Jump to content


Photo

I can't remove hijack and add pop ups


  • Please log in to reply
3 replies to this topic

#1 Bill721

Bill721

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 23 August 2006 - 07:53 PM

Everytime I restart I and run Ad-Aware 1.06r1. I get the same errors found. 1 object recognized. 1 New Critical Objects and 1 Registry Keys Identified. If I run Ad-Aware a second time they are gone so they are gettin erased, however, when I restart they are back.

The startup senario is:
Even before the network starts IE opens with this address http://iesettingsupdate/

Then a new window opens and: http://pop.uskyonlin...;rand=0.8932263

Then this error window opens: vsg21 I get-runtime error '35756'

Then this popup shows up with an address bar that can't be changed: http://search.travel...ravel-Microsoft Internet Explorer

The after that any time it feels like another sales pitch IE window will open up with a different sales pitch.
No way of knowing when.

Here is a copy of the scan file:


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 23, 2006 1:16:56 PM
Using definitions file:SE1R119 15.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


8-23-2006 1:16:56 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4149289120-1709162666-557728558-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 868
ThreadCreationTime : 8-23-2006 6:13:55 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 8-23-2006 6:13:56 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 8-23-2006 6:13:57 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 8-23-2006 6:13:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 8-23-2006 6:13:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal


#:7 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1532
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 8-23-2006 6:13:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1880
ThreadCreationTime : 8-23-2006 6:13:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 8-23-2006 6:13:59 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 8-23-2006 6:13:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 8-23-2006 6:13:59 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 248
ThreadCreationTime : 8-23-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 764
ThreadCreationTime : 8-23-2006 6:14:04 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [tpam.exe]
FilePath : C:\Program Files\IBM\Personal Communications\
ProcessID : 884
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal


#:19 [tphkmgr.exe]
FilePath : C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\
ProcessID : 896
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Above Normal


#:20 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 900
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 7.5.17.13 08Nov04
ProductVersion : 7.5.17.13 08Nov04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:21 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 960
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 7.5.17.13 08Nov04
ProductVersion : 7.5.17.13 08Nov04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:22 [tponscr.exe]
FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY\
ProcessID : 1064
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal


#:23 [tpscrex.exe]
FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\
ProcessID : 1072
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 1.14
ProductVersion : 1.14
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright © IBM Corp. 2000,2005
OriginalFilename : TpScrEx.exe

#:24 [tpshocks.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1344
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : n/a TpShocks
CompanyName : IBM Corp.
FileDescription : IBM Active Protection System
InternalName : TpShocks
LegalCopyright : Copyright © IBM Corp. 2003-2005
OriginalFilename : TpShocks.exe

#:25 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 1368
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 1.04.07a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1384
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:27 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1392
ThreadCreationTime : 8-23-2006 6:14:06 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1412
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:29 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1464
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:30 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 1476
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
LegalCopyright : Copyright © IBM Corp. 2001, 2005
OriginalFilename : QCWLIcon.exe
Comments : IBM Access Connections Component.

#:31 [isamtray.exe]
FilePath : C:\Program Files\c4ebreg\
ProcessID : 1484
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 6.10
ProductVersion : 6.10
CompanyName : IBM Global Services
FileDescription : IBM Standard Asset Manager GUI
InternalName : ISAMTRAY
LegalCopyright : © IBM Global Services, 2005, 2006
Comments : Written by: Operating Systems Platforms

#:32 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 1492
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal


#:33 [qctray.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 1500
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Taskbar Application.
InternalName : QCTray
LegalCopyright : Copyright © IBM Corp. 2001, 2005
OriginalFilename : QCTray.exe
Comments : IBM Access Connections Component.

#:34 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 1520
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : High
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:35 [lxbfbmgr.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1572
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:36 [iclient.exe]
FilePath : C:\Program Files\Zone Labs\Integrity Client\
ProcessID : 1648
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 6.0.202.000
ProductVersion : 6.0.202.000
ProductName : Integrity Client
CompanyName : Check Point Inc.
FileDescription : Integrity Client
InternalName : iclient
LegalCopyright : Copyright © 1998-2005, Check Point Inc.
OriginalFilename : iclient.exe

#:37 [thiselt.exe]
FilePath : C:\WINDOWS\
ProcessID : 1700
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
InternalName : this2elt
OriginalFilename : this2elt.exe

#:38 [lxbfbmon.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1716
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:39 [win32072141556127.exe]
FilePath : C:\WINDOWS\
ProcessID : 1732
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 1.00.0020
ProductVersion : 1.00.0020
ProductName : vSg21
InternalName : vSg20-e
OriginalFilename : vSg20-e.exe

#:40 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1740
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:41 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1808
ThreadCreationTime : 8-23-2006 6:14:07 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:42 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1868
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:43 [mnyexpr.exe]
FilePath : C:\Program Files\Microsoft Money\System\
ProcessID : 1924
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 11.00.0716
ProductVersion : 11.00.0716
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : mnyexpr
LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
OriginalFilename : mnyexpr.exe

#:44 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 2044
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe

#:45 [bttray.exe]
FilePath : C:\Program Files\IBM\Bluetooth Software\
ProcessID : 164
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 1.4.3 Build 4
ProductVersion : 1.4.3 Build 4
ProductName : Bluetooth Software 1.4.3 Build 4
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2004.
OriginalFilename : BTTray.exe

#:46 [btwdins.exe]
FilePath : C:\Program Files\IBM\Bluetooth Software\bin\
ProcessID : 212
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 1.4.3 Build 4
ProductVersion : 1.4.3 Build 4
ProductName : Bluetooth Software 1.4.3 Build 4
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2004.
OriginalFilename : BTWDIns.EXE

#:47 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 284
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:48 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 208
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 2.2.2.008
ProductVersion : 2.2.2.008
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:49 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 632
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:50 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 740
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:51 [usbshare.exe]
FilePath : C:\Program Files\Belkin\F1U201.401\
ProcessID : 748
ThreadCreationTime : 8-23-2006 6:14:08 PM
BasePriority : Normal


#:52 [ghosts~2.exe]
FilePath : C:\PROGRA~1\Symantec\NORTON~1\
ProcessID : 1136
ThreadCreationTime : 8-23-2006 6:14:09 PM
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:53 [rpmitray.exe]
FilePath : C:\Program Files\IBM\Rational Portfolio Manager\
ProcessID : 1660
ThreadCreationTime : 8-23-2006 6:14:09 PM
BasePriority : Normal
FileVersion : 6.5.2.56
ProductVersion : 6.1.1.5
CompanyName : IBM Corp.

#:54 [ntmulti.exe]
FilePath : C:\notes\
ProcessID : 2364
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 7.0.00.5226
ProductVersion : 7.0.00.5226
ProductName : IBM Lotus Notes/Domino
CompanyName : IBM Corp
FileDescription : IBM Lotus Notes/Domino
InternalName : L-GHUS-5RWNHM,L-GHUS-5RWNFH
LegalCopyright : © copyright IBM Corp. 1987, 2005 All Rights Reserved.
LegalTrademarks : Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule contract with IBM Corp.

#:55 [netcfgsv.exe]
FilePath : C:\PROGRA~1\AT&TNE~1\
ProcessID : 2384
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 5.09.2
ProductVersion : 5.09.2
ProductName : NetCfgSvr Module
CompanyName : AT&T
FileDescription : Network configuration service
InternalName : NetCfgSvr
LegalCopyright : Copyright © 2003 AT&T. All Rights Reserved.
OriginalFilename : NetCfgSvr.EXE

#:56 [oscmutilityservice.exe]
FilePath : C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\
ProcessID : 2412
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 29
ProductVersion : 2, 0, 0, 0
ProductName : OSCM
CompanyName : Sprint Spectrum, L.L.C
FileDescription : OSCM2Vision
InternalName : OSCMUtilityService
LegalCopyright : Copyright © 2003
OriginalFilename : OSCMUtilityService.exe
Comments : OSCM Utility Service

#:57 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2512
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
LegalCopyright : Copyright © IBM Corp. 2001, 2005
OriginalFilename : QConSvc.Exe
Comments : IBM Access Connections Component.

#:58 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 2672
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:59 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2788
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:60 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2888
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:61 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 2972
ThreadCreationTime : 8-23-2006 6:14:18 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:62 [tphdexlg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3116
ThreadCreationTime : 8-23-2006 6:14:19 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.30.0.0
ProductName : IBM Active Protection System
CompanyName : IBM Corporation
FileDescription : IBM Active Protection System - HDD Logger Module
InternalName : TPHDEXLG
LegalCopyright : © Copyright IBM Corp. 2004. All rights reserved.
LegalTrademarks : IBM Corporation
OriginalFilename : TPHDEXLG.exe
Comments : IBM Active Protection System - HDD Logger Module

#:63 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3144
ThreadCreationTime : 8-23-2006 6:14:19 PM
BasePriority : Normal


#:64 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3240
ThreadCreationTime : 8-23-2006 6:14:19 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:65 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 3688
ThreadCreationTime : 8-23-2006 6:14:22 PM
BasePriority : Normal
FileVersion : 6.0.202.000
ProductVersion : 6.0.202.000
ProductName : TrueVector Service
CompanyName : Check Point Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Check Point Inc.
OriginalFilename : vsmon.exe

#:66 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3832
ThreadCreationTime : 8-23-2006 6:14:22 PM
BasePriority : Normal
FileVersion : 2.2.2.008
ProductVersion : 2.2.2.008
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:67 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2560
ThreadCreationTime : 8-23-2006 6:14:25 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:68 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2596
ThreadCreationTime : 8-23-2006 6:14:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:69 [acs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2884
ThreadCreationTime : 8-23-2006 6:14:27 PM
BasePriority : Normal


#:70 [issimsvc.exe]
FilePath : c:\sdwork\
ProcessID : 3284
ThreadCreationTime : 8-23-2006 6:14:27 PM
BasePriority : Normal
FileVersion : 2.11
ProductVersion : 2.11
CompanyName : IBM Global Services
FileDescription : ISSI EZUpdate Service
InternalName : ISSIMSVC
LegalCopyright : © IBM Global Services, 2001, 2005
Comments : Written by: Operating Systems Platforms

#:71 [c4ebreg.exe]
FilePath : C:\Program Files\c4ebreg\
ProcessID : 3360
ThreadCreationTime : 8-23-2006 6:14:28 PM
BasePriority : Normal
FileVersion : 6.10
ProductVersion : 6.10
CompanyName : IBM Global Services
FileDescription : IBM Standard Asset Manager Service
InternalName : C4EBREG
LegalCopyright : © IBM Global Services, 2000, 2006
Comments : Written by: Operating Systems Platforms

#:72 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1604
ThreadCreationTime : 8-23-2006 6:14:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:73 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3680
ThreadCreationTime : 8-23-2006 6:15:08 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:74 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 560
ThreadCreationTime : 8-23-2006 6:16:41 PM
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : media-motor.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 0
Category : Vulnerability
Comment : Trusted zone presumably compromised : media-motor.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 10




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

1:45:29 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:33.694
Objects scanned:318161
Objects identified:1
Objects ignored:0
New critical objects:1


Please help and Thank you

#2 Bill721

Bill721

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 23 August 2006 - 08:22 PM

The pop ups do continue even after I've run Ad-aware. I just got one.....fyi

#3 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 29 August 2006 - 12:54 AM

Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

If you still need help we need two things:

1. Your Adaware Scan log with the latest reference file update.

Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R121 28.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A diagnostic log from this free tool called HijackThis
Instructions on creating a HijackThis Log
http://www.lavasofts...p?showtopic=216
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#4 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 02 October 2006 - 01:02 AM

No reponse from the original poster in over a month. I'll go ahead and archive this topic in the "Resolved" section (read only)

If you should have any further issues, please feel free to post a new topic.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users