Here I go again

Bucksone · 2004/07/19

WebHancer Object recognized!
Type : File
Data : a0029866.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:26 AM
Last modified : 1/29/2004 2:29:51 PM

VX2 Object recognized!
Type : File
Data : a0029867.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP211\
FileSize : 309 KB
Created on : 6/6/2004 2:15:07 AM
Last accessed : 7/18/2004 11:14:26 AM
Last modified : 6/4/2004 9:17:42 AM

VX2 Object recognized!
Type : File
Data : a0029884.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 309 KB
Created on : 6/6/2004 3:19:39 PM
Last accessed : 7/18/2004 11:14:27 AM
Last modified : 6/4/2004 9:17:42 AM

Roings Object recognized!
Type : File
Data : a0029888.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:27 AM
Last modified : 6/1/2004 12:07:58 AM

EzuLa Object recognized!
Type : File
Data : a0029889.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/1/2004 12:07:58 AM
Last accessed : 7/18/2004 11:14:27 AM
Last modified : 6/1/2004 12:07:58 AM

WebHancer Object recognized!
Type : File
Data : a0029890.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 209 KB
Created on : 6/1/2004 12:08:05 AM
Last accessed : 7/18/2004 11:14:27 AM
Last modified : 6/1/2004 12:08:06 AM

DyFuCA Object recognized!
Type : File
Data : a0029891.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:27 AM
Last modified : 6/1/2004 12:08:11 AM

SahAgent Object recognized!
Type : File
Data : a0029892.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 53 KB
Created on : 6/1/2004 12:08:12 AM
Last accessed : 7/18/2004 11:14:28 AM
Last modified : 6/1/2004 12:08:12 AM

BroadCastPC Object recognized!
Type : File
Data : a0029893.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:28 AM
Last modified : 4/19/2004 11:51:02 PM

BroadCastPC Object recognized!
Type : File
Data : a0029895.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP212\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:28 AM
Last modified : 4/9/2004 11:11:38 AM

VX2 Object recognized!
Type : File
Data : a0029937.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 309 KB
Created on : 6/7/2004 9:29:27 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/4/2004 9:17:42 AM

VX2 Object recognized!
Type : File
Data : a0029941.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 309 KB
Created on : 6/7/2004 2:20:15 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/4/2004 9:17:42 AM

VX2 Object recognized!
Type : File
Data : a0029944.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 309 KB
Created on : 6/7/2004 1:24:41 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/4/2004 9:17:42 AM

BroadCastPC Object recognized!
Type : File
Data : a0029947.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 4/9/2004 11:11:38 AM

BroadCastPC Object recognized!
Type : File
Data : a0029949.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/6/2004 10:48:55 AM

WebHancer Object recognized!
Type : File
Data : a0029952.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 1/29/2004 2:30:24 PM

WebHancer Object recognized!
Type : File
Data : a0029954.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 1/29/2004 2:30:23 PM

Bucksone · 2004/07/19

WebHancer Object recognized!
Type : File
Data : a0029955.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 1/29/2004 2:29:49 PM

WebHancer Object recognized!
Type : File
Data : a0029956.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:35 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 1/29/2004 2:30:22 PM

SahAgent Object recognized!
Type : File
Data : a0029958.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 53 KB
Created on : 6/1/2004 12:08:12 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/6/2004 10:48:43 AM

DyFuCA Object recognized!
Type : File
Data : a0029959.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 37 KB
Created on : 6/6/2004 10:48:41 AM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/6/2004 10:48:40 AM

DyFuCA Object recognized!
Type : File
Data : a0029961.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:29 AM
Last modified : 6/6/2004 10:48:40 AM

BargainBuddy Object recognized!
Type : File
Data : a0029962.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 48 KB
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
Copyright : Copyright
CompanyName : Exact Advertising
InternalName : cb
OriginalFilename : cb.exe
ProductName : CashBack Program
Created on : 6/6/2004 10:48:40 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 4/8/2004 8:04:52 PM

BargainBuddy Object recognized!
Type : File
Data : a0029963.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 160 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 6/6/2004 10:48:39 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 4/8/2004 7:57:10 PM

BargainBuddy Object recognized!
Type : File
Data : a0029964.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 276 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : bargains
InternalName : bargains
OriginalFilename : bargains.exe
ProductName : bargains buddy
Created on : 6/6/2004 10:48:39 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 4/8/2004 7:53:00 PM

WebHancer Object recognized!
Type : File
Data : a0029966.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 1/29/2004 2:29:49 PM

WebHancer Object recognized!
Type : File
Data : a0029967.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 1/29/2004 2:29:51 PM

Roings Object recognized!
Type : File
Data : a0029968.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 32 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : e
InternalName : 6-6
OriginalFilename : 6-6.exe
ProductName : Project1
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 6/6/2004 10:48:36 AM

Bucksone · 2004/07/19

WebHancer Object recognized!
Type : File
Data : a0029970.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 1/29/2004 2:30:23 PM

WebHancer Object recognized!
Type : File
Data : a0029971.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 1/29/2004 2:30:24 PM

WebHancer Object recognized!
Type : File
Data : a0029972.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:35 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 1/29/2004 2:30:22 PM

WebHancer Object recognized!
Type : File
Data : a0029976.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 209 KB
Created on : 6/1/2004 12:08:05 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 6/6/2004 10:48:35 AM

EzuLa Object recognized!
Type : File
Data : a0029977.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/1/2004 12:07:58 AM
Last accessed : 7/18/2004 11:14:30 AM
Last modified : 6/6/2004 10:48:23 AM

Roings Object recognized!
Type : File
Data : a0029978.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:31 AM
Last modified : 6/6/2004 10:48:23 AM

VX2 Object recognized!
Type : File
Data : a0029980.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 309 KB
Created on : 6/6/2004 9:44:53 AM
Last accessed : 7/18/2004 11:14:31 AM
Last modified : 6/4/2004 9:17:42 AM

WebHancer Object recognized!
Type : File
Data : a0029984.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP213\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:31 AM
Last modified : 1/29/2004 2:29:51 PM

VX2 Object recognized!
Type : File
Data : a0029995.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 309 KB
Created on : 6/7/2004 10:18:14 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/4/2004 9:17:42 AM

VX2 Object recognized!
Type : File
Data : a0030002.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 309 KB
Created on : 6/6/2004 3:19:39 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/4/2004 9:17:42 AM

Roings Object recognized!
Type : File
Data : a0030003.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/1/2004 12:07:58 AM

Bucksone · 2004/07/20

The lengthy Ad-Aware log I'm posting is unfortunately not complete yet. I had to take a break from it, and when I returned, I now can't connect to the internet (at the moment I am using a computer at work for this post.) I'll try to complete the log as soon as my connectivity issue is resolved. Hopefully, it is a temporary problem with my ISP.

By the way, as I am copying and pasting this log, is there an way to see a count of how many characters I have highlighted for copying? The limit to post is 10000, and I am just guessing each time how many I am highlighting. If it's over the limit, the post is rejected and I have to cut it.

Bucksone · 2004/07/20

EzuLa Object recognized!
Type : File
Data : a0030004.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/1/2004 12:07:58 AM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/1/2004 12:07:58 AM

WebHancer Object recognized!
Type : File
Data : a0030005.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 209 KB
Created on : 6/1/2004 12:08:05 AM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/1/2004 12:08:06 AM

DyFuCA Object recognized!
Type : File
Data : a0030006.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/1/2004 12:08:11 AM

SahAgent Object recognized!
Type : File
Data : a0030007.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 53 KB
Created on : 6/1/2004 12:08:12 AM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 6/1/2004 12:08:12 AM

BroadCastPC Object recognized!
Type : File
Data : a0030008.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 4/19/2004 11:51:02 PM

BroadCastPC Object recognized!
Type : File
Data : a0030010.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 4/9/2004 11:11:38 AM

WebHancer Object recognized!
Type : File
Data : a0030021.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 1/29/2004 2:29:51 PM

WebHancer Object recognized!
Type : File
Data : a0030022.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 6/6/2004 10:48:36 AM
Last accessed : 7/18/2004 11:14:32 AM
Last modified : 1/29/2004 2:29:51 PM

VX2 Object recognized!
Type : File
Data : a0030029.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 239 KB
Created on : 3/17/2004 2:09:46 AM
Last accessed : 7/18/2004 11:14:33 AM
Last modified : 6/4/2004 9:17:40 AM

Roings Object recognized!
Type : File
Data : a0030094.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 32 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : e
InternalName : 5-31
OriginalFilename : 5-31.exe
ProductName : Project1
Created on : 6/1/2004 12:08:06 AM
Last accessed : 7/18/2004 11:14:33 AM
Last modified : 6/1/2004 12:08:07 AM

VX2 Object recognized!
Type : File
Data : a0030162.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\
FileSize : 309 KB
Created on : 6/4/2004 9:17:42 AM
Last accessed : 7/18/2004 11:14:33 AM
Last modified : 6/4/2004 9:17:42 AM

OverPro Object recognized!
Type : File
Data : a0030421.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP217\
FileSize : 128 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004
FileDescription : WildApp Module
InternalName : WildApp
OriginalFilename : WildApp.DLL
ProductName : WildApp Module
Created on : 3/17/2004 10:45:16 PM
Last accessed : 7/18/2004 11:14:39 AM
Last modified : 3/17/2004 10:45:16 PM

Roings Object recognized!
Type : File
Data : a0030566.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP222\
FileSize : 28 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:14:43 AM
Last modified : 4/19/2004 11:51:03 PM

DyFuCA Object recognized!
Type : File
Data : a0030567.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP222\
FileSize : 35 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:14:43 AM
Last modified : 4/19/2004 11:51:03 PM

BroadCastPC Object recognized!
Type : File
Data : a0030568.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP222\
FileSize : 148 KB
Created on : 4/19/2004 11:51:02 PM
Last accessed : 7/18/2004 11:14:43 AM
Last modified : 4/19/2004 11:51:02 PM

BroadCastPC Object recognized!
Type : File
Data : a0030570.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP222\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:14:43 AM
Last modified : 4/9/2004 11:11:38 AM

Bucksone · 2004/07/20

OverPro Object recognized!
Type : File
Data : a0030571.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP222\
FileSize : 39 KB
Created on : 3/30/2004 4:42:14 PM
Last accessed : 7/18/2004 11:14:43 AM
Last modified : 3/30/2004 4:42:14 PM

BargainBuddy Object recognized!
Type : File
Data : a0030770.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 276 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : bargains
InternalName : bargains
OriginalFilename : bargains.exe
ProductName : bargains buddy
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 4/8/2004 7:53:00 PM

BargainBuddy Object recognized!
Type : File
Data : a0030773.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 160 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 4/8/2004 7:57:10 PM

BargainBuddy Object recognized!
Type : File
Data : a0030774.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 48 KB
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
Copyright : Copyright
CompanyName : Exact Advertising
InternalName : cb
OriginalFilename : cb.exe
ProductName : CashBack Program
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 4/8/2004 8:04:52 PM

OverPro Object recognized!
Type : File
Data : a0030775.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 121 KB
Created on : 3/16/2004 4:52:16 PM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 3/16/2004 4:52:16 PM

OverPro Object recognized!
Type : File
Data : a0030776.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 128 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004
FileDescription : WildApp Module
InternalName : WildApp
OriginalFilename : WildApp.DLL
ProductName : WildApp Module
Created on : 3/17/2004 9:45:16 PM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 3/17/2004 9:45:16 PM

ImIServer IEPlugin Object recognized!
Type : File
Data : a0030777.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 68 KB
Created on : 2/24/2004 9:21:45 PM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 11/26/2003 8:22:42 PM

DyFuCA Object recognized!
Type : File
Data : a0030779.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP225\
FileSize : 37 KB
Created on : 6/15/2004 12:04:42 AM
Last accessed : 7/18/2004 11:14:48 AM
Last modified : 6/15/2004 12:04:42 AM

BargainBuddy Object recognized!
Type : File
Data : a0030825.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 276 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : bargains
InternalName : bargains
OriginalFilename : bargains.exe
ProductName : bargains buddy
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:50 AM
Last modified : 4/8/2004 7:53:00 PM

BargainBuddy Object recognized!
Type : File
Data : a0030828.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 160 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:50 AM
Last modified : 4/8/2004 7:57:10 PM

BargainBuddy Object recognized!
Type : File
Data : a0030829.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 48 KB
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
Copyright : Copyright
CompanyName : Exact Advertising
InternalName : cb
OriginalFilename : cb.exe
ProductName : CashBack Program
Created on : 6/15/2004 12:04:41 AM
Last accessed : 7/18/2004 11:14:50 AM
Last modified : 4/8/2004 8:04:52 PM

OverPro Object recognized!
Type : File
Data : a0030830.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 121 KB
Created on : 3/16/2004 4:52:16 PM
Last accessed : 7/18/2004 11:14:51 AM
Last modified : 3/16/2004 4:52:16 PM

OverPro Object recognized!
Type : File
Data : a0030831.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 128 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004
FileDescription : WildApp Module
InternalName : WildApp
OriginalFilename : WildApp.DLL
ProductName : WildApp Module
Created on : 3/17/2004 9:45:16 PM
Last accessed : 7/18/2004 11:14:51 AM
Last modified : 3/17/2004 9:45:16 PM

ImIServer IEPlugin Object recognized!
Type : File
Data : a0030832.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 68 KB
Created on : 2/24/2004 9:21:45 PM
Last accessed : 7/18/2004 11:14:51 AM
Last modified : 11/26/2003 8:22:42 PM

DyFuCA Object recognized!
Type : File
Data : a0030834.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP227\
FileSize : 37 KB
Created on : 6/15/2004 12:04:42 AM
Last accessed : 7/18/2004 11:14:51 AM
Last modified : 6/15/2004 12:04:42 AM

ClickSpring Object recognized!
Type : File
Data : a0031161.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP230\
FileSize : 64 KB
Created on : 6/15/2004 12:04:09 AM
Last accessed : 7/18/2004 11:14:59 AM
Last modified : 6/15/2004 12:04:10 AM

Bucksone · 2004/07/20

SahAgent Object recognized!
Type : File
Data : a0031237.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP232\
FileSize : 53 KB
Created on : 6/15/2004 12:04:44 AM
Last accessed : 7/18/2004 11:15:01 AM
Last modified : 6/15/2004 12:04:44 AM

BroadCastPC Object recognized!
Type : File
Data : a0031238.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP232\
FileSize : 72 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Organization
InternalName : AST4_mm
OriginalFilename : AST4_mm.exe
ProductName : Autostarter
Created on : 4/19/2004 11:51:15 PM
Last accessed : 7/18/2004 11:15:01 AM
Last modified : 4/9/2004 11:11:38 AM

EzuLa Object recognized!
Type : File
Data : a0031240.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP232\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/15/2004 12:04:29 AM
Last accessed : 7/18/2004 11:15:01 AM
Last modified : 6/15/2004 12:04:29 AM

Roings Object recognized!
Type : File
Data : a0031241.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP232\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 11:15:02 AM
Last modified : 6/15/2004 12:04:29 AM

DyFuCA Object recognized!
Type : File
Data : a0031242.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP232\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:15:02 AM
Last modified : 6/15/2004 12:04:42 AM

DyFuCA Object recognized!
Type : File
Data : a0031459.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP234\
FileSize : 37 KB
Created on : 6/24/2004 2:58:50 PM
Last accessed : 7/18/2004 11:15:05 AM
Last modified : 6/24/2004 2:58:49 PM

ClickSpring Object recognized!
Type : File
Data : a0031460.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP234\
FileSize : 64 KB
Created on : 6/24/2004 2:57:18 PM
Last accessed : 7/18/2004 11:15:05 AM
Last modified : 6/24/2004 2:57:18 PM

Roings Object recognized!
Type : File
Data : a0031463.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP234\
FileSize : 36 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : hgf
InternalName : load
OriginalFilename : load.exe
ProductName : opppos
Created on : 6/24/2004 2:57:57 PM
Last accessed : 7/18/2004 11:15:05 AM
Last modified : 6/24/2004 2:57:57 PM

Roings Object recognized!
Type : File
Data : a0031510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP234\
FileSize : 36 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : hgf
InternalName : load
OriginalFilename : load.exe
ProductName : opppos
Created on : 6/24/2004 2:58:26 PM
Last accessed : 7/18/2004 11:15:06 AM
Last modified : 6/24/2004 2:58:26 PM

VX2 Object recognized!
Type : File
Data : a0033587.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP242\
FileSize : 313 KB
Created on : 7/15/2004 4:36:40 PM
Last accessed : 7/18/2004 11:15:28 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0033588.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP242\
FileSize : 148 KB
FileVersion : 0, 0, 4, 19
ProductVersion : 0, 0, 4, 19
Copyright : Copyright
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
OriginalFilename : BI.DLL
ProductName : Win32 BI Application
Created on : 4/15/2004 12:35:47 AM
Last accessed : 7/18/2004 11:15:28 AM
Last modified : 9/16/2003 4:05:40 PM

VX2 Object recognized!
Type : File
Data : a0033589.ini
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP242\
FileSize : 224 KB
Created on : 4/15/2004 12:36:45 AM
Last accessed : 7/18/2004 11:15:28 AM
Last modified : 12/13/2003 2:48:18 PM

VX2 Object recognized!
Type : File
Data : a0034592.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP242\
FileSize : 313 KB
Created on : 7/15/2004 7:10:16 PM
Last accessed : 7/18/2004 11:15:29 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035592.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP243\
FileSize : 313 KB
Created on : 7/15/2004 7:30:35 PM
Last accessed : 7/18/2004 11:15:30 AM
Last modified : 7/15/2004 4:36:34 PM

Bucksone · 2004/07/20

VX2 Object recognized!
Type : File
Data : a0035661.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/17/2004 11:47:24 AM
Last accessed : 7/18/2004 11:15:32 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035686.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/16/2004 12:06:41 PM
Last accessed : 7/18/2004 11:15:32 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035691.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/16/2004 12:20:27 AM
Last accessed : 7/18/2004 11:15:32 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035721.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 48 KB
Created on : 7/15/2004 4:41:06 PM
Last accessed : 7/18/2004 11:15:33 AM
Last modified : 7/15/2004 4:41:06 PM

VX2 Object recognized!
Type : File
Data : a0035722.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 255 KB
Created on : 3/17/2004 2:09:46 AM
Last accessed : 7/18/2004 11:15:33 AM
Last modified : 7/15/2004 4:36:33 PM

VX2 Object recognized!
Type : File
Data : a0035873.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/17/2004 11:47:24 AM
Last accessed : 7/18/2004 11:15:37 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035874.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/16/2004 12:06:41 PM
Last accessed : 7/18/2004 11:15:37 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0035875.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/16/2004 12:20:27 AM
Last accessed : 7/18/2004 11:15:37 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : a0036865.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP246\
FileSize : 313 KB
Created on : 7/17/2004 11:40:06 PM
Last accessed : 7/18/2004 11:15:37 AM
Last modified : 7/15/2004 4:36:34 PM

180Solutions Object recognized!
Type : File
Data : 180sainstaller.inf
Category : Data Miner
Comment :
Object : C:\WINNT\Downloaded Program Files\

Created on : 4/13/2004 3:41:44 PM
Last accessed : 7/18/2004 11:15:51 AM
Last modified : 4/13/2004 3:41:44 PM

ClickSpring Object recognized!
Type : File
Data : mediaticketsinstaller.ocx
Category : Data Miner
Comment :
Object : C:\WINNT\Downloaded Program Files\
FileSize : 116 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
CompanyName : PowerTeam Corporation
FileDescription : MediaTicketsInstaller ActiveX Control Module
InternalName : MediaTicketsInstaller
OriginalFilename : MediaTicketsInstaller.OCX
ProductName : MediaTicketsInstaller ActiveX Control Module
Created on : 6/2/2004 5:14:28 PM
Last accessed : 7/18/2004 11:15:52 AM
Last modified : 6/2/2004 5:14:28 PM

OverPro Object recognized!
Type : File
Data : minigolf_affiliate.exe
Category : Malware
Comment :
Object : C:\WINNT\LastGood\
FileSize : 39 KB
Created on : 6/15/2004 12:12:41 AM
Last accessed : 7/18/2004 11:17:36 AM
Last modified : 3/30/2004 4:42:14 PM

VX2 Object recognized!
Type : File
Data : updinstall.exe
Category : Data Miner
Comment :
Object : C:\WINNT\system\
FileSize : 255 KB
Created on : 3/17/2004 2:09:46 AM
Last accessed : 7/18/2004 11:17:59 AM
Last modified : 7/15/2004 4:36:33 PM

VX2 Object recognized!
Type : File
Data : arsldp.dll
Category : Data Miner
Comment :
Object : C:\WINNT\system32\
FileSize : 313 KB
Created on : 7/18/2004 10:15:45 AM
Last accessed : 7/18/2004 11:19:59 AM
Last modified : 7/15/2004 4:36:34 PM

VX2 Object recognized!
Type : File
Data : iconz.exe
Category : Data Miner
Comment :
Object : C:\WINNT\
FileSize : 48 KB
Created on : 7/15/2004 4:41:06 PM
Last accessed : 7/18/2004 10:40:55 AM
Last modified : 7/15/2004 4:41:06 PM

EzuLa Object recognized!
Type : File
Data : mmttil.exe
Category : Data Miner
Comment :
Object : C:\WINNT\
FileSize : 64 KB
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : MediaMotor
FileDescription : eZstub Module
InternalName : eZstub
OriginalFilename : eZstub.EXE
ProductName : eZstub Module
Created on : 6/15/2004 12:04:29 AM
Last accessed : 7/18/2004 10:40:55 AM
Last modified : 6/24/2004 2:58:37 PM

Win32.TrojanClicker Object recognized!
Type : File
Data : nootgk.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileSize : 32 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : e
InternalName : 4-19
OriginalFilename : 4-19.exe
ProductName : Project1
Created on : 4/19/2004 11:51:01 PM
Last accessed : 7/18/2004 10:40:55 AM
Last modified : 4/19/2004 11:51:01 PM

Bucksone · 2004/07/20

DyFuCA Object recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileSize : 37 KB
Created on : 4/19/2004 11:50:59 PM
Last accessed : 7/18/2004 11:21:14 AM
Last modified : 6/24/2004 2:58:49 PM

SahAgent Object recognized!
Type : File
Data : sahagent-mediamotor1001.exe
Category : Data Miner
Comment :
Object : C:\WINNT\
FileSize : 53 KB
Created on : 6/15/2004 12:04:44 AM
Last accessed : 7/18/2004 10:40:55 AM
Last modified : 6/24/2004 2:57:59 PM

Roings Object recognized!
Type : File
Data : unstall.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe
ProductName : Project1
Created on : 4/19/2004 11:51:03 PM
Last accessed : 7/18/2004 10:40:55 AM
Last modified : 6/24/2004 2:58:48 PM

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 165

Scanning Hosts file(C:\WINNT\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
0 entries scanned.
New objects :0
Objects found so far: 165

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

DownloadWare Object recognized!
Type : File
Data : activeinstall.inf
Category : Data Miner
Comment :
Object : c:\winnt\downloaded program files\

Created on : 11/28/2001 4:42:12 PM
Last accessed : 7/18/2004 11:21:19 AM
Last modified : 11/28/2001 4:42:12 PM

Other Object recognized!
Type : File
Data : popcaploader.dll
Category : Data Miner
Comment :
Object : c:\winnt\downloaded program files\
FileSize : 124 KB
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
Copyright : Copyright 2003
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
OriginalFilename : PopCapLoader.DLL
ProductName : PopCapLoader Module
Created on : 12/19/2003 9:02:06 PM
Last accessed : 7/18/2004 10:40:44 AM
Last modified : 12/19/2003 9:02:06 PM

180Solutions Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 168

7:40:27 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:41:55:859
Objects scanned :338461
Objects identified :168
Objects ignored :0
New objects :168

Bucksone · 2004/07/20

Ok, finally finished with that log. Thanks for your patience.

I solved my connectivity problem by rebooting my external cable modem and rebooting the computer. This happens occasionally with Wide Open West, enough so that they have the directions to do so on their recording before you even speak to a tech.

Have at that log, you helpful computer experts!

noahdfear · 2004/07/20

Good to hear your connectivity fix was a simple one. Tired yet?

While offline, open VX2Finder again (the (126 version) and click on the *click to find VX2.BetterInternet* button. Then click on these buttons in the right pane, in this order, as available:

user agent, Guardian.reg, restore policy

Exit and reboot.

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.
Post the results here.

Additionally, go to start>run and paste the following command, then hit enter.

regedit.exe /e c:\srchasst.txt "HKEY_Current_User\Software\Microsoft\Search Assistant "

Open My Compter, then Local Disk C: and look for the srchasst.txt file. Either open and copy/paste the contents here or I can PM you my email addy to send it to me.

Use RegSeeker again to search for Spotresults and post results, if still being redirected after running VX2Finder.

Bucksone · 2004/07/20

Sorry for the delay. My keyboard stopped working correctly for most of the day. Various letter keys would do various things, instead of typing the letter it was supposed to. I eventually got the problem corrected, although I'm not sure how.

Anyway, before I follow your directions, I have to ask which version of VX2Finder I'm supposed to use. When checking properties of both versions I have on my desktop, the version on both is 1.0.0.23. I'm not sure what the 126 version is.

noahdfear · 2004/07/20

Ah! I see now that the first link I posted wasn't updated. Sorry, I thought I had done that. Better post a log from the new version before going further.

http://download.broadbandmedic.com/VX2Finder(126).exe

Same routine.

Bucksone · 2004/07/20

Log for VX2.BetterInternet File Finder (msg126)

Files Found---
C:\WINNT\System32\6ro4svc.dll
C:\WINNT\System32\6xo4svc.dll

Additional Files---

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---igfxcui
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---wlballoon

Guardian Key--- is called:

User Agent String---
{FBE9ED3F-D00D-4ADF-B23A-8259538DDDE2}

noahdfear · 2004/07/20

Now that's what I was looking for!

Sign off and stay off the internet until this entire procedure is complete.

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

Then select the *Delete these files* button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file (Reboot)

Once back in Windows, open VX2Finder again and click on the *click to find VX2.BetterInternet* button. Then click on these buttons in the right pane, in this order as available:

user agent, Guardian.reg, restore policy

Exit and reboot.

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.
Post it here.

Before you post though, if you use the Quick Launch toolbar, check it for functionality and try creating a new toolbar by right clicking the taskbar and choosing Toolbars>any one. Let me know the results of the quick launch/toolbar tests.

Bucksone · 2004/07/21

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---igfxcui
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---wlballoon

Guardian Key--- is called:

User Agent String---

I don't normally use the Quick Launch toolbar, but I clicked on it and it appeared in the lower left corner, with icons for AOL Instant Messenger, Internet Explore, and Quick Time. I then right clicked again on the taskbar and choose Address. The word Address appeared on the lower right corner.

Thanks again, and I sense we are making progress here.

noahdfear · 2004/07/21

Yes, progress is being made. Good to hear quick launch is working too.

Bucksone · 2004/07/21

Well, knock on wood, but I haven't been redirected today to Spotresults. Is there anything else I need to be doing, perhaps to prevent this from happening again?

Thanks a bunch.

Bucksone · 2004/07/21

Aaaaaaaaahhhhhhhhh!!!!!!!
I spoke too soon, or I forgot to knock on wood. Right after my last post, I tried to go to google.com and got redirected to Spotresults.

LDTate · 2004/07/21

Might be a good idea to run and post a new HijackThis log now.

Log in or Sign up

Here I go again

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

LDTate Inactive

Share This Page

Log in or Sign up

Here I go again

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

noahdfear Inactive

Bucksone Well-Known Member Thread Starter

Bucksone Well-Known Member Thread Starter

LDTate Inactive

Share This Page

Useful Searches