• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
bill721

I can't remove hijack and add pop ups

Recommended Posts

Everytime I restart I and run Ad-Aware 1.06r1. I get the same errors found. 1 object recognized. 1 New Critical Objects and 1 Registry Keys Identified. If I run Ad-Aware a second time they are gone so they are gettin erased, however, when I restart they are back.

 

The startup senario is:

Even before the network starts IE opens with this address http://iesettingsupdate/

 

Then a new window opens and: http://pop.uskyonline.com/sixer.php?src=em...;rand=0.8932263

 

Then this error window opens: vsg21 I get-runtime error '35756'

 

Then this popup shows up with an address bar that can't be changed: http://search.travel-www.search.travel-Microsoft Internet Explorer

 

The after that any time it feels like another sales pitch IE window will open up with a different sales pitch.

No way of knowing when.

 

Here is a copy of the scan file:

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Wednesday, August 23, 2006 1:16:56 PM

Using definitions file:SE1R119 15.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):9 total references

Possible Browser Hijack attempt(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

8-23-2006 1:16:56 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Administrator\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 868

ThreadCreationTime : 8-23-2006 6:13:55 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 916

ThreadCreationTime : 8-23-2006 6:13:56 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 940

ThreadCreationTime : 8-23-2006 6:13:57 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 984

ThreadCreationTime : 8-23-2006 6:13:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 996

ThreadCreationTime : 8-23-2006 6:13:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ibmpmsvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1184

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

 

 

#:7 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1208

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

FileVersion : 6.14.10.4112

ProductVersion : 6.14.10.4112.02

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1224

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1284

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1532

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1636

ThreadCreationTime : 8-23-2006 6:13:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1880

ThreadCreationTime : 8-23-2006 6:13:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:13 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 484

ThreadCreationTime : 8-23-2006 6:13:59 PM

BasePriority : Normal

FileVersion : 8.19

ProductVersion : 8.19

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LexBceS.exe

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 532

ThreadCreationTime : 8-23-2006 6:13:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 540

ThreadCreationTime : 8-23-2006 6:13:59 PM

BasePriority : Normal

FileVersion : 8.19

ProductVersion : 8.19

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LEXPPS.EXE

Comments : MarkVision for Windows '95 New P2P Server (32-bit)

 

#:16 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 248

ThreadCreationTime : 8-23-2006 6:14:04 PM

BasePriority : Normal

FileVersion : 6.14.10.4112

ProductVersion : 6.14.10.4112.02

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:17 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 764

ThreadCreationTime : 8-23-2006 6:14:04 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:18 [tpam.exe]

FilePath : C:\Program Files\IBM\Personal Communications\

ProcessID : 884

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

 

 

#:19 [tphkmgr.exe]

FilePath : C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\

ProcessID : 896

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Above Normal

 

 

#:20 [syntplpr.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 900

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 7.5.17.13 08Nov04

ProductVersion : 7.5.17.13 08Nov04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : TouchPad Driver Helper Application

InternalName : SynTPLpr

LegalCopyright : Copyright © Synaptics, Inc. 1996-2003

OriginalFilename : SynTPLpr.exe

 

#:21 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 960

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 7.5.17.13 08Nov04

ProductVersion : 7.5.17.13 08Nov04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Scrolleroo

LegalCopyright : Copyright © Synaptics, Inc. 1996-2003

OriginalFilename : SynTPEnh.exe

 

#:22 [tponscr.exe]

FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY\

ProcessID : 1064

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

 

 

#:23 [tpscrex.exe]

FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\

ProcessID : 1072

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 1.14

ProductVersion : 1.14

ProductName : ThinkPad UltraZoom

CompanyName : IBM Corporation

FileDescription : ThinkPad UltraZoom

InternalName : TPSCREX

LegalCopyright : Copyright © IBM Corp. 2000,2005

OriginalFilename : TpScrEx.exe

 

#:24 [tpshocks.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1344

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 1, 3, 2, 0

ProductVersion : 1, 3, 2, 0

ProductName : n/a TpShocks

CompanyName : IBM Corp.

FileDescription : IBM Active Protection System

InternalName : TpShocks

LegalCopyright : Copyright © IBM Corp. 2003-2005

OriginalFilename : TpShocks.exe

 

#:25 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla\

ProcessID : 1368

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 1.04.07a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2003 Sonic Solutions

 

#:26 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 1384

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 6.4

ProductVersion : QuickTime 6.4

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2003

OriginalFilename : QTTask.exe

 

#:27 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 1392

ThreadCreationTime : 8-23-2006 6:14:06 PM

BasePriority : Normal

FileVersion : 4.7.1.30

ProductVersion : 4.7.1.30

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:28 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1412

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:29 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1464

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:30 [qcwlicon.exe]

FilePath : C:\Program Files\ThinkPad\ConnectUtilities\

ProcessID : 1476

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 3, 7, 1, 0

ProductVersion : 3, 7, 1, 0

ProductName : IBM ThinkPad Utility

CompanyName : IBM Corp.

FileDescription : IBM Access Connections - Wireless Status Icon.

InternalName : QCWLIcon

LegalCopyright : Copyright © IBM Corp. 2001, 2005

OriginalFilename : QCWLIcon.exe

Comments : IBM Access Connections Component.

 

#:31 [isamtray.exe]

FilePath : C:\Program Files\c4ebreg\

ProcessID : 1484

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 6.10

ProductVersion : 6.10

CompanyName : IBM Global Services

FileDescription : IBM Standard Asset Manager GUI

InternalName : ISAMTRAY

LegalCopyright : © IBM Global Services, 2005, 2006

Comments : Written by: Operating Systems Platforms

 

#:32 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 1492

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

 

 

#:33 [qctray.exe]

FilePath : C:\Program Files\ThinkPad\ConnectUtilities\

ProcessID : 1500

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 3, 7, 1, 0

ProductVersion : 3, 7, 1, 0

ProductName : IBM ThinkPad Utility

CompanyName : IBM Corp.

FileDescription : IBM Access Connections - Taskbar Application.

InternalName : QCTray

LegalCopyright : Copyright © IBM Corp. 2001, 2005

OriginalFilename : QCTray.exe

Comments : IBM Access Connections Component.

 

#:34 [ad-watch.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 1520

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : High

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : 1999-2004 Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:35 [lxbfbmgr.exe]

FilePath : C:\Program Files\Lexmark X6100 Series\

ProcessID : 1572

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 0.1.25.0

ProductVersion : 0.1.25.0

ProductName : Button Manager Executable

CompanyName : Lexmark International, Inc.

FileDescription : Lexmark X6100 Series Button Manager

InternalName : lxbfbmgr.exe

LegalCopyright : © 2002 Lexmark International, Inc.

OriginalFilename : lxbfbmgr.exe

 

#:36 [iclient.exe]

FilePath : C:\Program Files\Zone Labs\Integrity Client\

ProcessID : 1648

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 6.0.202.000

ProductVersion : 6.0.202.000

ProductName : Integrity Client

CompanyName : Check Point Inc.

FileDescription : Integrity Client

InternalName : iclient

LegalCopyright : Copyright © 1998-2005, Check Point Inc.

OriginalFilename : iclient.exe

 

#:37 [thiselt.exe]

FilePath : C:\WINDOWS\

ProcessID : 1700

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 1.00

ProductVersion : 1.00

ProductName : Project1

InternalName : this2elt

OriginalFilename : this2elt.exe

 

#:38 [lxbfbmon.exe]

FilePath : C:\Program Files\Lexmark X6100 Series\

ProcessID : 1716

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 0.1.25.0

ProductVersion : 0.1.25.0

ProductName : Button Monitor Executable

CompanyName : Lexmark International, Inc.

FileDescription : Lexmark X6100 Series Button Monitor

InternalName : lxbfbmon.exe

LegalCopyright : © 2002 Lexmark International, Inc.

OriginalFilename : lxbfbmon.exe

 

#:39 [win32072141556127.exe]

FilePath : C:\WINDOWS\

ProcessID : 1732

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 1.00.0020

ProductVersion : 1.00.0020

ProductName : vSg21

InternalName : vSg20-e

OriginalFilename : vSg20-e.exe

 

#:40 [aolacsd.exe]

FilePath : C:\Program Files\Common Files\AOL\ACS\

ProcessID : 1740

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 3.0.0.1

ProductVersion : 3.0.0.1

ProductName : AOL Connectivity Service

CompanyName : America Online

FileDescription : AOL Connectivity Service

InternalName : AOLacsd

LegalCopyright : Copyright © 2004 America Online

OriginalFilename : AOLacsd.exe

 

#:41 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 1808

ThreadCreationTime : 8-23-2006 6:14:07 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:42 [aoltsmon.exe]

FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\

ProcessID : 1868

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed Monitor

CompanyName : America Online, Inc

FileDescription : AOL TopSpeed Monitor

InternalName : AOL TopSpeed Monitor

LegalCopyright : Copyright © 2004 America Online, Inc.

OriginalFilename : aoltsmon.exe

 

#:43 [mnyexpr.exe]

FilePath : C:\Program Files\Microsoft Money\System\

ProcessID : 1924

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 11.00.0716

ProductVersion : 11.00.0716

ProductName : Microsoft Money

CompanyName : Microsoft Corporation

FileDescription : Microsoft Money Express

InternalName : mnyexpr

LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.

OriginalFilename : mnyexpr.exe

 

#:44 [reader_sl.exe]

FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\

ProcessID : 2044

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 7.0.5.2005092300

ProductVersion : 7.0.5.2005092300

ProductName : Adobe Acrobat

CompanyName : Adobe Systems Incorporated

FileDescription : Adobe Acrobat SpeedLauncher

LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.

OriginalFilename : AcroSpeedLaunch.exe

 

#:45 [bttray.exe]

FilePath : C:\Program Files\IBM\Bluetooth Software\

ProcessID : 164

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 1.4.3 Build 4

ProductVersion : 1.4.3 Build 4

ProductName : Bluetooth Software 1.4.3 Build 4

CompanyName : WIDCOMM, Inc.

FileDescription : Bluetooth Tray Application

InternalName : BTTray

LegalCopyright : Copyright WIDCOMM, Inc. 2000-2004.

OriginalFilename : BTTray.exe

 

#:46 [btwdins.exe]

FilePath : C:\Program Files\IBM\Bluetooth Software\bin\

ProcessID : 212

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 1.4.3 Build 4

ProductVersion : 1.4.3 Build 4

ProductName : Bluetooth Software 1.4.3 Build 4

CompanyName : WIDCOMM, Inc.

FileDescription : Bluetooth Support Server

InternalName : BTWDIns

LegalCopyright : Copyright WIDCOMM, Inc. 2000-2004.

OriginalFilename : BTWDIns.EXE

 

#:47 [dlg.exe]

FilePath : C:\Program Files\Digital Line Detect\

ProcessID : 284

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : BVRP Software TestLine

CompanyName : BVRP Software

FileDescription : Digital Line Detection

InternalName : TestLine

LegalCopyright : Copyright © 2003

OriginalFilename : TestLine.exe

 

#:48 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 208

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 2.2.2.008

ProductVersion : 2.2.2.008

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:49 [aoltpspd.exe]

FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\

ProcessID : 632

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed

CompanyName : America Online Inc

FileDescription : AOL TopSpeed

InternalName : AOL TopSpeed Loader

LegalCopyright : Copyright © 2003-2004

LegalTrademarks : AOL TopSpeed

OriginalFilename : aoltpspd.exe

 

#:50 [defwatch.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 740

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

FileVersion : 9.0.3.1000

ProductVersion : 9.0.3.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Virus Definition Daemon

InternalName : DefWatch

LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.

OriginalFilename : DefWatch.exe

 

#:51 [usbshare.exe]

FilePath : C:\Program Files\Belkin\F1U201.401\

ProcessID : 748

ThreadCreationTime : 8-23-2006 6:14:08 PM

BasePriority : Normal

 

 

#:52 [ghosts~2.exe]

FilePath : C:\PROGRA~1\Symantec\NORTON~1\

ProcessID : 1136

ThreadCreationTime : 8-23-2006 6:14:09 PM

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start Service

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartService

LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.

OriginalFilename : GhostStartService.exe

 

#:53 [rpmitray.exe]

FilePath : C:\Program Files\IBM\Rational Portfolio Manager\

ProcessID : 1660

ThreadCreationTime : 8-23-2006 6:14:09 PM

BasePriority : Normal

FileVersion : 6.5.2.56

ProductVersion : 6.1.1.5

CompanyName : IBM Corp.

 

#:54 [ntmulti.exe]

FilePath : C:\notes\

ProcessID : 2364

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 7.0.00.5226

ProductVersion : 7.0.00.5226

ProductName : IBM Lotus Notes/Domino

CompanyName : IBM Corp

FileDescription : IBM Lotus Notes/Domino

InternalName : L-GHUS-5RWNHM,L-GHUS-5RWNFH

LegalCopyright : © copyright IBM Corp. 1987, 2005 All Rights Reserved.

LegalTrademarks : Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule contract with IBM Corp.

 

#:55 [netcfgsv.exe]

FilePath : C:\PROGRA~1\AT&TNE~1\

ProcessID : 2384

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 5.09.2

ProductVersion : 5.09.2

ProductName : NetCfgSvr Module

CompanyName : AT&T

FileDescription : Network configuration service

InternalName : NetCfgSvr

LegalCopyright : Copyright © 2003 AT&T. All Rights Reserved.

OriginalFilename : NetCfgSvr.EXE

 

#:56 [oscmutilityservice.exe]

FilePath : C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\

ProcessID : 2412

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 29

ProductVersion : 2, 0, 0, 0

ProductName : OSCM

CompanyName : Sprint Spectrum, L.L.C

FileDescription : OSCM2Vision

InternalName : OSCMUtilityService

LegalCopyright : Copyright © 2003

OriginalFilename : OSCMUtilityService.exe

Comments : OSCM Utility Service

 

#:57 [qconsvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2512

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 3, 7, 1, 0

ProductVersion : 3, 7, 1, 0

ProductName : IBM ThinkPad Utility

CompanyName : IBM Corp.

FileDescription : IBM Access Connections - Service Component.

InternalName : QConSvc

LegalCopyright : Copyright © IBM Corp. 2001, 2005

OriginalFilename : QConSvc.Exe

Comments : IBM Access Connections Component.

 

#:58 [savroam.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 2672

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 9.0.3.1000

ProductVersion : 9.0.3.1000

ProductName : Symantec SAVRoam

CompanyName : symantec

FileDescription : SAVRoam

InternalName : SAVRoam

LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SAVRoam.exe

 

#:59 [smagent.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 2788

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

 

#:60 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2888

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:61 [rtvscan.exe]

FilePath : C:\Program Files\Symantec AntiVirus\

ProcessID : 2972

ThreadCreationTime : 8-23-2006 6:14:18 PM

BasePriority : Normal

FileVersion : 9.0.3.1000

ProductVersion : 9.0.3.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

 

#:62 [tphdexlg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3116

ThreadCreationTime : 8-23-2006 6:14:19 PM

BasePriority : Normal

FileVersion : 1.0.0.1

ProductVersion : 1.30.0.0

ProductName : IBM Active Protection System

CompanyName : IBM Corporation

FileDescription : IBM Active Protection System - HDD Logger Module

InternalName : TPHDEXLG

LegalCopyright : © Copyright IBM Corp. 2004. All rights reserved.

LegalTrademarks : IBM Corporation

OriginalFilename : TPHDEXLG.exe

Comments : IBM Active Protection System - HDD Logger Module

 

#:63 [tpkmpsvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3144

ThreadCreationTime : 8-23-2006 6:14:19 PM

BasePriority : Normal

 

 

#:64 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3240

ThreadCreationTime : 8-23-2006 6:14:19 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:65 [vsmon.exe]

FilePath : C:\WINDOWS\system32\ZoneLabs\

ProcessID : 3688

ThreadCreationTime : 8-23-2006 6:14:22 PM

BasePriority : Normal

FileVersion : 6.0.202.000

ProductVersion : 6.0.202.000

ProductName : TrueVector Service

CompanyName : Check Point Inc.

FileDescription : TrueVector Service

InternalName : vsmon

LegalCopyright : Copyright © 1998-2005, Check Point Inc.

OriginalFilename : vsmon.exe

 

#:66 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3832

ThreadCreationTime : 8-23-2006 6:14:22 PM

BasePriority : Normal

FileVersion : 2.2.2.008

ProductVersion : 2.2.2.008

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:67 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 2560

ThreadCreationTime : 8-23-2006 6:14:25 PM

BasePriority : Normal

FileVersion : 4.7.1.30

ProductVersion : 4.7.1.30

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:68 [wmiprvse.exe]

FilePath : C:\WINDOWS\System32\wbem\

ProcessID : 2596

ThreadCreationTime : 8-23-2006 6:14:25 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:69 [acs.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2884

ThreadCreationTime : 8-23-2006 6:14:27 PM

BasePriority : Normal

 

 

#:70 [issimsvc.exe]

FilePath : c:\sdwork\

ProcessID : 3284

ThreadCreationTime : 8-23-2006 6:14:27 PM

BasePriority : Normal

FileVersion : 2.11

ProductVersion : 2.11

CompanyName : IBM Global Services

FileDescription : ISSI EZUpdate Service

InternalName : ISSIMSVC

LegalCopyright : © IBM Global Services, 2001, 2005

Comments : Written by: Operating Systems Platforms

 

#:71 [c4ebreg.exe]

FilePath : C:\Program Files\c4ebreg\

ProcessID : 3360

ThreadCreationTime : 8-23-2006 6:14:28 PM

BasePriority : Normal

FileVersion : 6.10

ProductVersion : 6.10

CompanyName : IBM Global Services

FileDescription : IBM Standard Asset Manager Service

InternalName : C4EBREG

LegalCopyright : © IBM Global Services, 2000, 2006

Comments : Written by: Operating Systems Platforms

 

#:72 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1604

ThreadCreationTime : 8-23-2006 6:14:39 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:73 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3680

ThreadCreationTime : 8-23-2006 6:15:08 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:74 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 560

ThreadCreationTime : 8-23-2006 6:16:41 PM

BasePriority : Normal

FileVersion : 6.2.0.237

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Trusted zone presumably compromised : media-motor.net

 

Possible Browser Hijack attempt Object Recognized!

Type : Regkey

Data :

TAC Rating : 0

Category : Vulnerability

Comment : Trusted zone presumably compromised : media-motor.net

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 10

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 10

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 10

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 10

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 10

 

1:45:29 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:28:33.694

Objects scanned:318161

Objects identified:1

Objects ignored:0

New critical objects:1

 

 

Please help and Thank you

Share this post


Link to post
Share on other sites

Hi ,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

Are you still needing help?

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

If you still need help we need two things:

 

1. Your Adaware Scan log with the latest reference file update.

 

Please make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R121 28.08.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan"

and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

...............

2. A diagnostic log from this free tool called HijackThis

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

Share this post


Link to post
Share on other sites

No reponse from the original poster in over a month. I'll go ahead and archive this topic in the "Resolved" section (read only)

 

If you should have any further issues, please feel free to post a new topic.

Share this post


Link to post
Share on other sites
Sign in to follow this