Thank you again for your continued support. I did all the things you instructed, and this is the Ad-Aware log file that followed:
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 26, 2005 4:46:42 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):4 total references
AdRotator(TAC index:6):8 total references
ClearSearch(TAC index:7):14 total references
DealHelper(TAC index:7):3 total references
Ebates MoneyMaker(TAC index:4):24 total references
Elitum.ElitebarBHO(TAC index:5):5 total references
eUniverse(TAC index:10):1 total references
Favoriteman(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:22 %
Total physical memory:253424 kb
Available physical memory:55108 kb
Total page file size:620964 kb
Available on page file:443472 kb
Total virtual memory:2097024 kb
Available virtual memory:2048484 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-26-2005 4:46:42 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 480
ThreadCreationTime : 4-26-2005 9:45:32 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 528
ThreadCreationTime : 4-26-2005 9:45:33 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 552
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 596
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 608
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 792
ThreadCreationTime : 4-26-2005 9:45:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 848
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 928
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 996
ThreadCreationTime : 4-26-2005 9:45:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1120
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1244
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe
#:13 [ntrtscan.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"
ProcessID : 1272
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
FileVersion : 5.58.0.1063
ProductVersion : 5.58
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
#:14 [tmlisten.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"
ProcessID : 1348
ThreadCreationTime : 4-26-2005 9:45:36 PM
BasePriority : Normal
#:15 [ofcdog.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe"
ProcessID : 1512
ThreadCreationTime : 4-26-2005 9:45:37 PM
BasePriority : Normal
#:16 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1652
ThreadCreationTime : 4-26-2005 9:45:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1916
ThreadCreationTime : 4-26-2005 9:45:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:18 [kodak software updater.exe]
ModuleName : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"
ProcessID : 244
ThreadCreationTime : 4-26-2005 9:45:51 PM
BasePriority : Normal
#:19 [userinit.exe]
ModuleName : C:\WINDOWS\system32\userinit.exe
Command Line : userinit.exe
ProcessID : 352
ThreadCreationTime : 4-26-2005 9:45:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Userinit Logon Application
InternalName : userinit
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : USERINIT.EXE
#:20 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[378]SUSDS3b100134c01a7e46b280740266c2df98
ProcessID : 316
ThreadCreationTime : 4-26-2005 9:46:23 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:21 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 612
ThreadCreationTime : 4-26-2005 9:46:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 988
ThreadCreationTime : 4-26-2005 9:46:31 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1720583248-1557856872-312552118-1419\software\lq
Value : AC
Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Object"
Rootkey : HKEY_USERS
Object : S-1-5-21-1720583248-1557856872-312552118-1419\software\microsoft\windows
Value : Object
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{28CAEFF3-0F18-4036-B504-51D73BD81ABC}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects
Value : {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ecdqmc"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ecdqmc
AdRotator Object Recognized!
Type : File
Data : ecdqmc.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localFilemove Application
FileDescription : localFilemove MFC Application
InternalName : localFilemove
LegalCopyright : Copyright © 2004
OriginalFilename : localFilemove.EXE
AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "rvtwuc"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : rvtwuc
AdRotator Object Recognized!
Type : File
Data : rvtwuc.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localFilemove Application
FileDescription : localFilemove MFC Application
InternalName : localFilemove
LegalCopyright : Copyright © 2004
OriginalFilename : localFilemove.EXE
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 7
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClearSearch Object Recognized!
Type : File
Data : A0000009.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1.83.0.5
ProductVersion : 1.83.0.5
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 83 E
ClearSearch Object Recognized!
Type : File
Data : A0000010.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll
ClearSearch Object Recognized!
Type : File
Data : A0000011.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 83, 5
ProductVersion : 1, 0, 83, 5
ClearSearch Object Recognized!
Type : File
Data : A0000012.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1
ClearSearch Object Recognized!
Type : File
Data : A0000013.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 2
ProductVersion : 1, 77, 0, 2
ClearSearch Object Recognized!
Type : File
Data : A0000014.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
LegalCopyright : Copyright © 2004
ClearSearch Object Recognized!
Type : File
Data : A0000015.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
ClearSearch Object Recognized!
Type : File
Data : A0000016.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1
ClearSearch Object Recognized!
Type : File
Data : A0000017.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll
ClearSearch Object Recognized!
Type : File
Data : A0000018.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
ClearSearch Object Recognized!
Type : File
Data : A0000019.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 7, 0, 2
ProductVersion : 1, 7, 0, 2
ProductName : ClearSearch LoaderUpdater
CompanyName : ClearSearch
FileDescription : LoaderUpdater
InternalName : LoaderUpdater
LegalCopyright : Copyright © 2004
OriginalFilename : LoaderUpdater.dll
ClearSearch Object Recognized!
Type : File
Data : A0000020.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 77, 0, 1
ProductVersion : 1, 77, 0, 1
ClearSearch Object Recognized!
Type : File
Data : A0000021.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
ClearSearch Object Recognized!
Type : File
Data : A0000022.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 13, 0, 5
ProductVersion : 1, 13, 0, 5
Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0000023.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
DealHelper Object Recognized!
Type : File
Data : A0000024.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UnInstallKey Application
FileDescription : UnInstallKey MFC Application
InternalName : UnInstallKey
LegalCopyright : Copyright © 2003
OriginalFilename : UnInstallKey.EXE
eUniverse Object Recognized!
Type : File
Data : A0000025.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL
DealHelper Object Recognized!
Type : File
Data : A0000026.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{47A1454F-891D-4C51-B5CE-4DB4A3E4FD92}\RP1\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright © 2003
OriginalFilename : Redirect.EXE
AdRotator Object Recognized!
Type : File
Data : Helper101.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
AdRotator Object Recognized!
Type : File
Data : ecdqmd.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : localDownload Application
FileDescription : localDownload MFC Application
InternalName : localDownload
LegalCopyright : Copyright © 2004
OriginalFilename : localDownload.EXE
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 27
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC
Favoriteman Object Recognized!
Type : File
Data : hosts.bho
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\etc\
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum
Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteToolBar
Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteSideBar
Elitum.ElitebarBHO Object Recognized!
Type : File
Data : elitebsg32.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
AdRotator Object Recognized!
Type : File
Data : hiwinnager.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
AdRotator Object Recognized!
Type : File
Data : searchen.dat
Category : Malware
Comment :
Object : C:\WINDOWS\
Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : AutoUpdater
Adintelligence.AproposToolbar Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\AutoUpdate
Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : libexpat.dll
Category : Misc
Comment :
Object : C:\Program Files\autoupdate\
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 34
Objects found so far: 61
4:50:40 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:57.468
Objects scanned:82695
Objects identified:61
Objects ignored:0
New critical objects:61