keep reseting themselves . . .

anyway here's the ad aware log
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 03, 2005 12:11:42 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):26 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R52 30.06.2005
Internal build : 60
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 485588 Bytes
Total size : 1468054 Bytes
Signature data size : 1436270 Bytes
Reference data size : 31272 Bytes
Signatures total : 40920
CSI Fingerprints total : 919
CSI data size : 31888 Bytes
Target categories : 15
Target families : 697


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:25 %
Total physical memory:522224 kb
Available physical memory:126960 kb
Total page file size:1278964 kb
Available on page file:897656 kb
Total virtual memory:2097024 kb
Available virtual memory:2032388 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-3-2005 12:11:42 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 588
ThreadCreationTime : 7-3-2005 2:52:46 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 636
ThreadCreationTime : 7-3-2005 2:52:47 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 660
ThreadCreationTime : 7-3-2005 2:52:48 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 704
ThreadCreationTime : 7-3-2005 2:52:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 716
ThreadCreationTime : 7-3-2005 2:52:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 896
ThreadCreationTime : 7-3-2005 2:52:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 7-3-2005 2:52:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1144
ThreadCreationTime : 7-3-2005 2:52:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1228
ThreadCreationTime : 7-3-2005 2:52:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1340
ThreadCreationTime : 7-3-2005 2:52:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1376
ThreadCreationTime : 7-3-2005 2:52:50 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [netsi.exe]
ModuleName : C:\WINDOWS\netsi.exe
Command Line : C:\WINDOWS\netsi.exe /s
ProcessID : 1520
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal


#:13 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1540
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:14 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 1568
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:15 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1988
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H1568
ProcessID : 200
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 224
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 260
ThreadCreationTime : 7-3-2005 2:52:51 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 924
ThreadCreationTime : 7-3-2005 2:52:55 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1276
ThreadCreationTime : 7-3-2005 2:52:58 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1284
ThreadCreationTime : 7-3-2005 2:52:58 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:22 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 1604
ThreadCreationTime : 7-3-2005 2:52:59 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

#:23 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 1616
ThreadCreationTime : 7-3-2005 2:52:59 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:24 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 1624
ThreadCreationTime : 7-3-2005 2:52:59 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1636
ThreadCreationTime : 7-3-2005 2:52:59 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:26 [winampa.exe]
ModuleName : C:\Program Files\Winamp\winampa.exe
Command Line : "C:\Program Files\Winamp\winampa.exe"
ProcessID : 1724
ThreadCreationTime : 7-3-2005 2:53:00 PM
BasePriority : Normal


#:27 [hpwuschd.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
ProcessID : 1744
ThreadCreationTime : 7-3-2005 2:53:00 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:28 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1816
ThreadCreationTime : 7-3-2005 2:53:00 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:29 [wintr32.exe]
ModuleName : C:\WINDOWS\wintr32.exe
Command Line : "C:\WINDOWS\wintr32.exe"
ProcessID : 1908
ThreadCreationTime : 7-3-2005 2:53:00 PM
BasePriority : Normal


#:30 [aolhos~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\111997~1\EE\AOLHOS~1.EXE
Command Line : C:\PROGRA~1\COMMON~1\AOL\111997~1\EE\AOLHOS~1.EXE -Embedding
ProcessID : 1924
ThreadCreationTime : 7-3-2005 2:53:01 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager Service
InternalName : AOLHostManager
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:31 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2036
ThreadCreationTime : 7-3-2005 2:53:01 PM
BasePriority : Idle
FileVersion : 1.00.0614
ProductVersion : 1.00.0614
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:32 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 400
ThreadCreationTime : 7-3-2005 2:53:01 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:33 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ypager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ypager.exe"
ProcessID : 632
ThreadCreationTime : 7-3-2005 2:53:03 PM
BasePriority : Normal
FileVersion : 6,0,0,1922
ProductVersion : 6,0,0,1922
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2005
OriginalFilename : YPager.exe

#:34 [aolservicehost.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\111997~1\EE\AOLServiceHost.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\111997~1\EE\AOLServiceHost.exe -h defaultGrp
ProcessID : 1076
ThreadCreationTime : 7-3-2005 2:53:03 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLServiceHost Service
InternalName : AOLServiceHost
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:35 [hookdump.exe]
ModuleName : C:\WINDOWS\System32\hookdump.exe
Command Line : "C:\WINDOWS\System32\hookdump.exe"
ProcessID : 232
ThreadCreationTime : 7-3-2005 2:53:05 PM
BasePriority : Normal


#:36 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 1820
ThreadCreationTime : 7-3-2005 2:53:06 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:37 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0\waol.exe
Command Line : "C:\Program Files\America Online 9.0\waol.exe" -b
ProcessID : 2056
ThreadCreationTime : 7-3-2005 2:53:06 PM
BasePriority : Normal


#:38 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2740
ThreadCreationTime : 7-3-2005 2:53:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:39 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 3160
ThreadCreationTime : 7-3-2005 2:53:16 PM
BasePriority : Normal
FileVersion : 1.00.0614
ProductVersion : 1.00.0614
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:40 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1740
ThreadCreationTime : 7-3-2005 2:54:12 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0\shellmon.exe"
ProcessID : 2380
ThreadCreationTime : 7-3-2005 2:54:18 PM
BasePriority : Normal


#:42 [napsterclient-us-3.1.1.4.dat]
ModuleName : C:\Program Files\Napster\NapsterClient-US-3.1.1.4.dat
Command Line : "C:\Program Files\Napster\NapsterClient-US-3.1.1.4.dat"
ProcessID : 2748
ThreadCreationTime : 7-3-2005 2:54:41 PM
BasePriority : Normal
FileVersion : 3, 1, 1, 4
ProductVersion : 3, 1, 1, 4
ProductName : Napster
CompanyName : Napster
FileDescription : Napster
InternalName : Napster
LegalCopyright : Copyright © 2001-2005
OriginalFilename : ClientUI.exe

#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 488
ThreadCreationTime : 7-3-2005 3:58:22 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:44 [cwshredder[1].exe]
ModuleName : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q9S2LVWF\cwshredder[1].exe
Command Line : "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q9S2LVWF\cwshredder[1].exe"
ProcessID : 3268
ThreadCreationTime : 7-3-2005 4:03:07 PM
BasePriority : Normal
FileVersion : 2.15
ProductVersion : 2.15
ProductName : CWShredder
CompanyName : InterMute, Inc.
FileDescription : CWShredder
InternalName : IMShredder.exe
LegalCopyright : InterMute, Inc. All rights reserved.
OriginalFilename : IMShredder.exe

#:45 [gcasservalert.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe" 3CC7FD29-E81F-4F18-A7ED-4C5B9E
ProcessID : 3484
ThreadCreationTime : 7-3-2005 4:10:27 PM
BasePriority : Normal
FileVersion : 1.00.0614
ProductVersion : 1.00.0614
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service User Interface
InternalName : gcasServAlert
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServAlert.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1958367476-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@bbs.napster.com/cgi-bin/
Expires : 7-3-2006 12:04:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@as-us.falkag.net/
Expires : 8-2-2005 12:11:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@casalemedia.com/
Expires : 6-24-2006 8:08:44 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4


CoolWebSearch Object Recognized!
Type : File
Data : A0004813.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004814.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004815.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004816.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004817.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004818.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004819.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004820.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004821.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004822.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : A0004823.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C16500AF-2D73-46EB-BD8A-89DCF34C05ED}\RP20\



CoolWebSearch Object Recognized!
Type : File
Data : vhlrx.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2bf80049-bef2-83db-92e1-1c6760d8f572}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 30

12:18:52 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:10.641
Objects scanned:111475
Objects identified:29
Objects ignored:0
New critical objects:29

DOUBLE POST:

Closed Topic
Duplicat Post