exe
Category : Misc
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 16 KB
Created on : 4/15/2004 12:36:08 AM
Last accessed : 7/18/2004 11:02:00 AM
Last modified : 4/15/2004 12:39:26 AM



Cydoor Object recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 5/6/2004 8:50:05 PM
Last accessed : 7/18/2004 11:02:00 AM
Last modified : 7/31/2003 5:02:00 PM



DownloadWare Object recognized!
Type : File
Data : ins45.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/26/2003 5:52:34 PM
Last accessed : 7/18/2004 11:02:02 AM
Last modified : 11/26/2003 5:52:34 PM

 

DownloadWare Object recognized!
Type : File
Data : ins465.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/29/2003 7:13:13 PM
Last accessed : 7/18/2004 11:02:02 AM
Last modified : 11/29/2003 7:13:13 PM



Other Object recognized!
Type : File
Data : ins466.tmp
Category : Misc
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 119 KB
FileVersion : 1.0.0.55
ProductVersion : 1.0.0.55
Copyright : Copyright
FileDescription : Media Charger
ProductName : Media Charger
Created on : 11/29/2003 7:13:14 PM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/29/2003 7:13:15 PM



DownloadWare Object recognized!
Type : File
Data : ins7d.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/26/2003 2:03:08 AM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/26/2003 2:03:08 AM



DownloadWare Object recognized!
Type : File
Data : ins8a.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/27/2003 7:32:20 PM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/27/2003 7:32:20 PM



DownloadWare Object recognized!
Type : File
Data : ins91.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/26/2003 7:18:58 PM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/26/2003 7:18:58 PM



DownloadWare Object recognized!
Type : File
Data : ins914.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/16/2003 10:40:15 PM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/16/2003 10:40:15 PM



DownloadWare Object recognized!
Type : File
Data : inse6.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 15 KB
FileVersion : 1.0.0.44
ProductVersion : 1.0.0.44
Copyright : Copyright
FileDescription : Web Install
Created on : 11/28/2003 2:22:10 AM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 11/28/2003 2:22:10 AM



DyFuCA Object recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 35 KB
Created on : 4/15/2004 12:36:06 AM
Last accessed : 7/18/2004 11:02:03 AM
Last modified : 4/15/2004 12:36:06 AM



Timesink Object recognized!
Type : File
Data : tsuninstaller.exe
Category : Data Miner
Comment :
Object : C:\eGames\GalacticInvasion\
FileSize : 74 KB
Created on : 2/6/2004 1:06:01 AM
Last accessed : 7/18/2004 11:04:11 AM
Last modified : 1/22/1999 1:27:52 PM



OverPro Object recognized!
Type : File
Data : backup-20040609-211857-294.dll
Category : Malware
Comment :
Object : C:\HJT\
FileSize : 128 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004
FileDescription : WildApp Module
InternalName : WildApp
OriginalFilename : WildApp.DLL
ProductName : WildApp Module
Created on : 3/17/2004 10:45:16 PM
Last accessed : 7/18/2004 11:04:12 AM
Last modified : 3/17/2004 10:45:16 PM



Timesink Object recognized!
Type : File
Data : tsuninstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\eGames\Galactic Invasion Game\
FileSize : 74 KB
Created on : 2/6/2004 1:06:12 AM
Last accessed : 7/18/2004 11:07:16 AM
Last modified : 1/22/1999 1:27:52 PM



Other Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\MedCh



180Solutions Object recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\Program Files\nCase\
FileSize : 192 KB
FileVersion : 4.2
ProductVersion : 4.2
Copyright : Copyright
CompanyName : 180Solutions Inc
FileDescription : msbb
InternalName : msbb
OriginalFilename : msbb.exe
ProductName : n-CASE
Created on : 11/22/2003 6:57:47 PM
Last accessed : 7/18/2004 11:11:53 AM
Last modified : 11/22/2003 6:57:47 PM



BroadCastPC Object recognized!
Type : File
Data : dc1.exe
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1887652770-1093660630-2868307360-1003\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:13:00 AM
Last modified : 4/9/2004 11:11:38 AM



Cydoor Object recognized!
Type : File
Data : a0026297.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP165\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 5/6/2004 2:07:10 PM
Last accessed : 7/18/2004 11:13:33 AM
Last modified : 7/31/2003 5:02:00 PM



eUniverse Object recognized!
Type : File
Data : a0026299.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP165\
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
FileDescription : kkv MFC Application
InternalName : kkv
OriginalFilename : kkv.EXE
ProductName : kkv Application
Created on : 8/23/2003 1:16:40 AM
Last accessed : 7/18/2004 11:13:33 AM
Last modified : 8/23/2003 1:16:40 AM

 

eUniverse Object recognized!
Type : File
Data : a0026300.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP165\
FileSize : 84 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright (C) 2003
FileDescription : sui MFC Application
InternalName : sui
OriginalFilename : sui.EXE
ProductName : sui Application
Created on : 11/6/2003 2:07:34 AM
Last accessed : 7/18/2004 11:13:33 AM
Last modified : 11/6/2003 2:07:34 AM



Roings Object recognized!
Type : File
Data : a0028591.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP205\
FileSize : 28 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:17 AM
Last modified : 4/19/2004 11:51:03 PM



DyFuCA Object recognized!
Type : File
Data : a0028592.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP205\
FileSize : 35 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:17 AM
Last modified : 4/19/2004 11:51:03 PM



ImIServer IEPlugin Object recognized!
Type : File
Data : a0028597.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP205\
FileSize : 68 KB
Created on : 2/24/2004 9:21:45 PM
Last accessed : 7/18/2004 11:14:17 AM
Last modified : 11/26/2003 8:22:42 PM



WebHancer Object recognized!
Type : File
Data : a0028604.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP205\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/1/2004 12:08:06 AM
Last accessed : 7/18/2004 11:14:17 AM
Last modified : 1/29/2004 2:29:51 PM



VX2 Object recognized!
Type : File
Data : a0028788.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP209\
FileSize : 309 KB
Created on : 6/4/2004 9:17:52 AM
Last accessed : 7/18/2004 11:14:21 AM
Last modified : 6/4/2004 9:17:42 AM



VX2 Object recognized!
Type : File
Data : a0029797.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP209\
FileSize : 309 KB
Created on : 6/5/2004 2:51:42 PM
Last accessed : 7/18/2004 11:14:21 AM
Last modified : 6/4/2004 9:17:42 AM



VX2 Object recognized!
Type : File
Data : a0029798.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP209\
FileSize : 148 KB
FileVersion : 0, 0, 4, 19
ProductVersion : 0, 0, 4, 19
Copyright : Copyright
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
OriginalFilename : BI.DLL
ProductName : Win32 BI Application
Created on : 4/15/2004 12:35:47 AM
Last accessed : 7/18/2004 11:14:21 AM
Last modified : 9/16/2003 4:05:40 PM



VX2 Object recognized!
Type : File
Data : a0029799.ini
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP209\
FileSize : 224 KB
Created on : 4/15/2004 12:36:45 AM
Last accessed : 7/18/2004 11:14:21 AM
Last modified : 12/13/2003 2:48:18 PM



VX2 Object recognized!
Type : File
Data : a0029802.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 309 KB
Created on : 6/6/2004 2:15:07 AM
Last accessed : 7/18/2004 11:14:22 AM
Last modified : 6/4/2004 9:17:42 AM



Roings Object recognized!
Type : File
Data : a0029810.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:22 AM
Last modified : 6/1/2004 12:07:58 AM



EzuLa Object recognized!
Type : File
Data : a0029811.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/1/2004 12:07:58 AM
Last accessed : 7/18/2004 11:14:22 AM
Last modified : 6/1/2004 12:07:58 AM



WebHancer Object recognized!
Type : File
Data : a0029812.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 209 KB
Created on : 6/1/2004 12:08:05 AM
Last accessed : 7/18/2004 11:14:22 AM
Last modified : 6/1/2004 12:08:06 AM



DyFuCA Object recognized!
Type : File
Data : a0029813.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:22 AM
Last modified : 6/1/2004 12:08:11 AM



SahAgent Object recognized!
Type : File
Data : a0029814.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 53 KB
Created on : 6/1/2004 12:08:12 AM
Last accessed : 7/18/2004 11:14:23 AM
Last modified : 6/1/2004 12:08:12 AM

 

BroadCastPC Object recognized!
Type : File
Data : a0029815.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:23 AM
Last modified : 4/19/2004 11:51:02 PM



BroadCastPC Object recognized!
Type : File
Data : a0029817.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP210\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:23 AM
Last modified : 4/9/2004 11:11:38 AM



BroadCastPC Object recognized!
Type : File
Data : a0029825.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 4/9/2004 11:11:38 AM



BroadCastPC Object recognized!
Type : File
Data : a0029827.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 6/6/2004 10:48:55 AM



WebHancer Object recognized!
Type : File
Data : a0029830.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 1/29/2004 2:30:24 PM



WebHancer Object recognized!
Type : File
Data : a0029832.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 1/29/2004 2:30:23 PM



WebHancer Object recognized!
Type : File
Data : a0029833.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 1/29/2004 2:29:49 PM



WebHancer Object recognized!
Type : File
Data : a0029834.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:35 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 1/29/2004 2:30:22 PM



SahAgent Object recognized!
Type : File
Data : a0029836.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 53 KB
Created on : 6/1/2004 12:08:12 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 6/6/2004 10:48:43 AM



DyFuCA Object recognized!
Type : File
Data : a0029837.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 37 KB
Created on : 6/6/2004 10:48:41 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 6/6/2004 10:48:40 AM



DyFuCA Object recognized!
Type : File
Data : a0029839.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 6/6/2004 10:48:40 AM

 

BargainBuddy Object recognized!
Type : File
Data : a0029840.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 48 KB
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
Copyright : Copyright
CompanyName : Exact Advertising
InternalName : cb
OriginalFilename : cb.exe
ProductName : CashBack Program
Created on : 6/6/2004 10:48:40 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 4/8/2004 8:04:52 PM



BargainBuddy Object recognized!
Type : File
Data : a0029841.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 160 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 6/6/2004 10:48:39 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 4/8/2004 7:57:10 PM



BargainBuddy Object recognized!
Type : File
Data : a0029842.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 276 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : bargains
InternalName : bargains
OriginalFilename : bargains.exe
ProductName : bargains buddy
Created on : 6/6/2004 10:48:39 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 4/8/2004 7:53:00 PM



WebHancer Object recognized!
Type : File
Data : a0029845.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:24 AM
Last modified : 1/29/2004 2:29:49 PM



WebHancer Object recognized!
Type : File
Data : a0029846.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 1/29/2004 2:29:51 PM



Roings Object recognized!
Type : File
Data : a0029847.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 32 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : e
InternalName : 6-6
OriginalFilename : 6-6.exe
ProductName : Project1
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 6/6/2004 10:48:36 AM



WebHancer Object recognized!
Type : File
Data : a0029849.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 1/29/2004 2:30:23 PM



WebHancer Object recognized!
Type : File
Data : a0029850.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 1/29/2004 2:30:24 PM



WebHancer Object recognized!
Type : File
Data : a0029851.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:35 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 1/29/2004 2:30:22 PM



WebHancer Object recognized!
Type : File
Data : a0029855.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 209 KB
Created on : 6/1/2004 12:08:05 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 6/6/2004 10:48:35 AM



EzuLa Object recognized!
Type : File
Data : a0029856.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/1/2004 12:07:58 AM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 6/6/2004 10:48:23 AM



Roings Object recognized!
Type : File
Data : a0029857.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:25 AM
Last modified : 6/6/2004 10:48:23 AM



VX2 Object recognized!
Type : File
Data : a0029862.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 309 KB
Created on : 6/6/2004 9:44:53 AM
Last accessed : 7/18/2004 11:14:26 AM
Last modified : 6/4/2004 9:17:42 AM