Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchmiracle.com popups everywhere


  • This topic is locked This topic is locked

#16
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Note that the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your new logfile in THIS topic.

- Rawe :tazz:

Edited by Andy_veal, 26 April 2005 - 11:25 AM.

  • 0

Advertisements


#17
amf2880

amf2880

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have already everything in your last message and reposted my Ad-Aware log file labeled as 4/26. I was hoping you could tell me what to get rid of so I do not delete any non-malware that my computer may need. Thank you for your help.
  • 0

#18
[email protected];<'S

[email protected];<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
amf2880,

I was hoping you could tell me what to get rid of so I do not delete any non-malware that my computer may need

What you remove is in the end up to you as it is your PC we can only advise you on what to remove to get your PC clean. :tazz:
But you can remove all that is found in your scan but you will need to do a few scans to remove them all.
Now some of the items displayed in your log are all in the restore folder.
XP has the capability called System Restore. My advice is to empty the system restore folder and the create a new restore point. To do this
Click Start, and then right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart the computer.
All data, including the items and registry entries will be removed from the restore folder.
After restarting the computer, "Re-enable System Restore"
before going any further you need now to create a fresh restore point
Then after you have created a new resotrre point can you once more clear out your cache folder
ie: temporary internet folder. (CCleaner will do this for you)
Then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature . (Even if it is clean)

Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,

Default IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack

Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack

[email protected];<'S
  • 0

#19
amf2880

amf2880

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you again for your continued support. I did all the things you instructed, and this is the Ad-Aware log file that followed:


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 26, 2005 4:46:42 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):4 total references
AdRotator(TAC index:6):8 total references
ClearSearch(TAC index:7):14 total references
DealHelper(TAC index:7):3 total references
Ebates MoneyMaker(TAC index:4):24 total references
Elitum.ElitebarBHO(TAC index:5):5 total references
eUniverse(TAC index:10):1 total references
Favoriteman(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:22 %
Total physical memory:253424 kb
Available physical memory:55108 kb
Total page file size:620964 kb
Available on page file:443472 kb
Total virtual memory:2097024 kb
Available virtual memory:2048484 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-26-2005 4:46:42 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 480
ThreadCreationTime : 4-26-2005 9:45:32 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 528
ThreadCreationTime : 4-26-2005 9:45:33 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 552
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 596
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 608
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 792
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 848
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 928
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 996
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1120
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1244
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [ntrtscan.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"
ProcessID : 1272
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 5.58.0.1063
ProductVersion : 5.58
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:14 [tmlisten.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"
ProcessID : 1348
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal


#:15 [ofcdog.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe"
ProcessID : 1512
ThreadCreationTime : 4-26-2005 9:45:37 PM
BasePriority : Normal


#:16 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1652
ThreadCreationTime : 4-26-2005 9:45:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1916
ThreadCreationTime : 4-26-2005 9:45:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [kodak software updater.exe]
ModuleName : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"
ProcessID : 244
ThreadCreationTime : 4-26-2005 9:45:51 PM
BasePriority : Normal


#:19 [userinit.exe]
ModuleName : C:\WINDOWS\system32\userinit.exe
Command Line : userinit.exe
ProcessID : 352
ThreadCreationTime : 4-26-2005 9:45:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Userinit Logon Application
InternalName : userinit
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : USERINIT.EXE

#:20 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[378]SUSDS3b100134c01a7e46b280740266c2df98
ProcessID : 316
ThreadCreationTime : 4-26-2005 9:46:23 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:21 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 612
ThreadCreationTime : 4-26-2005 9:46:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 988
ThreadCreationTime : 4-26-2005 9:46:31 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1720583248-1557856872-312552118-1419\software\lq
Value : AC

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Object"
Rootkey : HKEY_USERS
Object : S-1-5-21-1720583248-1557856872-312552118-1419\software\microsoft\windows
Value : Object

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{28CAEFF3-0F18-4036-B504-51D73BD81ABC}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects
Value : {28CAEFF3-0F18-4036-B504-51D73BD81ABC}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ecdqmc"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ecdqmc

AdRotator Object Recognized!
Type : File
Data : ecdqmc.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localFilemove Application
FileDescription : localFilemove MFC Application
InternalName : localFilemove
LegalCopyright : Copyright © 2004
OriginalFilename : localFilemove.EXE


AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "rvtwuc"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : rvtwuc

AdRotator Object Recognized!
Type : File
Data : rvtwuc.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localFilemove Application
FileDescription : localFilemove MFC Application
InternalName : localFilemove
LegalCopyright : Copyright © 2004
OriginalFilename : localFilemove.EXE


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ClearSearch Object Recognized!
Type : File
Data : A0000009.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1.83.0.5
ProductVersion : 1.83.0.5
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 83 E


ClearSearch Object Recognized!
Type : File
Data : A0000010.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll


ClearSearch Object Recognized!
Type : File
Data : A0000011.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 83, 5
ProductVersion : 1, 0, 83, 5


ClearSearch Object Recognized!
Type : File
Data : A0000012.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1


ClearSearch Object Recognized!
Type : File
Data : A0000013.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 2
ProductVersion : 1, 77, 0, 2


ClearSearch Object Recognized!
Type : File
Data : A0000014.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
LegalCopyright : Copyright © 2004


ClearSearch Object Recognized!
Type : File
Data : A0000015.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\



ClearSearch Object Recognized!
Type : File
Data : A0000016.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1


ClearSearch Object Recognized!
Type : File
Data : A0000017.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll


ClearSearch Object Recognized!
Type : File
Data : A0000018.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\



ClearSearch Object Recognized!
Type : File
Data : A0000019.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll


ClearSearch Object Recognized!
Type : File
Data : A0000020.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1


ClearSearch Object Recognized!
Type : File
Data : A0000021.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\



ClearSearch Object Recognized!
Type : File
Data : A0000022.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 13, 0, 5
ProductVersion : 1, 13, 0, 5


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0000023.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\



DealHelper Object Recognized!
Type : File
Data : A0000024.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UnInstallKey Application
FileDescription : UnInstallKey MFC Application
InternalName : UnInstallKey
LegalCopyright : Copyright © 2003
OriginalFilename : UnInstallKey.EXE


eUniverse Object Recognized!
Type : File
Data : A0000025.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL


DealHelper Object Recognized!
Type : File
Data : A0000026.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright © 2003
OriginalFilename : Redirect.EXE


AdRotator Object Recognized!
Type : File
Data : Helper101.dll
Category : Malware
Comment :
Object : C:\WINDOWS\



AdRotator Object Recognized!
Type : File
Data : ecdqmd.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localDownload Application
FileDescription : localDownload MFC Application
InternalName : localDownload
LegalCopyright : Copyright © 2004
OriginalFilename : localDownload.EXE


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 27




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Favoriteman Object Recognized!
Type : File
Data : hosts.bho
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\etc\



Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum

Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteToolBar

Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteSideBar

Elitum.ElitebarBHO Object Recognized!
Type : File
Data : elitebsg32.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



AdRotator Object Recognized!
Type : File
Data : hiwinnager.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



AdRotator Object Recognized!
Type : File
Data : searchen.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : AutoUpdater

Adintelligence.AproposToolbar Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\AutoUpdate

Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : libexpat.dll
Category : Misc
Comment :
Object : C:\Program Files\autoupdate\



DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 34
Objects found so far: 61

4:50:40 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:57.468
Objects scanned:82695
Objects identified:61
Objects ignored:0
New critical objects:61
  • 0

#20
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again..
Run these online virus scans here;
- Trend Micro (recommended)
- Panda Activescan
- F-secure

Clean/fix any objects they might find, and after cleaned (If they found something),
reboot, read Ad-aware Logfile Posting Instructions
And post a fresh scanlog in this topic..

- Rawe :tazz:
  • 0

#21
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R41 25.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP