Jump to content


Photo

res:// hijack, need help, heres log


  • This topic is locked This topic is locked
1 reply to this topic

#1 randomguy1127

randomguy1127

    Member

  • New Member
  • Pip
  • 2 posts

Posted 10 July 2004 - 01:07 AM

ok, ive had the res:// random problem for a while now and ive run ad aware but the topic about removing says to post the log, so heres my log, someone PLEASE help me, this thing is killing me!

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, July 10, 2004 1:53:26 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R331 08.07.2004
Internal build : 263
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1300142 Bytes
Signature data size : 1279388 Bytes
Reference data size : 20690 Bytes
Signatures total : 28395
Target categories : 10
Target families : 519

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:58 %
Total physical memory:490992 kb
Available physical memory:284436 kb
Total page file size:756520 kb
Available on page file:643488 kb
Total virtual memory:2097024 kb
Available virtual memory:2056804 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


7-10-2004 1:53:26 AM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-10-2004 5:52:00 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:52:03 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:03 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:45:13 AM
Last modified : 3/31/2003 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:03 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:45:13 AM
Last modified : 3/31/2003 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:04 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 3/31/2003 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:52:04 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 3/31/2003 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:06 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 3/31/2003 12:00:00 PM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-10-2004 5:52:06 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 1/1/2002 5:43:57 AM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 7/17/2003 4:16:38 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-10-2004 5:52:07 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 3/31/2003 12:00:00 PM
Last accessed : 7/10/2004 5:43:19 AM
Last modified : 3/31/2003 12:00:00 PM

#:10 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ThreadCreationTime : 7-10-2004 5:52:14 AM
BasePriority : Normal
FileSize : 1356 KB
FileVersion : 1,0,22,1
ProductVersion : 1,0,22,1
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : acsd
OriginalFilename : acsd.exe
ProductName : AOL Connectivity Service
Created on : 5/3/2004 9:20:58 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 9/16/2003 8:55:36 PM

#:11 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 7-10-2004 5:52:14 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 1/1/2002 5:43:50 AM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 11/15/2002 12:41:26 AM

#:12 [srvany.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:14 AM
BasePriority : Normal
FileSize : 7 KB
Created on : 9/15/2002 3:20:27 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 5/3/2002 8:29:56 AM

#:13 [resetservice.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:17 AM
BasePriority : Normal
FileSize : 5 KB
Created on : 9/15/2002 3:20:27 PM
Last accessed : 7/10/2004 5:45:14 AM
Last modified : 9/11/2002 4:36:32 AM

#:14 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-10-2004 5:52:17 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 5/3/2004 9:21:06 PM
Last accessed : 7/10/2004 5:43:32 AM
Last modified : 8/27/2003 2:27:44 PM

#:15 [ieij.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:52:24 AM
BasePriority : Normal
FileSize : 26 KB
Created on : 6/11/2004 12:05:55 PM
Last accessed : 7/10/2004 5:52:00 AM
Last modified : 6/11/2004 12:05:55 PM

#:16 [mixer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-10-2004 5:52:24 AM
BasePriority : Normal
FileSize : 1400 KB
FileVersion : 1.51
ProductVersion : 1.51
Copyright : Copyright © 1997-2002
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
OriginalFilename : Mixer.EXE
ProductName : Mixer
Created on : 7/2/2004 12:03:52 AM
Last accessed : 7/10/2004 5:52:00 AM
Last modified : 4/29/2002 9:23:52 AM

#:17 [aim.exe]
FilePath : C:\Program Files\AIM\
ThreadCreationTime : 7-10-2004 5:52:24 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.5.3595
ProductVersion : 5.5.3595
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 3/25/2004 1:29:01 AM
Last accessed : 7/10/2004 5:52:27 AM
Last modified : 4/27/2004 10:18:34 PM

#:18 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 7-10-2004 5:53:19 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 7/10/2004 5:15:43 AM
Last accessed : 7/10/2004 5:20:07 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : File
Data : netae32.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileSize : 9 KB
Created on : 7/7/2004 11:28:37 AM
Last accessed : 7/10/2004 5:55:47 AM
Last modified : 7/7/2004 11:28:37 AM



CoolWebSearch Object recognized!
Type : File
Data : addhi.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 89 KB
Created on : 6/16/2004 8:43:14 PM
Last accessed : 7/10/2004 5:55:46 AM
Last modified : 6/16/2004 8:43:14 PM



CoolWebSearch Object recognized!
Type : File
Data : pjbnk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 69 KB
Created on : 6/24/2004 8:05:09 PM
Last accessed : 7/10/2004 5:59:53 AM
Last modified : 6/24/2004 8:05:09 PM



CoolWebSearch Object recognized!
Type : File
Data : sjfgpq.dat
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 89 KB
Created on : 5/25/2004 6:53:19 PM
Last accessed : 7/10/2004 5:59:54 AM
Last modified : 5/25/2004 6:53:19 PM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 4


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA


CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE


CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 3
Objects found so far: 7


1:59:56 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:06:29:297
Objects scanned :77124
Objects identified :7
Objects ignored :0
New objects :7

#2 randomguy1127

randomguy1127

    Member

  • New Member
  • Pip
  • 2 posts

Posted 10 July 2004 - 11:45 AM

anyone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button