Sign in to follow this  
slybo

Possible Browser Hijack by Slybo

Recommended Posts

I did a Ad-Aware scan and it found two objects but I believe they are false positive due to the problems Ad-Aware has had the last week. The first one is in my favorite list and is a the site where I downloaded the SpyHunter program which I believe to be ok. The second is in the windows downloaded program files which I can not find it when I look under windows explorer. I click on the left side of windows explorer on the downloaded program files folder but do not find the file VwrCtl.inf Ad-Aware list, do I have to double click on the files on the right side to find it? I do not know if you are suppose to click on those files. I am going to include my log file for this scan below. PLEASE NOTE on the first item it found where it gives the line C:\Documents and Settings for the problematic URL it included my real first name and my AOL screen name so I replaced the letters with xxxxxx for security reasons. I also ran scans with AVG AntiSpyware, Defender, Avast AntiVirus and found nothing. Also just finish running Rootkit scanners RootkitRevealer, Sophos, and BlackLight and found nothing. Thank You slybo

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, December 08, 2006 10:16:27 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R137 06.12.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt(TAC index:3):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R137 06.12.2006

Internal build : 172

File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 890028 Bytes

Total size : 2901962 Bytes

Signature data size : 2852228 Bytes

Reference data size : 49222 Bytes

Signatures total : 77420

CSI Fingerprints total : 4819

CSI data size : 214044 Bytes

Target categories : 15

Target families : 1010

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:46 %

Total physical memory:523760 kb

Available physical memory:235920 kb

Total page file size:1279560 kb

Available on page file:979444 kb

Total virtual memory:2097024 kb

Available virtual memory:2035104 kb

OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Obtain command line of scanned processes

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

12-8-2006 10:16:27 AM - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

ModuleName : \SystemRoot\System32\smss.exe

Command Line : n/a

ProcessID : 568

ThreadCreationTime : 12-8-2006 8:52:50 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

ModuleName : \??\C:\WINDOWS\system32\csrss.exe

Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh

ProcessID : 616

ThreadCreationTime : 12-8-2006 8:52:51 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

ModuleName : \??\C:\WINDOWS\system32\winlogon.exe

Command Line : winlogon.exe

ProcessID : 640

ThreadCreationTime : 12-8-2006 8:52:51 AM

BasePriority : High

 

 

#:4 [services.exe]

ModuleName : C:\WINDOWS\system32\services.exe

Command Line : C:\WINDOWS\system32\services.exe

ProcessID : 684

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

ModuleName : C:\WINDOWS\system32\lsass.exe

Command Line : C:\WINDOWS\system32\lsass.exe

ProcessID : 696

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch

ProcessID : 848

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k rpcss

ProcessID : 904

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [msmpeng.exe]

ModuleName : C:\Program Files\Windows Defender\MsMpEng.exe

Command Line : "C:\Program Files\Windows Defender\MsMpEng.exe"

ProcessID : 996

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:9 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs

ProcessID : 1040

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService

ProcessID : 1088

ThreadCreationTime : 12-8-2006 8:52:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService

ProcessID : 1204

ThreadCreationTime : 12-8-2006 8:52:53 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [spoolsv.exe]

ModuleName : C:\WINDOWS\system32\spoolsv.exe

Command Line : C:\WINDOWS\system32\spoolsv.exe

ProcessID : 1464

ThreadCreationTime : 12-8-2006 8:52:53 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [explorer.exe]

ModuleName : C:\WINDOWS\Explorer.EXE

Command Line : C:\WINDOWS\Explorer.EXE

ProcessID : 1592

ThreadCreationTime : 12-8-2006 8:52:54 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:14 [nmapp.exe]

ModuleName : C:\Program Files\Pure Networks\Network Magic\nmapp.exe

Command Line : "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun

ProcessID : 1680

ThreadCreationTime : 12-8-2006 8:52:54 AM

BasePriority : Normal

FileVersion : 1.0.2811.1

ProductVersion : 1.0.2811.1

ProductName : AOL Network Magic

CompanyName : Pure Networks, Inc.

FileDescription : AOL Network Magic Application

InternalName : nmapp

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : nmapp.exe

 

#:15 [aolsoftware.exe]

ModuleName : C:\Program Files\Common Files\AOL\1108482776\ee\AOLSoftware.exe

Command Line : "C:\Program Files\Common Files\AOL\1108482776\ee\AOLSoftware.exe"

ProcessID : 1704

ThreadCreationTime : 12-8-2006 8:52:54 AM

BasePriority : Normal

FileVersion : 1.5.3.1

ProductVersion : 1.5.3.1

ProductName : AOL Service Libraries

CompanyName : America Online, Inc.

FileDescription : AOL

InternalName : AOLSoftware

LegalCopyright : © 2006 America Online, Inc.

OriginalFilename : AOLSoftware.exe

 

#:16 [ashdisp.exe]

ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

ProcessID : 1732

ThreadCreationTime : 12-8-2006 8:52:55 AM

BasePriority : Normal

FileVersion : 5, 0, 0, 0

ProductVersion : 5, 0, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! service GUI component

InternalName : aswDisp

LegalCopyright : Copyright © 2006 ALWIL Software

OriginalFilename : aswDisp.exe

 

#:17 [ctfmon.exe]

ModuleName : C:\WINDOWS\system32\ctfmon.exe

Command Line : "C:\WINDOWS\system32\ctfmon.exe"

ProcessID : 1744

ThreadCreationTime : 12-8-2006 8:52:55 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:18 [wmpnscfg.exe]

ModuleName : C:\Program Files\Windows Media Player\WMPNSCFG.exe

Command Line : "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

ProcessID : 1768

ThreadCreationTime : 12-8-2006 8:52:55 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:19 [aolsoftware.exe]

ModuleName : C:\Program Files\Common Files\AOL\1108482776\ee\aolsoftware.exe

Command Line : "C:\Program Files\Common Files\AOL\1108482776\ee\aolsoftware.exe" /h desktopSearchEngine

ProcessID : 152

ThreadCreationTime : 12-8-2006 8:52:57 AM

BasePriority : Normal

FileVersion : 1.5.3.1

ProductVersion : 1.5.3.1

ProductName : AOL Service Libraries

CompanyName : America Online, Inc.

FileDescription : AOL

InternalName : AOLSoftware

LegalCopyright : © 2006 America Online, Inc.

OriginalFilename : AOLSoftware.exe

 

#:20 [aolacsd.exe]

ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"

ProcessID : 352

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

FileVersion : 4.0.0.0

ProductVersion : 4.0.0.0

ProductName : AOL Connectivity Service

CompanyName : America Online

FileDescription : AOL Connectivity Service

InternalName : AOLacsd

LegalCopyright : Copyright © 2004-2005 America Online

OriginalFilename : AOLacsd.exe

 

#:21 [aoltsmon.exe]

ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"

ProcessID : 556

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed Monitor

CompanyName : America Online, Inc

FileDescription : AOL TopSpeed Monitor

InternalName : AOL TopSpeed Monitor

LegalCopyright : Copyright © 2004 America Online, Inc.

OriginalFilename : aoltsmon.exe

 

#:22 [aswupdsv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

ProcessID : 596

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

 

 

#:23 [ashserv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

ProcessID : 764

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

FileVersion : 4, 7, 889, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! antivirus service

InternalName : aswServ

LegalCopyright : Copyright © 2006 ALWIL Software

OriginalFilename : aswServ.exe

 

#:24 [guard.exe]

ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Command Line : "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

ProcessID : 856

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

FileVersion : 7, 5, 0, 47

ProductVersion : 7, 5, 0, 47

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:25 [cdac11ba.exe]

ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE

Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE

ProcessID : 952

ThreadCreationTime : 12-8-2006 8:53:03 AM

BasePriority : Normal

FileVersion : 4.20.0

ProductVersion : 4.20.0 Windows NT 2002/07/15

ProductName : SafeCast Windows NT

CompanyName : Macrovision

FileDescription : Macrovision RTS Service

InternalName : CDANTSRV

LegalCopyright : Copyright © 1998-2002 Macrovision Corp.

OriginalFilename : CDANTSRV.EXE

Comments : StringFileInfo: U.S. English

 

#:26 [aoltpspd.exe]

ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H556 -e1

ProcessID : 992

ThreadCreationTime : 12-8-2006 8:53:04 AM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed

CompanyName : America Online Inc

FileDescription : AOL TopSpeed

InternalName : AOL TopSpeed Loader

LegalCopyright : Copyright © 2003-2004

LegalTrademarks : AOL TopSpeed

OriginalFilename : aoltpspd.exe

 

#:27 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter

ProcessID : 1128

ThreadCreationTime : 12-8-2006 8:53:04 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:28 [nmsrvc.exe]

ModuleName : C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

Command Line : "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"

ProcessID : 1256

ThreadCreationTime : 12-8-2006 8:53:05 AM

BasePriority : Normal

FileVersion : 1.0.2811.1

ProductVersion : 1.0.2811.1

ProductName : AOL Network Magic

CompanyName : Pure Networks, Inc.

FileDescription : Network Magic Service

InternalName : nmsrvc

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : nmsrvc.exe

 

#:29 [pnroutsv.exe]

ModuleName : C:\Program Files\Pure Networks\Router Service\pnroutsv.exe

Command Line : "C:\Program Files\Pure Networks\Router Service\pnroutsv.exe"

ProcessID : 1360

ThreadCreationTime : 12-8-2006 8:53:05 AM

BasePriority : Normal

FileVersion : 1.3.2811.0

ProductVersion : 1.3.2811.0

ProductName : Router Service

CompanyName : Pure Networks, Inc.

FileDescription : Pure Networks Router Service

InternalName : pnroutsv

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : pnroutsv.exe

 

#:30 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc

ProcessID : 1652

ThreadCreationTime : 12-8-2006 8:53:07 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:31 [wanmpsvc.exe]

ModuleName : C:\WINDOWS\wanmpsvc.exe

Command Line : "C:\WINDOWS\wanmpsvc.exe"

ProcessID : 1976

ThreadCreationTime : 12-8-2006 8:53:07 AM

BasePriority : Normal

FileVersion : 9, 0, 0, 0

ProductVersion : 9, 0, 0, 0

ProductName : America Online

CompanyName : America Online, Inc.

FileDescription : Wan Miniport (ATW) Service

InternalName : WanMPSvc

LegalCopyright : Copyright © 2001 America Online, Inc.

OriginalFilename : WanMPSvc.exe

 

#:32 [wmpnetwk.exe]

ModuleName : C:\Program Files\Windows Media Player\WMPNetwk.exe

Command Line : "C:\Program Files\Windows Media Player\WMPNetwk.exe"

ProcessID : 2584

ThreadCreationTime : 12-8-2006 8:53:09 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service

InternalName : Windows Media Player Network Sharing Service

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNetwk.exe

 

#:33 [alg.exe]

ModuleName : C:\WINDOWS\System32\alg.exe

Command Line : C:\WINDOWS\System32\alg.exe

ProcessID : 3608

ThreadCreationTime : 12-8-2006 8:53:14 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:34 [ad-aware.exe]

ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"

ProcessID : 3896

ThreadCreationTime : 12-8-2006 4:15:47 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

 

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : http--www.spywareremove.com-removeSoftwareMicrosoftInternetExplorerExtensionsCmdMappingc95fe0808f5d11d2a20b00aa003c157a.html.url

TAC Rating : 0

Category : Misc

Comment : Problematic URL discovered: http://www.spywareremove.com/removeSoftwar...aa003c157a.html

Object : C:\Documents and Settings\xxxxxxxxx\Favorites\xxxxxx\spyware\

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : VwrCtl.inf

TAC Rating : 3

Category : Malware

Comment : iwantsearch.com hijack

Object : C:\WINDOWS\downloaded program files\

 

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 2

 

10:27:21 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:10:54.16

Objects scanned:182068

Objects identified:2

Objects ignored:0

New critical objects:2

Share this post


Link to post
Share on other sites
Thank you for your input. We will do some research about this and get back to as soon as we know more.

 

LS Stoffe

 

Thanks for your reply. I will be waiting and checking back. slybo

Share this post


Link to post
Share on other sites
Thanks for your reply. I will be waiting and checking back. slybo

 

I just updated to 138 build 174 and got the same results as I first posted. Just to let you know the new defs did not help. I see that people are attaching their log files. I do not know if this is any better or what the forum likes better. I am going to try this and attach the new log to this post. slybo

Edited by slybo

Share this post


Link to post
Share on other sites
I just updated to 138 build 174 and got the same results as I first posted. Just to let you know the new defs did not help. I see that people are attaching their log files. I do not know if this is any better or what the forum likes better. I am going to try this and attach the new log to this post. slybo

 

I went and looked at the attachment and did not know that is how they come out. Looks like to me they are hard to read. Let me know what the forum likes better, to attach or copy and paste in the post. slybo

Share this post


Link to post
Share on other sites

Hi ! I have done some research in this topic now.

 

And the reason we has this url http://www.spywareremove.com/removeSoftwar...aa003c157a.html in detection is that spyhunter was considered as bad a few years ago.

You can read about it on http://spywarewarrior.com/rogue_anti-spyware.htm#sh_note.

 

But this program has now been removed from the bad list as you can see.

 

We will try to fix this problem to the next release

 

Thank You for your report on this

 

Albin Bodahl

 

Lavasoft AB

Share this post


Link to post
Share on other sites

Thank you for that information. I removed my attachment from mylast post because I forgot to remove my personel information. I have edited it and will attach it to this post. You have answered my question about the first item Ad-Aware found but what about the second item as follows

 

 

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : VwrCtl.inf

TAC Rating : 3

Category : Malware

Comment : iwantsearch.com hijack

Object : C:\WINDOWS\downloaded program files\

 

Thanks you for your help and I will be waiting for your reply. slybo

Edited_Ad_Aware_log2006_12_11_09_14_06.txt

Share this post


Link to post
Share on other sites

Good News my problem is over. After reading the information on SpyHunter you gave me I decided to uninstall the program and I also deleted the URL in my favorites to the spywareremove web site. I ran two scans to be sure and both are clean, of course Ad-Aware is not picking up the URL as I have deleted it but Ad-Aware did not find the object VwrCtl.inf in the downloaded program files. I have to assume that SpyHunter was the cause of all my problems. Thank You so much for your help. I am going to paste my log here so you can see. Thanks slybo

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, December 11, 2006 11:51:14 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R138 11.12.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

None

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R138 11.12.2006

Internal build : 174

File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 893549 Bytes

Total size : 2912723 Bytes

Signature data size : 2862989 Bytes

Reference data size : 49222 Bytes

Signatures total : 77690

CSI Fingerprints total : 4852

CSI data size : 216010 Bytes

Target categories : 15

Target families : 1010

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:23 %

Total physical memory:523760 kb

Available physical memory:117744 kb

Total page file size:1279560 kb

Available on page file:999848 kb

Total virtual memory:2097024 kb

Available virtual memory:2035308 kb

OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Obtain command line of scanned processes

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

12-11-2006 11:51:14 AM - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

ModuleName : \SystemRoot\System32\smss.exe

Command Line : n/a

ProcessID : 568

ThreadCreationTime : 12-11-2006 5:28:43 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

ModuleName : \??\C:\WINDOWS\system32\csrss.exe

Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh

ProcessID : 616

ThreadCreationTime : 12-11-2006 5:28:45 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

ModuleName : \??\C:\WINDOWS\system32\winlogon.exe

Command Line : winlogon.exe

ProcessID : 640

ThreadCreationTime : 12-11-2006 5:28:45 PM

BasePriority : High

 

 

#:4 [services.exe]

ModuleName : C:\WINDOWS\system32\services.exe

Command Line : C:\WINDOWS\system32\services.exe

ProcessID : 684

ThreadCreationTime : 12-11-2006 5:28:45 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

ModuleName : C:\WINDOWS\system32\lsass.exe

Command Line : C:\WINDOWS\system32\lsass.exe

ProcessID : 696

ThreadCreationTime : 12-11-2006 5:28:45 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch

ProcessID : 848

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

ModuleName : C:\WINDOWS\system32\svchost.exe

Command Line : C:\WINDOWS\system32\svchost -k rpcss

ProcessID : 908

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [msmpeng.exe]

ModuleName : C:\Program Files\Windows Defender\MsMpEng.exe

Command Line : "C:\Program Files\Windows Defender\MsMpEng.exe"

ProcessID : 1000

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:9 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs

ProcessID : 1044

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService

ProcessID : 1092

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService

ProcessID : 1216

ThreadCreationTime : 12-11-2006 5:28:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [spoolsv.exe]

ModuleName : C:\WINDOWS\system32\spoolsv.exe

Command Line : C:\WINDOWS\system32\spoolsv.exe

ProcessID : 1488

ThreadCreationTime : 12-11-2006 5:28:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [explorer.exe]

ModuleName : C:\WINDOWS\Explorer.EXE

Command Line : C:\WINDOWS\Explorer.EXE

ProcessID : 1616

ThreadCreationTime : 12-11-2006 5:28:47 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:14 [nmapp.exe]

ModuleName : C:\Program Files\Pure Networks\Network Magic\nmapp.exe

Command Line : "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun

ProcessID : 1708

ThreadCreationTime : 12-11-2006 5:28:48 PM

BasePriority : Normal

FileVersion : 1.0.2811.1

ProductVersion : 1.0.2811.1

ProductName : AOL Network Magic

CompanyName : Pure Networks, Inc.

FileDescription : AOL Network Magic Application

InternalName : nmapp

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : nmapp.exe

 

#:15 [aolsoftware.exe]

ModuleName : C:\Program Files\Common Files\AOL\1108482776\ee\AOLSoftware.exe

Command Line : "C:\Program Files\Common Files\AOL\1108482776\ee\AOLSoftware.exe"

ProcessID : 1720

ThreadCreationTime : 12-11-2006 5:28:48 PM

BasePriority : Normal

FileVersion : 1.5.6.1

ProductVersion : 1.5.6.1

ProductName : AOL Service Libraries

CompanyName : America Online, Inc.

FileDescription : AOL

InternalName : AOLSoftware

LegalCopyright : © 2006 America Online, Inc.

OriginalFilename : AOLSoftware.exe

 

#:16 [ashdisp.exe]

ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

ProcessID : 1748

ThreadCreationTime : 12-11-2006 5:28:48 PM

BasePriority : Normal

FileVersion : 5, 0, 0, 0

ProductVersion : 5, 0, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! service GUI component

InternalName : aswDisp

LegalCopyright : Copyright © 2006 ALWIL Software

OriginalFilename : aswDisp.exe

 

#:17 [ctfmon.exe]

ModuleName : C:\WINDOWS\system32\ctfmon.exe

Command Line : "C:\WINDOWS\system32\ctfmon.exe"

ProcessID : 1760

ThreadCreationTime : 12-11-2006 5:28:48 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:18 [wmpnscfg.exe]

ModuleName : C:\Program Files\Windows Media Player\WMPNSCFG.exe

Command Line : "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

ProcessID : 1768

ThreadCreationTime : 12-11-2006 5:28:48 PM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:19 [aolacsd.exe]

ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"

ProcessID : 400

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

 

 

#:20 [aoltsmon.exe]

ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"

ProcessID : 412

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed Monitor

CompanyName : America Online, Inc

FileDescription : AOL TopSpeed Monitor

InternalName : AOL TopSpeed Monitor

LegalCopyright : Copyright © 2004 America Online, Inc.

OriginalFilename : aoltsmon.exe

 

#:21 [aswupdsv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

ProcessID : 452

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

 

 

#:22 [ashserv.exe]

ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe

Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

ProcessID : 468

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

FileVersion : 4, 7, 889, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! antivirus service

InternalName : aswServ

LegalCopyright : Copyright © 2006 ALWIL Software

OriginalFilename : aswServ.exe

 

#:23 [guard.exe]

ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Command Line : "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

ProcessID : 500

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

FileVersion : 7, 5, 0, 47

ProductVersion : 7, 5, 0, 47

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:24 [cdac11ba.exe]

ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE

Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE

ProcessID : 524

ThreadCreationTime : 12-11-2006 5:28:55 PM

BasePriority : Normal

FileVersion : 4.20.0

ProductVersion : 4.20.0 Windows NT 2002/07/15

ProductName : SafeCast Windows NT

CompanyName : Macrovision

FileDescription : Macrovision RTS Service

InternalName : CDANTSRV

LegalCopyright : Copyright © 1998-2002 Macrovision Corp.

OriginalFilename : CDANTSRV.EXE

Comments : StringFileInfo: U.S. English

 

#:25 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter

ProcessID : 608

ThreadCreationTime : 12-11-2006 5:28:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:26 [aoltpspd.exe]

ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H412 -e1

ProcessID : 600

ThreadCreationTime : 12-11-2006 5:28:56 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : AOL TopSpeed

CompanyName : America Online Inc

FileDescription : AOL TopSpeed

InternalName : AOL TopSpeed Loader

LegalCopyright : Copyright © 2003-2004

LegalTrademarks : AOL TopSpeed

OriginalFilename : aoltpspd.exe

 

#:27 [nmsrvc.exe]

ModuleName : C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

Command Line : "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"

ProcessID : 808

ThreadCreationTime : 12-11-2006 5:28:56 PM

BasePriority : Normal

FileVersion : 1.0.2811.1

ProductVersion : 1.0.2811.1

ProductName : AOL Network Magic

CompanyName : Pure Networks, Inc.

FileDescription : Network Magic Service

InternalName : nmsrvc

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : nmsrvc.exe

 

#:28 [pnroutsv.exe]

ModuleName : C:\Program Files\Pure Networks\Router Service\pnroutsv.exe

Command Line : "C:\Program Files\Pure Networks\Router Service\pnroutsv.exe"

ProcessID : 980

ThreadCreationTime : 12-11-2006 5:28:57 PM

BasePriority : Normal

FileVersion : 1.3.2811.0

ProductVersion : 1.3.2811.0

ProductName : Router Service

CompanyName : Pure Networks, Inc.

FileDescription : Pure Networks Router Service

InternalName : pnroutsv

LegalCopyright : Copyright © 2002-2005 Pure Networks. All rights reserved.

OriginalFilename : pnroutsv.exe

 

#:29 [svchost.exe]

ModuleName : C:\WINDOWS\System32\svchost.exe

Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc

ProcessID : 1348

ThreadCreationTime : 12-11-2006 5:28:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:30 [wanmpsvc.exe]

ModuleName : C:\WINDOWS\wanmpsvc.exe

Command Line : "C:\WINDOWS\wanmpsvc.exe"

ProcessID : 1288

ThreadCreationTime : 12-11-2006 5:28:59 PM

BasePriority : Normal

FileVersion : 9, 0, 0, 0

ProductVersion : 9, 0, 0, 0

ProductName : America Online

CompanyName : America Online, Inc.

FileDescription : Wan Miniport (ATW) Service

InternalName : WanMPSvc

LegalCopyright : Copyright © 2001 America Online, Inc.

OriginalFilename : WanMPSvc.exe

 

#:31 [wmpnetwk.exe]

ModuleName : C:\Program Files\Windows Media Player\WMPNetwk.exe

Command Line : "C:\Program Files\Windows Media Player\WMPNetwk.exe"

ProcessID : 2296

ThreadCreationTime : 12-11-2006 5:29:01 PM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service

InternalName : Windows Media Player Network Sharing Service

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNetwk.exe

 

#:32 [aolsoftware.exe]

ModuleName : C:\Program Files\Common Files\AOL\1108482776\ee\aolsoftware.exe

Command Line : "C:\Program Files\Common Files\AOL\1108482776\ee\aolsoftware.exe" /h desktopSearchEngine

ProcessID : 3608

ThreadCreationTime : 12-11-2006 5:29:05 PM

BasePriority : Normal

FileVersion : 1.5.6.1

ProductVersion : 1.5.6.1

ProductName : AOL Service Libraries

CompanyName : America Online, Inc.

FileDescription : AOL

InternalName : AOLSoftware

LegalCopyright : © 2006 America Online, Inc.

OriginalFilename : AOLSoftware.exe

 

#:33 [alg.exe]

ModuleName : C:\WINDOWS\System32\alg.exe

Command Line : C:\WINDOWS\System32\alg.exe

ProcessID : 3736

ThreadCreationTime : 12-11-2006 5:29:06 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:34 [ad-aware.exe]

ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"

ProcessID : 2588

ThreadCreationTime : 12-11-2006 5:51:01 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

12:02:05 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:10:51.610

Objects scanned:184038

Objects identified:0

Objects ignored:0

New critical objects:0

Share this post


Link to post
Share on other sites
Thank you for that information. I removed my attachment from mylast post because I forgot to remove my personel information. I have edited it and will attach it to this post. You have answered my question about the first item Ad-Aware found but what about the second item as follows

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : VwrCtl.inf

TAC Rating : 3

Category : Malware

Comment : iwantsearch.com hijack

Object : C:\WINDOWS\downloaded program files\

 

Thanks you for your help and I will be waiting for your reply. slybo

 

This is a conditional hit , because ad-aware flagged your first url from the possible browser hijacks attempt family it will find all other suspect objects related to this family, so it finds VwrCtl.inf

 

This object is linked with iwantsearch.com which is a really bad homepage and causes alot of popups, so I will recommend you not to visist that site. However we will take a look at this.

 

Thank you for your report.

 

Albin Bodahl

 

Lavasoft Research Team

Share this post


Link to post
Share on other sites
Sign in to follow this