Help - Search - Members - Calendar
Full Version: I cannot REMOVE "Adware Agent" registry key
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
joey5o4
Dec 12 2007, 09:23 PM
hi everyone, there seems to be a problem.
my ad-aware se scanner detects and deletes the registry key "Adware Agent" but it seems to keep coming back and being redetected everytime i scan i TAGAin.is there anything i can do to permenately remove it?

not sure if you need it but this is my logfile


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, December 12, 2007 3:40:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R208 10.12.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Agent(TAC index:5):1 total references
MRU List(TAC index:0):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


12-12-2007 3:40:57 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [taskeng.exe]
FilePath : C:\Windows\system32\
ProcessID : 3104
ThreadCreationTime : 12-12-2007 9:13:43 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskEng
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskeng.exe.mui

#:2 [dwm.exe]
FilePath : C:\Windows\system32\
ProcessID : 1280
ThreadCreationTime : 12-12-2007 9:13:43 AM
BasePriority : High
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Desktop Window Manager
InternalName : dwm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dwm.exe.mui

#:3 [explorer.exe]
FilePath : C:\Windows\
ProcessID : 3308
ThreadCreationTime : 12-12-2007 9:13:43 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE.MUI

#:4 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2272
ThreadCreationTime : 12-12-2007 9:13:49 AM
BasePriority : Normal
FileVersion : 1.1.1505.0
ProductVersion : 1.1.1505.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:5 [tscfplatformcomsvr.exe]
FilePath : C:\Program Files\Trend Micro\TrendSecure\
ProcessID : 3304
ThreadCreationTime : 12-12-2007 9:13:50 AM
BasePriority : Normal
FileVersion : 1.0.0.1205
ProductVersion : 1.0
ProductName : TrendSecure Common Platform
CompanyName : Trend Micro Inc.
FileDescription : TSCFPlatformCOMSvr
InternalName : TSCFPlatformCOMSvr.exe
LegalCopyright : Copyright © 2007 Trend Micro Incorporated. All rights reserved.
OriginalFilename : TSCFPlatformCOMSvr.exe

#:6 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 3748
ThreadCreationTime : 12-12-2007 9:13:50 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI

#:7 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 3768
ThreadCreationTime : 12-12-2007 9:13:51 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI

#:8 [vprotray.exe]
FilePath : C:\Program Files\Norton Ghost\Agent\
ProcessID : 3592
ThreadCreationTime : 12-12-2007 9:13:51 AM
BasePriority : Normal
FileVersion : 12.0.0.20352
ProductVersion : 12.0
ProductName : Norton Ghost
CompanyName : Symantec Corporation
FileDescription : Tray Application
InternalName : VProTray
LegalCopyright : Copyright © 1994-2007 Symantec Corporation. All rights reserved.
OriginalFilename : VProTray.exe

#:9 [lxddmon.exe]
FilePath : C:\Program Files\Lexmark 2500 Series\
ProcessID : 3604
ThreadCreationTime : 12-12-2007 9:13:51 AM
BasePriority : Normal
FileVersion : 0.1.25.0
FileDescription : Device Monitor

#:10 [lxddamon.exe]
FilePath : C:\Program Files\Lexmark 2500 Series\
ProcessID : 3004
ThreadCreationTime : 12-12-2007 9:13:51 AM
BasePriority : Normal


#:11 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 3744
ThreadCreationTime : 12-12-2007 9:14:04 AM
BasePriority : Normal
FileVersion : 7.00.2406
ProductVersion : 7.00.2406
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2006
OriginalFilename : PDVDSERV.EXE

#:12 [roxwatchtray10.exe]
FilePath : C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\
ProcessID : 4076
ThreadCreationTime : 12-12-2007 9:14:09 AM
BasePriority : Normal
FileVersion : 10.0.1.15
ProductVersion : 10.0.1.15
ProductName : CommonSDK
CompanyName : Sonic Solutions
FileDescription : RoxMMTrayApp Module
LegalCopyright : Copyright © 1994-2005 Sonic Solutions
OriginalFilename : RoxMMTrayApp.exe

#:13 [dmxlauncher.exe]
FilePath : C:\Program Files\Roxio\CinePlayer\
ProcessID : 1040
ThreadCreationTime : 12-12-2007 9:14:10 AM
BasePriority : Normal


#:14 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3764
ThreadCreationTime : 12-12-2007 9:14:10 AM
BasePriority : Normal
FileVersion : 5.5.709.30344
ProductVersion : 5.5.709.30344
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-07 Google. All Rights Reserved.

#:15 [groovemonitor.exe]
FilePath : C:\Program Files\Microsoft Office\Office12\
ProcessID : 2264
ThreadCreationTime : 12-12-2007 9:14:10 AM
BasePriority : Normal


#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_03\bin\
ProcessID : 4044
ThreadCreationTime : 12-12-2007 9:14:11 AM
BasePriority : Normal


#:17 [ufseagnt.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 896
ThreadCreationTime : 12-12-2007 9:14:11 AM
BasePriority : Normal
FileVersion : 16.0.0.1412
ProductVersion : 16.0.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Inc.
FileDescription : Trend Micro Server Agent
InternalName : UfSeAgnt
LegalCopyright : Copyright © 1995-2008 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : UfSeAgnt.exe

#:18 [rthdvcpl.exe]
FilePath : C:\Windows\
ProcessID : 1100
ThreadCreationTime : 12-12-2007 9:14:19 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 106
ProductVersion : 1, 0, 0, 106
ProductName : HD Audio Control Panel
CompanyName : Realtek Semiconductor
FileDescription : HD Audio Control Panel
InternalName : RtHDVCpl.exe
LegalCopyright : 2006 © Realtek Semiconductor. All rights reserved.
OriginalFilename : RtHDVCpl.exe

#:19 [sidebar.exe]
FilePath : C:\Program Files\Windows Sidebar\
ProcessID : 4108
ThreadCreationTime : 12-12-2007 9:14:20 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 1.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI

#:20 [searchprotection.exe]
FilePath : C:\Program Files\Yahoo!\Search Protection\
ProcessID : 4136
ThreadCreationTime : 12-12-2007 9:14:21 AM
BasePriority : Normal
FileVersion : 2007, 6, 8, 1
ProductVersion : 1, 2, 0, 0
ProductName : Search Protection
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Application
InternalName : Y! SP
LegalCopyright : Yahoo! Copyright © 2006-2007
OriginalFilename : ysp.exe
Comments : Search Protection

#:21 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Nero\Lib\
ProcessID : 4144
ThreadCreationTime : 12-12-2007 9:14:21 AM
BasePriority : Normal


#:22 [flmain.exe]
FilePath : C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\
ProcessID : 4172
ThreadCreationTime : 12-12-2007 9:14:22 AM
BasePriority : Normal
FileVersion : 3.0.0.1199
ProductVersion : 3.0
ProductName : TrendSecure Remote File Lock
CompanyName : Trend Micro Inc.
FileDescription : Trend Micro TrendSecure
InternalName : FLMain.exe
LegalCopyright : Copyright © 2007 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : TrendSecure is a registered trademark of Trend Micro Incorporated.
OriginalFilename : FLMain.exe

#:23 [tmas_oemon.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\TMAS_OE\
ProcessID : 4180
ThreadCreationTime : 12-12-2007 9:14:22 AM
BasePriority : Normal
FileVersion : 5.0.0.1128
ProductVersion : 5.0
ProductName : Trend Micro Anti-Spam
CompanyName : Trend Micro Inc.
FileDescription : Trend Micro Anti-Spam Toolbar
InternalName : TMAS_OEMon
LegalCopyright : Copyright © 2004-2007 Trend Micro Incorporated. All rights reserved.
OriginalFilename : TMAS_OEMon.EXE

#:24 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 4188
ThreadCreationTime : 12-12-2007 9:14:22 AM
BasePriority : Normal
FileVersion : 2.2.969.23408.beta
ProductVersion : 2.2.969.23408.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater

#:25 [onenotem.exe]
FilePath : C:\Program Files\Microsoft Office\Office12\
ProcessID : 4416
ThreadCreationTime : 12-12-2007 9:14:25 AM
BasePriority : Normal


#:26 [stripsaver2.exe]
FilePath : C:\Program Files\StripSaver2\
ProcessID : 4444
ThreadCreationTime : 12-12-2007 9:14:25 AM
BasePriority : Normal


#:27 [vghd.exe]
FilePath : C:\Program Files\vghd\
ProcessID : 4452
ThreadCreationTime : 12-12-2007 9:14:26 AM
BasePriority : Normal


#:28 [virtuagirl2.exe]
FilePath : C:\Program Files\Vg\
ProcessID : 4460
ThreadCreationTime : 12-12-2007 9:14:26 AM
BasePriority : Normal


#:29 [virtuagirl_downloader.exe]
FilePath : C:\Program Files\vghd\
ProcessID : 4784
ThreadCreationTime : 12-12-2007 9:14:36 AM
BasePriority : Normal


#:30 [nmindexstoresvr.exe]
FilePath : C:\Program Files\Common Files\Nero\Lib\
ProcessID : 4944
ThreadCreationTime : 12-12-2007 9:14:38 AM
BasePriority : Normal


#:31 [tscfcommander.exe]
FilePath : C:\Program Files\Trend Micro\TrendSecure\
ProcessID : 6096
ThreadCreationTime : 12-12-2007 9:15:24 AM
BasePriority : Normal
FileVersion : 1.0.0.1205
ProductVersion : 1.0
ProductName : TrendSecure Common Platform
CompanyName : Trend Micro Inc.
FileDescription : TSCFCommander
InternalName : TSCFCommander
LegalCopyright : Copyright © 2007 Trend Micro Incorporated. All rights reserved.
OriginalFilename : TSCFCommander.exe

#:32 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 6116
ThreadCreationTime : 12-12-2007 9:15:27 AM
BasePriority : Normal
FileVersion : 5.5.709.30344
ProductVersion : 5.5.709.30344
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-07 Google. All Rights Reserved.

#:33 [cpshelprunner10.exe]
FilePath : C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\
ProcessID : 1436
ThreadCreationTime : 12-12-2007 9:15:36 AM
BasePriority : Normal
FileVersion : 10.0.1.15
ProductVersion : 10.0.1.15
ProductName : CommonSDK
CompanyName : Sonic Solutions
FileDescription : ROXHelpRunner Module
LegalCopyright : Copyright © 1994-2005 Sonic Solutions
LegalTrademarks : Roxio PhotoSuite, the PhotoSuite logo and the Roxio logo are registered trademarks or trademarks of Roxio Inc.

#:34 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 4728
ThreadCreationTime : 12-12-2007 9:15:36 AM
BasePriority : Normal
FileVersion : 8,1,0,0
ProductVersion : 8,1,0,0
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger Tray
LegalCopyright : © 1998-2007 Yahoo! Inc. All rights reserved.

#:35 [hschkproxyexe.exe]
FilePath : C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\
ProcessID : 5924
ThreadCreationTime : 12-12-2007 2:01:50 PM
BasePriority : Normal
FileVersion : 1.0.0.1231
ProductVersion : 1.0
ProductName : TrendSecure Transaction Guard Plus
CompanyName : Trend Micro Inc.
FileDescription : Trend Micro TrendSecure
InternalName : HSChkPro
LegalCopyright : Copyright © 2007 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : TrendSecure is a registered trademark of Trend Micro Incorporated.
OriginalFilename : HSChkPro.exe

#:36 [service.exe]
FilePath : C:\Windows\System32\
ProcessID : 5416
ThreadCreationTime : 12-12-2007 9:14:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : M i r a r ErrorDnsTest
CompanyName : M i r a r
FileDescription : ErrorDnsTest
LegalCopyright : Copyright ? 2007

#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 672
ThreadCreationTime : 12-12-2007 9:34:50 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [ieuser.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3316
ThreadCreationTime : 12-12-2007 9:35:37 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : ieuser.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ieuser.exe.mui

#:39 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2504
ThreadCreationTime : 12-12-2007 9:35:37 PM
BasePriority : Normal
FileVersion : 7.00.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 7.00.6000.16386
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE.MUI

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Deep scanning and examining files (I:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
3:49:30 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:33.415
Objects scanned:176494
Objects identified:1
Objects ignored:0
New critical objects:1

LS CalamityJane
Dec 13 2007, 08:24 PM
It could be having a problem removing that key if you have any browsers open.

Try closing all browsers when you scan and remove, then reboot the computer. Scan again.

Let me know if that resolves the problem?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.