hijacked home page

i have tried everything from adaware,hijack this , browser hijack blaster ,
cws shredder ,antivirus software and even did the step by step guide from one
of the experts(sorry i cant remember youre name)but nothing has fixed my
problem . adaware finds everything i think but it still goes back to the sane
page which is msn search page but with an address
res://ycrm.dll/index.html#35759 and many other addresses of the same content
but with a different res://****.html#35759, i am not sure but i think that
this address is also linked to my problem www.v61.com. here is a log from my
adaware. NOTICE NUMBER TWO!!!
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :13 September 2004 19:53:37
Created with Ad-aware Personal, free for private use.
Using reference-file :01R340 06.09.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


13-09-2004 19:53:37 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 13-09-2004 17:51:25
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 17:51:28
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 17:51:28
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:40
Last accessed : 13/09/2004 18:53:37
Last modified : 04/08/2004 07:56:55

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 17:51:28
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:22
Last accessed : 13/09/2004 18:53:37
Last modified : 04/08/2004 07:56:50

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 17:51:28
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:44
Last accessed : 13/09/2004 17:55:41
Last modified : 04/08/2004 07:56:57

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-09-2004 17:51:29
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:44
Last accessed : 13/09/2004 17:55:41
Last modified : 04/08/2004 07:56:57

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 17:51:31
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:43
Last accessed : 13/09/2004 18:53:37
Last modified : 04/08/2004 07:56:57

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 13-09-2004 17:51:31
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All
rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 13/11/2002 16:44:02
Last accessed : 13/09/2004 18:53:06
Last modified : 13/11/2002 16:44:02

#:9 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 13-09-2004 17:51:31
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All
rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 14/11/2002 19:41:26
Last accessed : 13/09/2004 18:53:07
Last modified : 14/11/2002 19:41:26

#:10 [nisum.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 13-09-2004 17:51:31
BasePriority : Normal
FileSize : 137 KB
FileVersion : 6.02.1015
ProductVersion : 6.02.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All
rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 14/11/2002 19:31:24
Last accessed : 13/09/2004 18:53:37
Last modified : 14/11/2002 19:31:24

#:11 [nkkua]
FilePath : C:\WINDOWS\wiaservc.log:
ThreadCreationTime : 13-09-2004 17:51:32
BasePriority : Normal


#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-09-2004 17:51:35
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 19/09/2002 19:26:44
Last accessed : 13/09/2004 17:55:41
Last modified : 04/08/2004 07:56:57

#:13 [ccpxysvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 13-09-2004 17:51:35
BasePriority : Normal
FileSize : 33 KB
FileVersion : 6.02.1015
ProductVersion : 6.02.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All
rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 14/11/2002 19:30:06
Last accessed : 13/09/2004 18:53:37
Last modified : 14/11/2002 19:30:06

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-09-2004 18:52:31
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 06/08/2004 04:52:07
Last accessed : 13/09/2004 18:52:34
Last modified : 04/08/2004 07:56:49

#:15 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 13-09-2004 18:52:36
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/08/2003 16:07:27
Last accessed : 13/09/2004 18:52:36
Last modified : 05/08/2003 16:07:27

#:16 [soundman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-09-2004 18:52:36
BasePriority : Normal
FileSize : 53 KB
FileVersion : 5.1.00
ProductVersion : 5.1.00
Copyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Realtek Sound Manager
Created on : 21/08/2004 11:28:08
Last accessed : 13/09/2004 18:52:36
Last modified : 21/08/2004 11:28:08

#:17 [sdkss.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-09-2004 18:52:36
BasePriority : Normal
FileSize : 27 KB
Created on : 11/08/2004 03:30:06
Last accessed : 13/09/2004 18:52:36
Last modified : 11/08/2004 03:30:06

#:18 [traycontrol.exe]
FilePath : C:\Program Files\Packard Bell EverSafe\
ThreadCreationTime : 13-09-2004 18:52:37
BasePriority : Normal
FileSize : 744 KB
FileVersion : 4.0
ProductVersion : 4.0
Copyright : Copyright
CompanyName : NovaStor Corporation
FileDescription : Tray Control
InternalName : TRAYCONTROL
OriginalFilename : TrayControl.exe
ProductName : NovaNet-WEB
Created on : 02/01/2004 23:39:37
Last accessed : 13/09/2004 18:52:37
Last modified : 31/07/2002 15:00:36

#:19 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ThreadCreationTime : 13-09-2004 18:52:37
BasePriority : Normal
FileSize : 34 KB
FileVersion : 9.43.75
ProductVersion : 9.43
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 05/08/2003 15:58:13
Last accessed : 13/09/2004 18:52:37
Last modified : 28/01/2002 08:43:00

#:20 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 13-09-2004 18:52:38
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.03.15
ProductVersion : 1.03.15
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All
rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 14/11/2002 19:29:06
Last accessed : 13/09/2004 18:53:08
Last modified : 14/11/2002 19:29:06

#:21 [atiptaxx.exe]
FilePath : C:\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 13-09-2004 18:52:38
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5019
ProductVersion : 6.14.10.5019
Copyright : Copyright (C) 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 05/08/2003 15:58:53
Last accessed : 13/09/2004 18:52:38
Last modified : 19/06/2003 12:31:00

#:22 [aboard.exe]
FilePath : C:\apps\ABoard\
ThreadCreationTime : 13-09-2004 18:52:38
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
Copyright : Copyright (C) 2003
CompanyName : NEC Computers International
FileDescription : Activboard Application
InternalName : Activboard
OriginalFilename : ABoard.exe
ProductName : Activboard Application
Created on : 05/08/2003 16:06:05
Last accessed : 13/09/2004 18:52:39
Last modified : 02/05/2003 10:31:50

#:23 [spykiller.exe]
FilePath : C:\Program Files\SpyKiller\
ThreadCreationTime : 13-09-2004 18:52:41
BasePriority : Normal
FileSize : 261 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : www.spykiller.com
FileDescription : SpyWare/AdWare Remover
InternalName : SpyKiller
OriginalFilename : SpyKiller.exe
ProductName : SpyKiller 2004
Created on : 01/07/2003 06:04:18
Last accessed : 13/09/2004 18:52:41
Last modified : 10/06/2004 06:01:52

#:24 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 13-09-2004 18:52:41
BasePriority : Normal
FileSize : 1628 KB
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
Copyright : Copyright (c) Microsoft Corporation 2004
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14/04/2003 19:05:20
Last accessed : 13/09/2004 17:55:38
Last modified : 04/08/2004 07:56:53

#:25 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ThreadCreationTime : 13-09-2004 18:52:42
BasePriority : Normal
FileSize : 196 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
Copyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
OriginalFilename : QuickDCF.exe
ProductName : FinePixViewer
Created on : 19/05/2004 22:53:05
Last accessed : 13/09/2004 18:52:42
Last modified : 20/12/2002 15:18:40

#:26 [hpohmr08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 13-09-2004 18:52:42
BasePriority : Normal
FileSize : 144 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
OriginalFilename : HPOHMR08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 06/04/2003 01:17:18
Last accessed : 13/09/2004 18:53:37
Last modified : 06/04/2003 01:17:18

#:27 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 13-09-2004 18:52:42
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 06/04/2003 01:06:58
Last accessed : 13/09/2004 18:52:42
Last modified : 06/04/2003 01:06:58

#:28 [aosd.exe]
FilePath : C:\apps\ABoard\
ThreadCreationTime : 13-09-2004 18:52:43
BasePriority : ?
FileSize : 68 KB
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
Copyright : Copyright (C) 2003
CompanyName : NEC Computers International
FileDescription : ActivOSD Application
InternalName : ActivOSD
OriginalFilename : ActivOSD.exe
ProductName : ActivOSD Application
Created on : 05/08/2003 16:06:05
Last accessed : 13/09/2004 18:52:43
Last modified : 02/05/2003 10:31:38

#:29 [calcheck.exe]
FilePath : C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 13-09-2004 18:52:43
BasePriority : Normal
FileSize : 68 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 02/01/2004 22:41:28
Last accessed : 13/09/2004 18:53:37
Last modified : 16/04/2002 16:11:28

#:30 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 13-09-2004 18:52:51
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
OriginalFilename : HPOEVM08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 06/04/2003 00:45:10
Last accessed : 13/09/2004 18:53:02
Last modified : 06/04/2003 00:45:10

#:31 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ThreadCreationTime : 13-09-2004 18:52:56
BasePriority : Normal
FileSize : 304 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
OriginalFilename : HPOSTS08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 06/04/2003 00:55:04
Last accessed : 13/09/2004 18:53:37
Last modified : 06/04/2003 00:55:04

#:32 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 13-09-2004 18:53:31
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 29/07/2004 20:44:08
Last accessed : 13/09/2004 18:22:03
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : File
Data : a0003236.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 07/09/2004 22:17:40
Last accessed : 13/09/2004 18:43:29
Last modified : 07/09/2004 22:17:40

CoolWebSearch Object recognized!
Type : File
Data : a0003237.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 23/08/2004 18:47:20
Last accessed : 13/09/2004 18:43:29
Last modified : 23/08/2004 18:47:20

CoolWebSearch Object recognized!
Type : File
Data : a0003238.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 28/08/2004 18:05:09
Last accessed : 13/09/2004 18:43:29
Last modified : 28/08/2004 18:05:09

CoolWebSearch Object recognized!
Type : File
Data : a0003239.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 31/08/2004 02:37:36
Last accessed : 13/09/2004 18:43:29
Last modified : 31/08/2004 02:37:36

CoolWebSearch Object recognized!
Type : File
Data : a0003244.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 11/08/2004 05:53:47
Last accessed : 13/09/2004 18:43:30
Last modified : 11/08/2004 05:53:47

CoolWebSearch Object recognized!
Type : File
Data : a0003245.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 03/08/2004 19:18:56
Last accessed : 13/09/2004 18:43:30
Last modified : 03/08/2004 19:18:56

CoolWebSearch Object recognized!
Type : File
Data : a0003247.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 14/08/2004 08:38:06
Last accessed : 13/09/2004 18:43:30
Last modified : 14/08/2004 08:38:06

CoolWebSearch Object recognized!
Type : File
Data : a0003248.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 09/08/2004 21:04:51
Last accessed : 13/09/2004 18:43:30
Last modified : 09/08/2004 21:04:51

CoolWebSearch Object recognized!
Type : File
Data : a0003249.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 04/08/2004 05:13:46
Last accessed : 13/09/2004 18:43:30
Last modified : 04/08/2004 05:13:46

CoolWebSearch Object recognized!
Type : File
Data : a0003250.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 26/08/2004 03:08:03
Last accessed : 13/09/2004 18:43:30
Last modified : 26/08/2004 03:08:03

CoolWebSearch Object recognized!
Type : File
Data : a0003251.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 31/08/2004 12:31:24
Last accessed : 13/09/2004 18:43:30
Last modified : 31/08/2004 12:31:24

CoolWebSearch Object recognized!
Type : File
Data : a0003252.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 17/08/2004 17:53:11
Last accessed : 13/09/2004 18:43:30
Last modified : 17/08/2004 17:53:11

CoolWebSearch Object recognized!
Type : File
Data : a0003253.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 06/08/2004 00:44:07
Last accessed : 13/09/2004 18:43:30
Last modified : 06/08/2004 00:44:07

CoolWebSearch Object recognized!
Type : File
Data : a0003254.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 10/09/2004 16:50:23
Last accessed : 13/09/2004 18:43:30
Last modified : 10/09/2004 16:50:23

CoolWebSearch Object recognized!
Type : File
Data : a0003261.dll
Object : C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP17\
FileSize : 55 KB
Created on : 04/09/2004 03:20:31
Last accessed : 13/09/2004 18:43:30
Last modified : 04/09/2004 03:20:31

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 41

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 44

20:05:17 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:11:40:281
Objects scanned :182283
Objects identified :44
Objects ignored :0
New objects :44
THANK YOU FOR YOUR HELP

Hi, I'm a fellow victim who hasn't solved the problem=20
yet but here's something that may help you: On=20
SecuriTeam.com under "removing about:blank homepage=20
hijacker" I found directions to uncover the name of a=20
hidden file that needs to be removed along with the files=20
hijackThis uncovers. Unfortunately for me the program=20
Reglite.exe doesn't appear to work with Windows xp home=20
edition. Let me know if it works for you. =20
Lisa DeleteThis @livingbliss.com Good luck
=20
 >-----Original Message-----
 >i have tried everything from adaware,hijack this ,=20
browser hijack blaster ,=20
 >cws shredder ,antivirus software and even did the step=20
by step guide from one=20
 >of the experts(sorry i cant remember youre name)but=20
nothing has fixed my=20
 >problem . adaware finds everything i think but it still=20
goes back to the sane=20
 >page which is msn search page but with an address=20
 >res://ycrm.dll/index.html#35759 and many other addresses=20
of the same content=20
 >but with a different <a rel="nofollow" style='text-decoration: none;' href="res://" target="_blank">res://</a>****.html#35759, i am not=20
sure but i think that=20
<font color=purple> >this address is also linked to my problem <a rel="nofollow" style='text-decoration: none;' href="http://www.v61.com.=20</font" target="_blank">www.v61.com.=20</font</a>>
here is a log from my=20
 >adaware. NOTICE NUMBER TWO!!!
 >Lavasoft Ad-aware Personal Build 6.181
 >Logfile created on :13 September 2004 19:53:37
 >Created with Ad-aware Personal, free for private use.
 >Using reference-file :01R340 06.09.2004
 >______________________________________________________
 >
 >Ad-aware Settings
 >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
 >Set : Activate in-depth scan (Recommended)
 >Set : Safe mode (always request confirmation)
 >Set : Scan active processes
 >Set : Scan registry
 >Set : Deep scan registry
 >Set : Scan my IE Favorites for banned URLs
 >Set : Scan within archives
 >Set : Scan my Hosts file
 >
 >
 >13-09-2004 19:53:37 - Scan started. (Custom mode)
 >
 >Listing running processes
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >
 >#:1 [smss.exe]
 > FilePath : \SystemRoot\System32\
 > ThreadCreationTime : 13-09-2004 17:51:25
 > BasePriority : Normal
 >
 >
 >#:2 [winlogon.exe]
 > FilePath : \??\C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 17:51:28
 > BasePriority : High
 >
 >
 >#:3 [services.exe]
 > FilePath : C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 17:51:28
 > BasePriority : Normal
 > FileSize : 105 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Services and Controller app
 > InternalName : services.exe
 > OriginalFilename : services.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:40
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 04/08/2004 07:56:55
 >
 >#:4 [lsass.exe]
 > FilePath : C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 17:51:28
 > BasePriority : Normal
 > FileSize : 13 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : LSA Shell (Export Version)
 > InternalName : lsass.exe
 > OriginalFilename : lsass.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:22
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 04/08/2004 07:56:50
 >
 >#:5 [svchost.exe]
 > FilePath : C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 17:51:28
 > BasePriority : Normal
 > FileSize : 14 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Generic Host Process for Win32=20
Services
 > InternalName : svchost.exe
 > OriginalFilename : svchost.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:44
 > Last accessed : 13/09/2004 17:55:41
 > Last modified : 04/08/2004 07:56:57
 >
 >#:6 [svchost.exe]
 > FilePath : C:\WINDOWS\System32\
 > ThreadCreationTime : 13-09-2004 17:51:29
 > BasePriority : Normal
 > FileSize : 14 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Generic Host Process for Win32=20
Services
 > InternalName : svchost.exe
 > OriginalFilename : svchost.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:44
 > Last accessed : 13/09/2004 17:55:41
 > Last modified : 04/08/2004 07:56:57
 >
 >#:7 [spoolsv.exe]
 > FilePath : C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 17:51:31
 > BasePriority : Normal
 > FileSize : 56 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Spooler SubSystem App
 > InternalName : spoolsv.exe
 > OriginalFilename : spoolsv.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:43
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 04/08/2004 07:56:57
 >
 >#:8 [ccevtmgr.exe]
 > FilePath : C:\Program Files\Common=20
Files\Symantec Shared\
 > ThreadCreationTime : 13-09-2004 17:51:31
 > BasePriority : Normal
 > FileSize : 309 KB
 > FileVersion : 1.03.4
 > ProductVersion : 1.03.4
 > Copyright : Copyright (c) 2000-2002=20
Symantec Corporation. All=20
 >rights reserved.
 > CompanyName : Symantec Corporation
 > FileDescription : Event Manager Service
 > InternalName : ccEvtMgr
 > OriginalFilename : ccEvtMgr.exe
 > ProductName : Event Manager
 > Created on : 13/11/2002 16:44:02
 > Last accessed : 13/09/2004 18:53:06
 > Last modified : 13/11/2002 16:44:02
 >
 >#:9 [navapsvc.exe]
 > FilePath : C:\Program Files\Norton=20
AntiVirus\
 > ThreadCreationTime : 13-09-2004 17:51:31
 > BasePriority : Normal
 > FileSize : 113 KB
 > FileVersion : 9.05.1015
 > ProductVersion : 9.05.1015
 > Copyright : Copyright (c) 2000-2002=20
Symantec Corporation. All=20
 >rights reserved.
 > CompanyName : Symantec Corporation
 > FileDescription : Norton AntiVirus Auto-Protect=20
Service
 > InternalName : NAVAPSVC
 > OriginalFilename : NAVAPSVC.EXE
 > ProductName : Norton AntiVirus
 > Created on : 14/11/2002 19:41:26
 > Last accessed : 13/09/2004 18:53:07
 > Last modified : 14/11/2002 19:41:26
 >
 >#:10 [nisum.exe]
 > FilePath : C:\Program Files\Norton=20
Internet Security\
 > ThreadCreationTime : 13-09-2004 17:51:31
 > BasePriority : Normal
 > FileSize : 137 KB
 > FileVersion : 6.02.1015
 > ProductVersion : 6.02.1015
 > Copyright : Copyright (c) 2000-2002=20
Symantec Corporation. All=20
 >rights reserved.
 > CompanyName : Symantec Corporation
 > FileDescription : Norton Internet Security NISUM
 > InternalName : NISUM
 > OriginalFilename : NISUM.exe
 > ProductName : Norton Internet Security
 > Created on : 14/11/2002 19:31:24
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 14/11/2002 19:31:24
 >
 >#:11 [nkkua]
 > FilePath : C:\WINDOWS\wiaservc.log:
 > ThreadCreationTime : 13-09-2004 17:51:32
 > BasePriority : Normal
 >
 >
 >#:12 [svchost.exe]
 > FilePath : C:\WINDOWS\System32\
 > ThreadCreationTime : 13-09-2004 17:51:35
 > BasePriority : Normal
 > FileSize : 14 KB
 > FileVersion : 5.1.2600.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 5.1.2600.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Generic Host Process for Win32=20
Services
 > InternalName : svchost.exe
 > OriginalFilename : svchost.exe
 > ProductName : Microsoft=20
 > Created on : 19/09/2002 19:26:44
 > Last accessed : 13/09/2004 17:55:41
 > Last modified : 04/08/2004 07:56:57
 >
 >#:13 [ccpxysvc.exe]
 > FilePath : C:\Program Files\Norton=20
Internet Security\
 > ThreadCreationTime : 13-09-2004 17:51:35
 > BasePriority : Normal
 > FileSize : 33 KB
 > FileVersion : 6.02.1015
 > ProductVersion : 6.02.1015
 > Copyright : Copyright (c) 2000-2002=20
Symantec Corporation. All=20
 >rights reserved.
 > CompanyName : Symantec Corporation
 > FileDescription : Norton Internet Security Proxy=20
Service
 > InternalName : ccPxySvc
 > OriginalFilename : ccPxySvc.exe
 > ProductName : Norton Internet Security
 > Created on : 14/11/2002 19:30:06
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 14/11/2002 19:30:06
 >
 >#:14 [explorer.exe]
 > FilePath : C:\WINDOWS\
 > ThreadCreationTime : 13-09-2004 18:52:31
 > BasePriority : Normal
 > FileSize : 1008 KB
 > FileVersion : 6.00.2900.2180=20
(xpsp_sp2_rtm.040803-2158)
 > ProductVersion : 6.00.2900.2180
 > CompanyName : Microsoft Corporation
 > FileDescription : Windows Explorer
 > InternalName : explorer
 > OriginalFilename : EXPLORER.EXE
 > ProductName : Microsoft=20
 > Created on : 06/08/2004 04:52:07
 > Last accessed : 13/09/2004 18:52:34
 > Last modified : 04/08/2004 07:56:49
 >
 >#:15 [realsched.exe]
 > FilePath : C:\Program Files\Common=20
Files\Real\Update_OB\
 > ThreadCreationTime : 13-09-2004 18:52:36
 > BasePriority : Normal
 > FileSize : 148 KB
 > FileVersion : 0.1.0.1622
 > ProductVersion : 0.1.0.1622
 > Copyright : Copyright =20
 > CompanyName : RealNetworks, Inc.
 > FileDescription : RealNetworks Scheduler
 > InternalName : schedapp
 > OriginalFilename : realsched.exe
 > ProductName : RealOne Player (32-bit)=20
 > Created on : 05/08/2003 16:07:27
 > Last accessed : 13/09/2004 18:52:36
 > Last modified : 05/08/2003 16:07:27
 >
 >#:16 [soundman.exe]
 > FilePath : C:\WINDOWS\
 > ThreadCreationTime : 13-09-2004 18:52:36
 > BasePriority : Normal
 > FileSize : 53 KB
 > FileVersion : 5.1.00
 > ProductVersion : 5.1.00
 > Copyright : Copyright (c) 2001-2003 Realtek=20
Semiconductor Corp.
 > CompanyName : Realtek Semiconductor Corp.
 > FileDescription : Realtek Sound Manager
 > InternalName : ALSMTray
 > OriginalFilename : ALSMTray.exe
 > ProductName : Realtek Sound Manager
 > Created on : 21/08/2004 11:28:08
 > Last accessed : 13/09/2004 18:52:36
 > Last modified : 21/08/2004 11:28:08
 >
 >#:17 [sdkss.exe]
 > FilePath : C:\WINDOWS\system32\
 > ThreadCreationTime : 13-09-2004 18:52:36
 > BasePriority : Normal
 > FileSize : 27 KB
 > Created on : 11/08/2004 03:30:06
 > Last accessed : 13/09/2004 18:52:36
 > Last modified : 11/08/2004 03:30:06
 >
 >#:18 [traycontrol.exe]
 > FilePath : C:\Program Files\Packard Bell=20
EverSafe\
 > ThreadCreationTime : 13-09-2004 18:52:37
 > BasePriority : Normal
 > FileSize : 744 KB
 > FileVersion : 4.0
 > ProductVersion : 4.0
 > Copyright : Copyright =20
 > CompanyName : NovaStor Corporation
 > FileDescription : Tray Control
 > InternalName : TRAYCONTROL
 > OriginalFilename : TrayControl.exe
 > ProductName : NovaNet-WEB
 > Created on : 02/01/2004 23:39:37
 > Last accessed : 13/09/2004 18:52:37
 > Last modified : 31/07/2002 15:00:36
 >
 >#:19 [em_exec.exe]
 > FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
 > ThreadCreationTime : 13-09-2004 18:52:37
 > BasePriority : Normal
 > FileSize : 34 KB
 > FileVersion : 9.43.75=20
 > ProductVersion : 9.43=20
 > Copyright : Copyright =20
 > CompanyName : Logitech=20
Inc. =20
 > FileDescription : Control Center
 > InternalName : EM_EXEC
 > OriginalFilename : EM_EXEC.CPP
 > ProductName : MouseWare=20
 > Created on : 05/08/2003 15:58:13
 > Last accessed : 13/09/2004 18:52:37
 > Last modified : 28/01/2002 08:43:00
 >
 >#:20 [ccapp.exe]
 > FilePath : C:\Program Files\Common=20
Files\Symantec Shared\
 > ThreadCreationTime : 13-09-2004 18:52:38
 > BasePriority : Normal
 > FileSize : 53 KB
 > FileVersion : 1.03.15
 > ProductVersion : 1.03.15
 > Copyright : Copyright (c) 2000-2002=20
Symantec Corporation. All=20
 >rights reserved.
 > CompanyName : Symantec Corporation
 > FileDescription : Common Client CC App
 > InternalName : ccApp
 > OriginalFilename : ccApp.exe
 > ProductName : Common Client
 > Created on : 14/11/2002 19:29:06
 > Last accessed : 13/09/2004 18:53:08
 > Last modified : 14/11/2002 19:29:06
 >
 >#:21 [atiptaxx.exe]
 > FilePath : C:\ATI Technologies\ATI Control=20
Panel\
 > ThreadCreationTime : 13-09-2004 18:52:38
 > BasePriority : Normal
 > FileSize : 328 KB
 > FileVersion : 6.14.10.5019
 > ProductVersion : 6.14.10.5019
 > Copyright : Copyright (C) 1998-2002 ATI=20
Technologies Inc.
 > CompanyName : ATI Technologies, Inc.
 > FileDescription : ATI Desktop Control Panel
 > InternalName : Atiptaxx.exe
 > OriginalFilename : Atiptaxx.exe
 > ProductName : ATI Desktop Component
 > Created on : 05/08/2003 15:58:53
 > Last accessed : 13/09/2004 18:52:38
 > Last modified : 19/06/2003 12:31:00
 >
 >#:22 [aboard.exe]
 > FilePath : C:\apps\ABoard\
 > ThreadCreationTime : 13-09-2004 18:52:38
 > BasePriority : Normal
 > FileSize : 24 KB
 > FileVersion : 1, 2, 0, 0
 > ProductVersion : 1, 2, 0, 0
 > Copyright : Copyright (C) 2003
 > CompanyName : NEC Computers International
 > FileDescription : Activboard Application
 > InternalName : Activboard
 > OriginalFilename : ABoard.exe
 > ProductName : Activboard Application
 > Created on : 05/08/2003 16:06:05
 > Last accessed : 13/09/2004 18:52:39
 > Last modified : 02/05/2003 10:31:50
 >
 >#:23 [spykiller.exe]
 > FilePath : C:\Program Files\SpyKiller\
 > ThreadCreationTime : 13-09-2004 18:52:41
 > BasePriority : Normal
 > FileSize : 261 KB
 > FileVersion : 1.00=20
 > ProductVersion : 1.00=20
<font color=purple> > CompanyName : <a rel="nofollow" style='text-decoration: none;' href="http://www.spykiller.com=20</font" target="_blank">www.spykiller.com=20</font</a>>
 > FileDescription : SpyWare/AdWare Remover=20
 > InternalName : SpyKiller=20
 > OriginalFilename : SpyKiller.exe=20
 > ProductName : SpyKiller 2004=20
 > Created on : 01/07/2003 06:04:18
 > Last accessed : 13/09/2004 18:52:41
 > Last modified : 10/06/2004 06:01:52
 >
 >#:24 [msmsgs.exe]
 > FilePath : C:\Program Files\Messenger\
 > ThreadCreationTime : 13-09-2004 18:52:41
 > BasePriority : Normal
 > FileSize : 1628 KB
 > FileVersion : 4.7.3000
 > ProductVersion : Version 4.7.3000
 > Copyright : Copyright (c) Microsoft=20
Corporation 2004
 > CompanyName : Microsoft Corporation
 > FileDescription : Windows Messenger
 > InternalName : msmsgs
 > OriginalFilename : msmsgs.exe
 > ProductName : Messenger
 > Created on : 14/04/2003 19:05:20
 > Last accessed : 13/09/2004 17:55:38
 > Last modified : 04/08/2004 07:56:53
 >
 >#:25 [quickdcf.exe]
 > FilePath : C:\Program Files\FinePixViewer\
 > ThreadCreationTime : 13-09-2004 18:52:42
 > BasePriority : Normal
 > FileSize : 196 KB
 > FileVersion : 4, 0, 0, 0
 > ProductVersion : 4, 0, 0, 0
 > Copyright : Copyright 2000-2003 FUJI PHOTO=20
FILM CO.,LTD.
 > CompanyName : FUJI PHOTO FILM CO., LTD.
 > FileDescription : Exif Launcher
 > InternalName : QuickDCF
 > OriginalFilename : QuickDCF.exe
 > ProductName : FinePixViewer
 > Created on : 19/05/2004 22:53:05
 > Last accessed : 13/09/2004 18:52:42
 > Last modified : 20/12/2002 15:18:40
 >
 >#:26 [hpohmr08.exe]
 > FilePath : C:\Program Files\Hewlett-
Packard\Digital Imaging\bin\
 > ThreadCreationTime : 13-09-2004 18:52:42
 > BasePriority : Normal
 > FileSize : 144 KB
 > FileVersion : 4.2.0.020
 > ProductVersion : 2.4.1.020
 > Copyright : Copyright (C) Hewlett-Packard=20
Co. 1995-2001
 > CompanyName : Hewlett-Packard Co.
 > FileDescription : HP OfficeJet COM Device Objects
 > InternalName : HPOHMR08
 > OriginalFilename : HPOHMR08.EXE
 > ProductName : hp digital imaging - hp all-in-
one series
 > Created on : 06/04/2003 01:17:18
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 06/04/2003 01:17:18
 >
 >#:27 [hpotdd01.exe]
 > FilePath : C:\Program Files\Hewlett-
Packard\Digital Imaging\bin\
 > ThreadCreationTime : 13-09-2004 18:52:42
 > BasePriority : Normal
 > FileSize : 28 KB
 > FileVersion : 1, 0, 0, 1
 > ProductVersion : 1, 0, 0, 1
 > Copyright : Copyright =20
 > CompanyName : Hewlett-Packard
 > FileDescription : hpotdd01
 > InternalName : hpotdd01
 > OriginalFilename : hpotdd01.exe
 > ProductName : Hewlett-Packard hpotdd01
 > Created on : 06/04/2003 01:06:58
 > Last accessed : 13/09/2004 18:52:42
 > Last modified : 06/04/2003 01:06:58
 >
 >#:28 [aosd.exe]
 > FilePath : C:\apps\ABoard\
 > ThreadCreationTime : 13-09-2004 18:52:43
 > BasePriority : ?
 > FileSize : 68 KB
 > FileVersion : 1, 2, 0, 0
 > ProductVersion : 1, 2, 0, 0
 > Copyright : Copyright (C) 2003
 > CompanyName : NEC Computers International
 > FileDescription : ActivOSD Application
 > InternalName : ActivOSD
 > OriginalFilename : ActivOSD.exe
 > ProductName : ActivOSD Application
 > Created on : 05/08/2003 16:06:05
 > Last accessed : 13/09/2004 18:52:43
 > Last modified : 02/05/2003 10:31:38
 >
 >#:29 [calcheck.exe]
 > FilePath : C:\APPS\Ulead Systems\Ulead=20
Photo Express 4.0 SE\
 > ThreadCreationTime : 13-09-2004 18:52:43
 > BasePriority : Normal
 > FileSize : 68 KB
 > FileVersion : 4, 0, 0, 0
 > ProductVersion : 4, 0, 0, 0
 > Copyright : Copyright (C) 1992-1999.Ulead=20
Systems, Inc.
 > CompanyName : Ulead Systems, Inc.
 > FileDescription : Photo Express -- Calendar=20
Checker
 > InternalName : CalCheck
 > OriginalFilename : CalCheck.EXE
 > ProductName : Calendar Checker Application
 > Created on : 02/01/2004 22:41:28
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 16/04/2002 16:11:28
 >
 >#:30 [hpoevm08.exe]
 > FilePath : C:\Program Files\Hewlett-
Packard\Digital Imaging\bin\
 > ThreadCreationTime : 13-09-2004 18:52:51
 > BasePriority : Normal
 > FileSize : 280 KB
 > FileVersion : 4.2.0.020
 > ProductVersion : 2.4.1.020
 > Copyright : Copyright (C) Hewlett-Packard=20
Co. 1995-2001
 > CompanyName : Hewlett-Packard Co.
 > FileDescription : HP OfficeJet COM Event Manager
 > InternalName : HPOEVM08
 > OriginalFilename : HPOEVM08.EXE
 > ProductName : hp digital imaging - hp all-in-
one series
 > Created on : 06/04/2003 00:45:10
 > Last accessed : 13/09/2004 18:53:02
 > Last modified : 06/04/2003 00:45:10
 >
 >#:31 [hposts08.exe]
 > FilePath : C:\Program Files\Hewlett-
Packard\Digital Imaging\Bin\
 > ThreadCreationTime : 13-09-2004 18:52:56
 > BasePriority : Normal
 > FileSize : 304 KB
 > FileVersion : 4.2.0.020
 > ProductVersion : 2.4.1.020
 > Copyright : Copyright (C) Hewlett-Packard=20
Co. 1995-2001
 > CompanyName : Hewlett-Packard Co.
 > FileDescription : HP OfficeJet Status
 > InternalName : HPOSTS08
 > OriginalFilename : HPOSTS08.EXE
 > ProductName : hp digital imaging - hp all-in-
one series
 > Created on : 06/04/2003 00:55:04
 > Last accessed : 13/09/2004 18:53:37
 > Last modified : 06/04/2003 00:55:04
 >
 >#:32 [ad-aware.exe]
 > FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
 > ThreadCreationTime : 13-09-2004 18:53:31
 > BasePriority : Normal
 > FileSize : 668 KB
 > FileVersion : 6.0.1.181
 > ProductVersion : 6.0.0.0
 > Copyright : Copyright =20
 > CompanyName : Lavasoft Sweden
 > FileDescription : Ad-aware 6 core application
 > InternalName : Ad-aware.exe
 > OriginalFilename : Ad-aware.exe
 > ProductName : Lavasoft Ad-aware Plus
 > Created on : 29/07/2004 20:44:08
 > Last accessed : 13/09/2004 18:22:03
 > Last modified : 12/07/2003 20:00:20
 >
 >Memory scan result :
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >New objects : 0
 >Objects found so far: 0
 >
 >
 >Started registry scan
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >
 >Registry scan result :
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >New objects : 0
 >Objects found so far: 0
 >
 >
 >Started deep registry scan
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >
 >Deep registry scan result :
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >New objects : 0
 >Objects found so far: 0
 >
 >
 >Deep scanning and examining files (C
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003236.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 07/09/2004 22:17:40
 > Last accessed : 13/09/2004 18:43:29
 > Last modified : 07/09/2004 22:17:40
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003237.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 23/08/2004 18:47:20
 > Last accessed : 13/09/2004 18:43:29
 > Last modified : 23/08/2004 18:47:20
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003238.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 28/08/2004 18:05:09
 > Last accessed : 13/09/2004 18:43:29
 > Last modified : 28/08/2004 18:05:09
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003239.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 31/08/2004 02:37:36
 > Last accessed : 13/09/2004 18:43:29
 > Last modified : 31/08/2004 02:37:36
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003244.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 11/08/2004 05:53:47
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 11/08/2004 05:53:47
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003245.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 03/08/2004 19:18:56
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 03/08/2004 19:18:56
 >=20
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003247.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 14/08/2004 08:38:06
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 14/08/2004 08:38:06
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003248.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 09/08/2004 21:04:51
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 09/08/2004 21:04:51
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003249.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 04/08/2004 05:13:46
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 04/08/2004 05:13:46
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003250.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 26/08/2004 03:08:03
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 26/08/2004 03:08:03
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003251.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 31/08/2004 12:31:24
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 31/08/2004 12:31:24
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003252.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 17/08/2004 17:53:11
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 17/08/2004 17:53:11
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003253.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 06/08/2004 00:44:07
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 06/08/2004 00:44:07
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003254.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 10/09/2004 16:50:23
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 10/09/2004 16:50:23
 >
 > CoolWebSearch Object recognized!
 > Type : File
 > Data : a0003261.dll
 > Object : C:\System Volume=20
 >Information\_restore{98E46F0A-9DA1-4258-92C4-
7CCAE5D21E6E}\RP17\
 > FileSize : 55 KB
 > Created on : 04/09/2004 03:20:31
 > Last accessed : 13/09/2004 18:43:30
 > Last modified : 04/09/2004 03:20:31
 >
 >Disk scan result for C:\
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >New objects : 0
 >Objects found so far: 41
 >
 >Performing conditional scans..
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >
 > CoolWebSearch Object recognized!
 > Type : RegKey
 > Data :=20
 > Rootkey : HKEY_LOCAL_MACHINE
 > Object :=20
 >SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA
 >
 > CoolWebSearch Object recognized!
 > Type : RegKey
 > Data :=20
 > Rootkey : HKEY_LOCAL_MACHINE
 > Object :=20
 >SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE
 >
 > CoolWebSearch Object recognized!
 > Type : RegKey
 > Data :=20
 > Rootkey : HKEY_LOCAL_MACHINE
 > Object :=20
 >SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW
 >
 >Conditional scan result:
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >New objects : 3
 >Objects found so far: 44
 >
 >20:05:17 Scan complete
 >
 >Summary of this scan
 >=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=
=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=
=AF=C2=AF=C2=AF=C2=AF=C2
=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF=C2=AF
 >Total scanning time :00:11:40:281
 >Objects scanned :182283
 >Objects identified :44
 >Objects ignored :0
 >New objects :44
 >THANK YOU FOR YOUR HELP
 >.
 >