|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-01-2007, 12:24 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
search-daily.com
I clicked a link for a wrestling website after googling it and next thing I know I've been browser hijacked. Whenever I click a link in google using IE, I'm redirected to "http://www.search-daily.com/search.php?qq=search-daily.com"
it usually starts with some ip address first. I've run anitivirus, spybot, ad-aware and everything and still no luck. This **** is really annoying. I get messages in my system tray about porn found on my pc and there being errors. below is my highjack log. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 3:29:25 AM, on 12/1/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Comodo\common\CAVASpy\cavasm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Creative\ShareDLL\Mediadet.exe C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Comodo\Comodo AntiVirus\cavemsrv.exe C:\Program Files\Creative\PlayCenter2\CTPlay2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Michael Bottella\Desktop\HiJackThis_v2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {2EC4CC15-1E33-40F8-A44C-93CDE50437E8} - C:\WINDOWS\System32\clbcatexu.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - (no file) O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: *.wwe.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186686942690 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186686931264 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11458 bytes Last edited by Michael Wayne; 12-01-2007 at 12:35 AM. |
|
     |
| Sponsored Links |
|
12-02-2007, 09:40 AM
|
#2 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
has anyone had a chance to look into this? I've been trying various spyware programs to clean this out and I'm not having any results. I keep being redirected when clicking links in google, and I'm still getting messages in my system tray about there being porn, or errors on my pc that need fixing etc. Can someone help me out here?
|
|
|
|
|
12-04-2007, 05:48 AM
|
#3 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,530
OS: XP
|
Re: search-daily.com
Hello Michael and welcome to TSF.
You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version. Next, download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Do not post that log, instead, do this next: ===================================================== Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
==================================================== Logs Required C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<---Attached |
|
|
|
|
12-04-2007, 08:28 AM
|
#4 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Computer is in Normal Mode.
-------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...failed; access is denied. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Michael Bottella.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:22 AM, on 12/4/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Creative\ShareDLL\Mediadet.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael Bottella\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael Bottella.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {2EC4CC15-1E33-40F8-A44C-93CDE50437E8} - C:\WINDOWS\System32\clbcatexu.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - (no file) O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\{5E7A60E4-8B8F-4DA5-9341-2AEEAEC35AB0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: *.wwe.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186686942690 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186686931264 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 11238 bytes -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,53 .cmd - cmdfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,53 .chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,49 .hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,7 .inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,46 .ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,46 .js - JSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,47 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" .reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1 .txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,55 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 gyljbokr - c:\windows\system32\drivers\hobiowbn.dat R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> R3 Ausbflt - c:\windows\system32\drivers\ausbflt.sys <Not Verified; Adaptec Inc.; WDM filter driver for USB devices> R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S2 ohciusb (Open Host Controller Miniport USB Driver) - c:\windows\system32\drivers\ohciusb.sys (file missing) S3 HTTP - c:\windows\system32\drivers\http.sys (file missing) S3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R0 Nla (Network Location Awareness (NLA)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing) R0 SENS (System Event Notification) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing) R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition> S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing) S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - S3 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk> S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-04 01:23:40 386 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-11-04 and 2007-12-04 ----------------------------- 2007-12-04 11:22:01 0 d-------- C:\Program Files\Trend Micro 2007-12-04 11:16:50 0 dr-h----- C:\Documents and Settings\Michael Bottella\Recent 2007-12-03 17:57:55 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-03 17:57:04 248 --a------ C:\WINDOWS\System32\PavCPL.dat 2007-12-03 17:56:59 0 d-------- C:\WINDOWS\System32\PAV 2007-12-03 17:56:28 0 d-------- C:\Program Files\Panda Security 2007-12-03 17:51:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 14:40:58 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-12-03 13:47:32 0 d-------- C:\Program Files\Yahoo! 2007-12-03 13:47:22 0 d-------- C:\Program Files\CCleaner 2007-12-01 16:08:08 164 --a------ C:\install.dat 2007-12-01 16  40 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo2007-12-01 15:09:11 0 d-------- C:\Program Files\XoftSpySE 2007-11-30 00:16:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-30 00:15:50 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 17:40:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-28 17:40:19 216576 --a------ C:\WINDOWS\System32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware> 2007-11-28 17:40:16 0 d-------- C:\Program Files\Comodo 2007-11-28 14:23:32 0 d-------- C:\b77fcd83296f02416190b03693858402 2007-11-28 14:22:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-28 14:22:05 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2007-11-28 02:54:18 0 d-------- C:\WINDOWS\System32\AppCert 2007-11-27 22:48:40 19200 --a------ C:\WINDOWS\System32\drivers\hobiowbn.dat 2007-11-27 22:48:13 106752 --a------ C:\WINDOWS\System32\clbcatexu.dll -- Find3M Report --------------------------------------------------------------- 2007-12-04 11:09:33 4593 --ahs---- C:\WINDOWS\System32\mmf.sys 2007-12-04 04:27:39 24 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat 2007-12-04 04:27:39 24 --a------ C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat 2007-12-04 00:58:21 0 d-------- C:\Program Files\eMule 2007-12-03 17:56:27 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-03 15:45:57 0 d-------- C:\Program Files\SmartPopupBlocker 2007-12-03 15:37:23 0 d-------- C:\Program Files\LeechGet 2006 2007-11-30 17:27:36 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\.ABC 2007-11-30 15:29:17 29 --a------ C:\WINDOWS\popcinfo.dat 2007-11-30 03:04:18 0 d-------- C:\Program Files\Common Files 2007-11-27 23:13:03 0 d-------- C:\Program Files\PeerGuardian2 2007-11-27 01:04:24 0 d-------- C:\Program Files\AIM6 2007-11-15 22:50:29 0 d-------- C:\Program Files\Sony 2007-11-13 09:16:17 0 d-------- C:\Program Files\Norton SystemWorks 2007-11-06 03:23:56 0 d-------- C:\Program Files\MySpace 2007-10-20 21:36:46 0 d-------- C:\Program Files\Security Task Manager 2007-10-20 10:13:19 0 d-------- C:\Program Files\Java 2007-10-18 19:09:26 0 d-------- C:\Program Files\MP3+G Toolz .NET 4 2007-10-08 13:40:10 0 d-------- C:\Program Files\Alcohol Soft 2007-10-08 12:55:52 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\SlySoft 2007-10-08 11:40:05 0 d-------- C:\Program Files\SlySoft 2007-10-08 10:39:47 0 d-------- C:\Program Files\Common Files\cdrdao 2007-10-05 23:46:48 0 d-------- C:\Program Files\ABC 2007-10-04 04:16:59 0 d-------- C:\Program Files\Symantec 2007-10-03 06:07:06 24576 --a------ C:\WINDOWS\OkyFlyPC_uninstall.exe <Not Verified; ; UNINSTALL Applicazione> 2007-09-30 20:40:15 45568 --a------ C:\WINDOWS\System32\realbsf1.dll 2007-09-30 20:40:15 69632 --a------ C:\WINDOWS\System32\realbap1.dll 2007-09-25 04:56:46 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EC4CC15-1E33-40F8-A44C-93CDE50437E8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [12/26/2001 02:00 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/31/2007 01:34 PM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM] "LanzarL2007"="C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\{5E7A60E4-8B8F-4DA5-9341-2AEEAEC35AB0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" [] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [07/19/2007 03:23 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 05:27 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/29/2006 1:38:55 AM] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 02/15/2007 08:02 PM 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk] path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer] C:\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk] funk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan] C:\WINDOWS\System32\regscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat] C:\WINDOWS\satmat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone] C:\Program Files\Freescan\freescan.exe -FastScan [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}] C:\WINDOWS\System32\msnvl.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 localhost -- End of Deckard's System Scanner: finished at 2007-12-04 11:25:52 ------------ Last edited by Michael Wayne; 12-04-2007 at 08:33 AM. |
|
|
|
|
12-04-2007, 10:55 AM
|
#5 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,530
OS: XP
|
Re: search-daily.com
Hello again Michael
Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean the infection is gone. ====================================================== Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Java 2 Runtime Environment, SE v1.4.2_05 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java(TM) SE Runtime Environment 6 Update 1 Java(TM) 6 Update 2 Leave Java(TM) 6 Update 3 installed ======================================================= Download ComboFix from Here or here **Save it to your desktop**Do not run just yet,we will shortly ======================================================== Disconnect from the internet ========================================================  Go to  → Run → paste in the single line command & click OK"%userprofile%\desktop\combofix.exe" /killallWhen finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ========================================================= Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========================================================== Logs Required C:\Combofix.txt Hijackthis log |
|
|
|
|
12-04-2007, 12:02 PM
|
#8 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
ComboFix 07-12-02.6 - Michael Bottella 2007-12-04 14:49:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.614 [GMT -5:00] Running from: C:\Documents and Settings\Michael Bottella\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\Michael Bottella\Application Data\addon.dat C:\WINDOWS\system32\clbcatexu.dll C:\WINDOWS\system32\drivers\hobiowbn.dat C:\WINDOWS\system32\f02WtR . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_GYLJBOKR -------\LEGACY_NPF -------\LEGACY_OHCIUSB -------\LEGACY_POOF -------\gyljbokr -------\ohciusb ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-04 11:23 . 2007-12-04 11:23 <DIR> d-------- C:\Deckard 2007-12-04 11:22 . 2007-12-04 11:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 18:00 . 2007-12-03 18:02 418,545,664 --a------ C:\18.tmp 2007-12-03 17:57 . 2007-12-03 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-03 17:57 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-12-03 17:57 . 2007-12-03 17:57 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2007-12-03 17:56 . 2007-12-03 20:38 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-12-03 17:56 . 2007-12-03 17:56 <DIR> d-------- C:\Program Files\Panda Security 2007-12-03 17:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2007-12-03 17:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-03 17:51 . 2007-12-03 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 14:41 . 2007-12-03 14:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-03 14:41 . 2007-12-03 14:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-03 14:41 . 2007-12-03 14:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-03 14:40 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-03 13:47 . 2007-12-03 22:29 <DIR> d-------- C:\Program Files\Yahoo! 2007-12-03 13:47 . 2007-12-03 13:47 <DIR> d-------- C:\Program Files\CCleaner 2007-12-01 16:08 . 2007-12-01 16:08 164 --a------ C:\install.dat 2007-12-01 16:06 . 2007-12-01 16:07 <DIR> d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo 2007-12-01 15:09 . 2007-12-03 04:17 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-30 00:16 . 2007-11-30 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-30 00:15 . 2007-11-30 03:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Program Files\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-11-28 17:40 . 2007-11-28 17:40 216,576 --a------ C:\WINDOWS\system32\monln.dll 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-28 02:54 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-11-27 22:48 . 2005-07-25 23:30 100,864 --a------ C:\WINDOWS\system32\clbcatexu.2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 19:11 --------- d-----w C:\Program Files\Java 2007-12-04 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-04 05:58 --------- d-----w C:\Program Files\eMule 2007-12-03 22:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-03 20:45 --------- d-----w C:\Program Files\SmartPopupBlocker 2007-12-03 20:37 --------- d-----w C:\Program Files\LeechGet 2006 2007-11-30 22:27 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\.ABC 2007-11-28 04:13 --------- d-----w C:\Program Files\PeerGuardian2 2007-11-27 06:04 --------- d-----w C:\Program Files\AIM6 2007-11-27 06:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-16 03:50 --------- d-----w C:\Program Files\Sony 2007-11-13 14:16 --------- d-----w C:\Program Files\Norton SystemWorks 2007-11-06 08:23 --------- d-----w C:\Program Files\MySpace 2007-10-21 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-10-21 02:36 --------- d-----w C:\Program Files\Security Task Manager 2007-10-19 00:09 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4 2007-10-08 18:40 --------- d-----w C:\Program Files\Alcohol Soft 2007-10-08 17:55 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\SlySoft 2007-10-08 16:40 --------- d-----w C:\Program Files\SlySoft 2007-10-08 15:39 --------- d-----w C:\Program Files\Common Files\cdrdao 2007-10-08 15:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 04:46 --------- d-----w C:\Program Files\ABC 2007-10-04 09:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 09:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 09:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 09:16 --------- d-----w C:\Program Files\Symantec 2007-10-03 11:07 24,576 ----a-w C:\WINDOWS\OkyFlyPC_uninstall.exe 2007-09-25 09:56 737,280 ----a-w C:\WINDOWS\iun6002.exe 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{18BEC826-02D5-4AFC-BAA8-C06B7EAB8247}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{523B879B-62A5-4392-812E-C5C284AAAEB0}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\{8B10D43A-7FBF-4947-8390-C8AEA7B1A949}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{9107C27E-3342-4C64-870B-2A9833AF5EA8}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{E181FAE3-12E5-4654-8CB9-3D85D62C6E5F}.dat 2005-10-08 06:58 32 --sha-w C:\WINDOWS\{FF9E27A5-0ED2-4D8F-B439-23DF433F51F3}.dat 2005-10-15 16:34 349,088 --sha-w C:\WINDOWS\system32\acfii.bak2 2005-10-16 03:43 335,883 --sha-w C:\WINDOWS\system32\acfii.ini2 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{4BE1F716-C1DB-473A-AF35-DF7BF40B97BC}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{5C486995-454D-49E0-AB83-DCFEE9493C6A}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{64E1E082-BD47-4A27-9249-CAF1E0BCEC51}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{800FBB96-2302-4899-9281-E5075BBA36DD}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{E7870D69-EE94-4DB9-8072-6DDBCBF01D05}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\system32\{ED529549-8B17-4BB0-A251-7996E420AC9B}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 02:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 13:34] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk] path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] 2000-02-16 01:52 257536 --a------ C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer] 2002-08-29 05:41 91136 --a------ C:\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk] funk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 01:00 28672 --a------ C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan] C:\WINDOWS\System32\regscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat] C:\WINDOWS\satmat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4] 1999-11-18 18:12 24650 --a------ C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 -ra------ C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone] C:\Program Files\Freescan\freescan.exe -FastScan [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 --a------ C:\WINDOWS\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-01-23 14:42 196608 --a------ C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys R3 Ausbflt;Ausbflt;C:\WINDOWS\System32\Drivers\Ausbflt.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\System32\drivers\atibtcap.sys S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\System32\drivers\atibtxbr.sys S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\System32\drivers\ativtutw.sys S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\System32\drivers\ativxstw.sys S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\System32\DRIVERS\GcKernel.sys S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}] C:\WINDOWS\System32\msnvl.exe . Contents of the 'Scheduled Tasks' folder "2007-12-04 18:23:12 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 14:57:35 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@????????????w??????????@?G?????????????????B?????????????????????????????????r?B scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 14:59:10 - machine was rebooted . --- E O F --- Last edited by Michael Wayne; 12-04-2007 at 12:08 PM. |
|
|
|
|
12-04-2007, 12:09 PM
|
#9 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
==========================================================
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:59:40 PM, on 12/4/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Creative\ShareDLL\Mediadet.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - (no file) O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: *.wwe.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186686942690 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186686931264 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 10973 bytes |
|
|
|
|
12-04-2007, 02:11 PM
|
#10 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
I found this file on my desktop called "~$lliwellstarrmatch.doc". I was cleaning my temp files and such out last night/early this morning and when I enabled the showing of hidden files, this particular file was on my desktop. Not sure if I should open it. Any ideas?
|
|
|
|
|
12-04-2007, 02:12 PM
|
#11 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,530
OS: XP
|
Re: search-daily.com
Hello again
Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding. ======================================================= Copy/paste these instructions to Notepad,then disconnect from the internet ======================================================= Click start>run>copy/paste command below into box: sc stop SymWSC Click ok Click start>run>copy/paste command below into box: sc delete SymWSC Click ok. ====================================================== Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Creative PlayCenter Creative RecorderSee Here for information on Creative Labs. ======================================================= Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 03 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: (no name) - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O15 - Trusted Zone: *.wwe.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. ==================================================== Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ====================================================== Reconnect to the internet ======================================================= Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. ===================================================== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ======================================================= Logs Required C:\Combofix.txt Kaspersky scan report Hijackthis log |
|
|
|
|
|
12-04-2007, 05:35 PM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
ComboFix 07-12-02.6 - Michael Bottella 2007-12-04 17:53:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.622 [GMT -5:00] Running from: C:\Documents and Settings\Michael Bottella\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael Bottella\Desktop\CFscript.txt * Created a new restore point FILE C:\18.tmp C:\install.dat C:\Program Files\Freescan C:\WINDOWS\OkyFlyPC_uninstall.exe C:\WINDOWS\satmat.exe C:\WINDOWS\system32\acfii.bak2 C:\WINDOWS\system32\acfii.ini2 C:\WINDOWS\system32\clbcatexu.2 C:\WINDOWS\System32\regscan.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\18.tmp C:\Documents and Settings\All Users\Application Data\Viewpoint C:\install.dat C:\Program Files\Creative C:\Program Files\Creative\CTCDDB\CDDBControl.dll C:\Program Files\Creative\CTCDDB\CDDBUI.dll C:\Program Files\Creative\CTCDDB\CtCddb.dll C:\Program Files\Creative\Media Manager\Database\mmmusic.umi C:\Program Files\Creative\Media Manager\DBProxy.dll C:\Program Files\Creative\Media Manager\DBServer.exe C:\Program Files\Creative\MiniDisc\Albumsvr.dll C:\Program Files\Creative\MiniDisc\CDAEng.dll C:\Program Files\Creative\MiniDisc\CTMDCen.cnt C:\Program Files\Creative\MiniDisc\CTMDCen.crl C:\Program Files\Creative\MiniDisc\CTMDCen.exe C:\Program Files\Creative\MiniDisc\CTMDCen.fts C:\Program Files\Creative\MiniDisc\CTMDCen.gid C:\Program Files\Creative\MiniDisc\CTMDCen.hlp C:\Program Files\Creative\MiniDisc\CTMDCen.skn C:\Program Files\Creative\MiniDisc\CTPlay.CRL C:\Program Files\Creative\MiniDisc\LICENSE.TXT C:\Program Files\Creative\MiniDisc\MDC.isu C:\Program Files\Creative\MiniDisc\MDSvr.dll C:\Program Files\Creative\MiniDisc\MediaEng.dll C:\Program Files\Creative\PlayCenter2\CTPlay2.RPT C:\Program Files\Creative\PLC_TEMP\burp.dll C:\Program Files\Creative\PLC_TEMP\CTALoud.dll C:\Program Files\Creative\PLC_TEMP\CTCmpLib.dll C:\Program Files\Creative\PLC_TEMP\CTN2Res.dll C:\Program Files\Creative\PLC_TEMP\CTNJBRes.dll C:\Program Files\Creative\PLC_TEMP\CTNmd2.pjb C:\Program Files\Creative\PLC_TEMP\CTNmdJB.pjb C:\Program Files\Creative\PLC_TEMP\CTNMRun.crl C:\Program Files\Creative\PLC_TEMP\CTNMRun.exe C:\Program Files\Creative\PLC_TEMP\MUCE.dll C:\Program Files\Creative\Product Registration\English\HELPER.EXE C:\Program Files\Creative\Product Registration\English\InetReg.crl C:\Program Files\Creative\Product Registration\English\InetReg.exe C:\Program Files\Creative\Product Registration\English\Register Sound Blaster Live! DE 5.1.lnk C:\Program Files\Creative\SBLive\AudioHQ\Ahq\ctdevres.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CTDevu.ahq C:\Program Files\Creative\SBLive\AudioHQ\Ahq\ctfxres.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahq\Ctfxu.ahq C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CtkbRes.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CTKeyBdU.ahq C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CtS10KxU.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahq\ctsfres.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CTSfu.ahq C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CtSSpkU.ahq C:\Program Files\Creative\SBLive\AudioHQ\Ahq\CtSSURes.dll C:\Program Files\Creative\SBLive\AudioHQ\AHQmanU.dll C:\Program Files\Creative\SBLive\AudioHQ\Ahqrun.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTbU.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTURes.dll C:\Program Files\Creative\SBLive\AudioHQ\AHQUres.dll C:\Program Files\Creative\SBLive\AudioHQ\AudioHQU.exe C:\Program Files\Creative\SBLive\AudioHQ\CTAbout.dll C:\Program Files\Creative\SBLive\AudioHQ\Help\aaudiohqu.CNT C:\Program Files\Creative\SBLive\AudioHQ\Help\aaudiohqu.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\aaudiohqu.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\aaudiohqu.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\AAUDIOHQU.HLP C:\Program Files\Creative\SBLive\AudioHQ\Help\actdrvu.cnt C:\Program Files\Creative\SBLive\AudioHQ\Help\actdrvu.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\actdrvu.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\actdrvu.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\ACTDRVU.HLP C:\Program Files\Creative\SBLive\AudioHQ\Help\actfxu.cnt C:\Program Files\Creative\SBLive\AudioHQ\Help\actfxu.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\actfxu.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\actfxu.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\ACTFXU.HLP C:\Program Files\Creative\SBLive\AudioHQ\Help\actkybdu.CNT C:\Program Files\Creative\SBLive\AudioHQ\Help\actkybdu.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\actkybdu.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\actkybdu.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\ACTKYBDU.HLP C:\Program Files\Creative\SBLive\AudioHQ\Help\actsfu.cnt C:\Program Files\Creative\SBLive\AudioHQ\Help\actsfu.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\actsfu.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\actsfu.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\ACTSFU.HLP C:\Program Files\Creative\SBLive\AudioHQ\Help\midiaudigy.CNT C:\Program Files\Creative\SBLive\AudioHQ\Help\MIDIAUDIGY.ftg C:\Program Files\Creative\SBLive\AudioHQ\Help\MIDIAUDIGY.fts C:\Program Files\Creative\SBLive\AudioHQ\Help\MIDIAUDIGY.gid C:\Program Files\Creative\SBLive\AudioHQ\Help\MIDIAUDIGY.HLP C:\Program Files\Creative\SBLive\Diagnostics\Ct10kxdg.dll C:\Program Files\Creative\SBLive\Diagnostics\CTCplFW.CRL C:\Program Files\Creative\SBLive\Diagnostics\CTCplFW.exe C:\Program Files\Creative\SBLive\Diagnostics\CTMChWav.dll C:\Program Files\Creative\SBLive\Diagnostics\dgresuda.dll C:\Program Files\Creative\SBLive\Diagnostics\diag2uda.acc C:\Program Files\Creative\SBLive\Diagnostics\diag2uda.cnt C:\Program Files\Creative\SBLive\Diagnostics\Diag2uda.ftg C:\Program Files\Creative\SBLive\Diagnostics\Diag2uda.fts C:\Program Files\Creative\SBLive\Diagnostics\Diag2uda.gid C:\Program Files\Creative\SBLive\Diagnostics\Diag2uda.hlp C:\Program Files\Creative\SBLive\Diagnostics\diagnos2.dll C:\Program Files\Creative\SBLive\Diagnostics\Diagnose.ico C:\Program Files\Creative\SBLive\Diagnostics\drvcon.dll C:\Program Files\Creative\SBLive\Diagnostics\hwfail.txt C:\Program Files\Creative\SBLive\Diagnostics\logo.bmp C:\Program Files\Creative\SBLive\Diagnostics\Media\Center.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\Frontl.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\Frontr.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\left.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\Rearl.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\Rearr.wav C:\Program Files\Creative\SBLive\Diagnostics\Media\right.wav C:\Program Files\Creative\SBLive\Diagnostics\RestEng.dll C:\Program Files\Creative\SBLive\Diagnostics\techsup.html C:\Program Files\Creative\SBLive\Diagnostics\viewlog.txt C:\Program Files\Creative\SBLive\Help\audigyu.cnt C:\Program Files\Creative\SBLive\Help\audigyu.ftg C:\Program Files\Creative\SBLive\Help\audigyu.fts C:\Program Files\Creative\SBLive\Help\audigyu.gid C:\Program Files\Creative\SBLive\Help\Audigyu.hlp C:\Program Files\Creative\SBLive\Help\Hwinfo.cnt C:\Program Files\Creative\SBLive\Help\hwinfo.ftg C:\Program Files\Creative\SBLive\Help\hwinfo.fts C:\Program Files\Creative\SBLive\Help\hwinfo.gid C:\Program Files\Creative\SBLive\Help\hwinfo.hlp C:\Program Files\Creative\SBLive\Program\ADGJDet.exe C:\Program Files\Creative\SBLive\Program\CTZAPXX.exe C:\Program Files\Creative\SBLive\Program\Ctzapxx.ini C:\Program Files\Creative\SBLive\Program\Emu10kx.ini C:\Program Files\Creative\SBLive\Program\instwdm.dll C:\Program Files\Creative\SBLive\Program\NTSetup.dll C:\Program Files\Creative\SBLive\Program\RDefault.crl C:\Program Files\Creative\SBLive\Program\RDefault.exe C:\Program Files\Creative\SBLive\Program\RestEng.dll C:\Program Files\Creative\SBLive\Program\THK3216.dll C:\Program Files\Creative\SBLive\Program\UPDDRV9X.DLL C:\Program Files\Creative\SBLive\SBLive.ICO C:\Program Files\Creative\SBLive\SurMix2\CT10KXDG.dll C:\Program Files\Creative\SBLive\SurMix2\CTAbout.dll C:\Program Files\Creative\SBLive\SurMix2\CTMChWav.dll C:\Program Files\Creative\SBLive\SurMix2\Help\ctsurmixu.CNT C:\Program Files\Creative\SBLive\SurMix2\Help\Ctsurmixu.ftg C:\Program Files\Creative\SBLive\SurMix2\Help\Ctsurmixu.fts C:\Program Files\Creative\SBLive\SurMix2\Help\Ctsurmixu.gid C:\Program Files\Creative\SBLive\SurMix2\Help\CTSURMIXU.HLP C:\Program Files\Creative\SBLive\SurMix2\MxLib.dll C:\Program Files\Creative\SBLive\SurMix2\Rotxe.dll C:\Program Files\Creative\SBLive\SurMix2\SurMix2.crl C:\Program Files\Creative\SBLive\SurMix2\SurMix2.exe C:\Program Files\Creative\SBLive\SurMix2\SurMix2.rtx C:\Program Files\Creative\SBLive\SurMix2\WaveFile\Center.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\Frontleft.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\Frontright.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\left.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\Rearleft.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\Rearright.wav C:\Program Files\Creative\SBLive\SurMix2\WaveFile\right.wav C:\Program Files\Creative\SBLive2k\AudioHQ\EA.ICO C:\Program Files\Creative\SBLive2k\AudioHQ\EALOGO.ICO C:\Program Files\Creative\SBLive2k\BITMAP\Live!a.BMP C:\Program Files\Creative\SBLive2k\BITMAP\Live!b.BMP C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Factory1.rma C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Help\Rhythm.cnt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Help\Rhythm.gid C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Help\Rhythm.hlp C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\A#_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\A_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\B_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\C#_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\C_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\D#_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\D_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\E_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\F#_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\F_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\G#_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Palette\G_key.plt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Pattern\Dc_more.ptn C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Pattern\Jz_polyg.ptn C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Pattern\Rr_alive.ptn C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Readme.txt C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rhythm.exe C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rhythm.isu C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rmamaeng.dll C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rmimg.dll C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rmres.dll C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Rmseq16.dll C:\Program Files\Creative\SBLive2k\Creative Rhythmania\Sequence\Creaf.seq C:\Program Files\Creative\SBLive2k\Help\hwinfo.cnt C:\Program Files\Creative\SBLive2k\Help\hwinfo.ftg C:\Program Files\Creative\SBLive2k\Help\hwinfo.fts C:\Program Files\Creative\SBLive2k\Help\hwinfo.gid C:\Program Files\Creative\SBLive2k\Help\hwinfo.hlp C:\Program Files\Creative\SBLive2k\Help\live.cnt C:\Program Files\Creative\SBLive2k\Help\live.ftg C:\Program Files\Creative\SBLive2k\Help\live.fts C:\Program Files\Creative\SBLive2k\Help\live.gid C:\Program Files\Creative\SBLive2k\Help\live.hlp C:\Program Files\Creative\SBLive2k\Keytar\Help\Keytar.cnt C:\Program Files\Creative\SBLive2k\Keytar\Help\Keytar.ftg C:\Program Files\Creative\SBLive2k\Keytar\Help\Keytar.fts C:\Program Files\Creative\SBLive2k\Keytar\Help\Keytar.gid C:\Program Files\Creative\SBLive2k\Keytar\Help\Keytar.hlp C:\Program Files\Creative\SBLive2k\Keytar\Keytar.dll C:\Program Files\Creative\SBLive2k\Keytar\Keytar.exe C:\Program Files\Creative\SBLive2k\Keytar\Keytar.isu C:\Program Files\Creative\SBLive2k\Keytar\Ktimg.dll C:\Program Files\Creative\SBLive2k\Keytar\Ktthk.dll C:\Program Files\Creative\SBLive2k\Keytar\Kttmr16.dll C:\Program Files\Creative\SBLive2k\Keytar\Palette\Bday.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Desafind.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Motelklf.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Std_a.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Std_c.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Std_d.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Std_e.plt C:\Program Files\Creative\SBLive2k\Keytar\Palette\Std_g.plt C:\Program Files\Creative\SBLive2k\Keytar\Preset.gpt C:\Program Files\Creative\SBLive2k\Keytar\README.TXT C:\Program Files\Creative\SBLive2k\Launcher\CTbmpres.dll C:\Program Files\Creative\SBLive2k\Launcher\CTChkLv.dll C:\Program Files\Creative\SBLive2k\Launcher\CTGpMgr.dll C:\Program Files\Creative\SBLive2k\Launcher\CTGpMgrres.dll C:\Program Files\Creative\SBLive2k\Launcher\CTLaunch.dll C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.cnt C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.fts C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.gid C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.hlp C:\Program Files\Creative\SBLive2k\Launcher\CTLaunchres.dll C:\Program Files\Creative\SBLive2k\Launcher\Group\AudioHQ\GROUP.INI C:\Program Files\Creative\SBLive2k\Launcher\Group\Demos\GROUP.INI C:\Program Files\Creative\SBLive2k\Launcher\Group\Demos\RemoteCenter.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Demos\SB Live! 5.1.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Demos\SB Live! Experience.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Demos\Sound Blaster Live! Tour.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Group.ini C:\Program Files\Creative\SBLive2k\Launcher\Group\Live!Task\GROUP.INI C:\Program Files\Creative\SBLive2k\Launcher\Group\Live!Task\Live!Task.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Sound Blaster Live!\Keytar.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Sound Blaster Live!\MiniDisc Center.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Sound Blaster Live!\Rhythmania.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Volume\GROUP.INI C:\Program Files\Creative\SBLive2k\Launcher\Group\Volume\Record Control.lnk C:\Program Files\Creative\SBLive2k\Launcher\Group\Volume\Volume Control.lnk C:\Program Files\Creative\SBLive2k\Launcher\Launcher.isu C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTEnv.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTPiAhq.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTpihlp.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTpilive.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTPilogo.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTPirec.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTPirun.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\CTpivol.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Envres.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Hlpres.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\LcAhqRes.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Liveres.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Logores.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\npsmlvdo.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\RecRes.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Runres.dll C:\Program Files\Creative\SBLive2k\Launcher\Plugins\Volres.dll C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTAdsDl.dll C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTAdsMgr.dll C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTCab.dll C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTGuide.dll C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTGuide.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTGuide.skn C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTGuidRc.crl C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTLvNews.skn C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\CTMarq.ocx C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\custom.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\Ad_Type2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\enterta2.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\enterta2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\enterta3.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\enterta3.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\entertai.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\entertai.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games2.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games3.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\games3.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\generic.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\generic.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\interne2.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\interne2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\interne3.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\interne3.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\internet.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\internet.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music2.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music3.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\music3.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others2.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others2.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others3.htm C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Category\others3.ini C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Advertise\Images\bullet.jpg C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\AdvServ.sys C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Custom\United States\Default.sys C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Data\{4F20B661-4187-11D2-8262-008048852C9C}.tdb C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Data\{59639116-D955-11D1-9D9D-00A0C98E7F73}.tdb C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Data\{8C0F8B81-DE1A-11D1-B724-444553540000}.tdb C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Data\{9D74D2A0-DAE5-11D1-9D9D-00A0C98E7F73}.tdb C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Data\{B591EC40-DBC3-11D1-9D9D-00A0C98E7F73}.tdb C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Loader.avi C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\cd-digital.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\connectmusic.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\creative.gif C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\importpresets.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\lava.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\recorder.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\sfmusic.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\Local\taskmanager.html C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\UpdTray.exe C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\UpdTRes.dll C:\Program Files\Creative\SBLive2k\Media\Midi\BRAHMSPC.MID C:\Program Files\Creative\SBLive2k\Media\Midi\BRAHMSPC.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\BRAHMSVC.MID C:\Program Files\Creative\SBLive2k\Media\Midi\BRAHMSVC.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\CHOPINPC.MID C:\Program Files\Creative\SBLive2k\Media\Midi\CHOPINPC.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\DVORAK9.MID C:\Program Files\Creative\SBLive2k\Media\Midi\DVORAK9.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\EARTHDAY.MID C:\Program Files\Creative\SBLive2k\Media\Midi\EARTHDAY.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\FANTASY.MID C:\Program Files\Creative\SBLive2k\Media\Midi\FANTASY.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\NANCE.MID C:\Program Files\Creative\SBLive2k\Media\Midi\NANCE.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\NOCTURNE.MID C:\Program Files\Creative\SBLive2k\Media\Midi\NOCTURNE.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\SCHUDUET.MID C:\Program Files\Creative\SBLive2k\Media\Midi\SCHUDUET.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\SCHUMANN.MID C:\Program Files\Creative\SBLive2k\Media\Midi\SCHUMANN.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\STAIRS26.MID C:\Program Files\Creative\SBLive2k\Media\Midi\STAIRS26.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\SYMPHONY.MID C:\Program Files\Creative\SBLive2k\Media\Midi\SYMPHONY.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\WALTZ.MID C:\Program Files\Creative\SBLive2k\Media\Midi\WALTZ.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\X-GCAPRE.MID C:\Program Files\Creative\SBLive2k\Media\Midi\X-GCAPRE.WRK C:\Program Files\Creative\SBLive2k\Media\Midi\X-S1AALL.MID C:\Program Files\Creative\SBLive2k\Media\Midi\X-S1AALL.WRK C:\Program Files\Creative\SBLive2k\Media\Mp3\Africa.mp3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Africa.mv3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Audity.mp3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Audity.mv3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Illusion.mp3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Illusion.mv3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Intrique.mp3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Intrique.mv3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Nomad.MP3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Nomad.mv3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Trance.mp3 C:\Program Files\Creative\SBLive2k\Media\Mp3\Trance.mv3 C:\Program Files\Creative\SBLive2k\Media\SoundFont\ONLYCHOI.MID C:\Program Files\Creative\SBLive2k\Media\SoundFont\ONLYCHOI.SF2 C:\Program Files\Creative\SBLive2k\Media\SoundFont\SURPRISE.MID C:\Program Files\Creative\SBLive2k\Media\SoundFont\SURPRISE.SF2 C:\Program Files\Creative\SBLive2k\Media\SoundFont\TEKKNIKO.MID C:\Program Files\Creative\SBLive2k\Media\SoundFont\TEKKNIKO.SF2 C:\Program Files\Creative\SBLive2k\Media\Wav\16bit.wav C:\Program Files\Creative\SBLive2k\Media\Wav\8bit.wav C:\Program Files\Creative\SBLive2k\Media\Wav\S_16_44.WAV C:\Program Files\Creative\SBLive2k\Midi.isu C:\Program Files\Creative\SBLive2k\MiniDisc\Albumsvr.dll C:\Program Files\Creative\SBLive2k\MiniDisc\CDAEng.dll C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.cnt C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.crl C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.exe C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.fts C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.gid C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.hlp C:\Program Files\Creative\SBLive2k\MiniDisc\CTMDCen.skn C:\Program Files\Creative\SBLive2k\MiniDisc\CTPlay.CRL C:\Program Files\Creative\SBLive2k\MiniDisc\LICENSE.TXT C:\Program Files\Creative\SBLive2k\MiniDisc\MDC.isu C:\Program Files\Creative\SBLive2k\MiniDisc\MDSvr.dll C:\Program Files\Creative\SBLive2k\MiniDisc\MediaEng.dll C:\Program Files\Creative\SBLive2k\PlayCenter2\CTN2Res.dll C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNJBRes.dll C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmd2.pjb C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmd2.rtx C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmd2b.rtx C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmdJB.pjb C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmdJB.rtx C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNmdJBb.rtx C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.crl C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe C:\Program Files\Creative\SBLive2k\PlayCenter2\CTWMATag.dll C:\Program Files\Creative\SBLive2k\Program\CTAvStub.exe C:\Program Files\Creative\SBLive2k\Program\CTAvtray.exe C:\Program Files\Creative\SBLive2k\Program\ctzapdev.exe C:\Program Files\Creative\SBLive2k\Program\ctzapdev.ini C:\Program Files\Creative\SBLive2k\Program\EAX.AVI C:\Program Files\Creative\SBLive2k\Program\SpeakerPreset.exe C:\Program Files\Creative\SBLive2k\SBLive.isu C:\Program Files\Creative\SBLive2k\SBLiveXP.isu C:\Program Files\Creative\SBLive2k\SBLiveXP\51Audio.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\cd.piw C:\Program Files\Creative\SBLive2k\SBLiveXP\cdNoEax.piw C:\Program Files\Creative\SBLive2k\SBLiveXP\CreativeDemo.exe C:\Program Files\Creative\SBLive2k\SBLiveXP\CreativeDemoRes.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\CreativeDTT3500.jpg C:\Program Files\Creative\SBLive2k\SBLiveXP\CTMChWav.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\demo32.EXE C:\Program Files\Creative\SBLive2k\SBLiveXP\demoplay.exe C:\Program Files\Creative\SBLive2k\SBLiveXP\dining-room.jpg C:\Program Files\Creative\SBLive2k\SBLiveXP\Ds32.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EESkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\Egmskin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EM2Skin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EModPict.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EModSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EMSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EndSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\EPosSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\ESndSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\kirdee.AC3 C:\Program Files\Creative\SBLive2k\SBLiveXP\Ldthk16.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\LiveDemo.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\living-room-backup.jpg C:\Program Files\Creative\SBLive2k\SBLiveXP\living-room.jpg C:\Program Files\Creative\SBLive2k\SBLiveXP\Mainpage.rtx C:\Program Files\Creative\SBLive2k\SBLiveXP\MainSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Cho.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Dist.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Ech.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Flg.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\ee_rev.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\ee_rmod.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Vmrph.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EE\EE_Wah.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\32voices.mpv C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\Less-fl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\Less-fr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\Less-rl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\Less-rr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\More-fl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\More-fr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\More-rl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\32Voices\More-rr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\ea\Ea-fl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\ea\Ea-fr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\ea\Ea-rl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\ea\Ea-rr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\ea\Ea.mpv C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\exist\Exist-fl.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\exist\Exist-fr.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EG\exist\Exist.mpv C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Em\Africa.mid C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Em\Africa.sf2 C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Em\Bloodwar.mid C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Em\Bloodwar.sf2 C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EMOD\EMOD_DOG.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EMOD\EMOD_FOT.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EMOD\EMOD_ORC.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EMOD\EMOD_VOC.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Club\EP1_Bass.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Club\EP1_Drum.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Club\EP1_GUIT.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Club\EP1_Orgn.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Jungle\EP2_Bees.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Jungle\EP2_Elpn.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Jungle\EP2_Lion.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\EP\Jungle\EP2_Mnky.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_2BOC.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_4BOC.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_CTCH.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_DUNK.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN4.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN5.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_LAN6.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SAM1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SAM2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SAM3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SAM4.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SAM5.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SQK1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SQK2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\BsktBall\ES1_SQK3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_Gull.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_Sho2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_Sho3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_Shot.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_St1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_St2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_St3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\Flight\ES3_St4.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_EATT.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_FALL.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_GUN1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_GUN2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_LEAD.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_LOAD.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_LUGH.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_NTHT.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_OHYH.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_RIC1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_RIC2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_TAKE.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_UGOT.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_WISE.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_YEL1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_YEL2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\ES\GunFire\ES2_YEL3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Intro\Thunder.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Mid\Fantasy.mid C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Mid\Nance.mid C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Center.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\FLeft.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\FRight.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Frontleft.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Frontright.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\left.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Rearleft.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Rearright.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\right.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\RLeft.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\RRight.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Media\Spk\Welcome.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\mozart.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\RC-Video1.avi C:\Program Files\Creative\SBLive2k\SBLiveXP\RC-Video2.avi C:\Program Files\Creative\SBLive2k\SBLiveXP\Rc_audio1.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Rc_audio2.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Rc_audio3.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Rc_audio4.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\Rc_audio5.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\RemoteC.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\Rotxe.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\sbdolby.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\sblexp.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\sblive51.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\sblivexp.exe C:\Program Files\Creative\SBLive2k\SBLiveXP\Sblivexp.ico C:\Program Files\Creative\SBLive2k\SBLiveXP\SpkSkin.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\Splash.dll C:\Program Files\Creative\SBLive2k\SBLiveXP\startup.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\thunder.dbd C:\Program Files\Creative\SBLive2k\SBLiveXP\Thunder.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\waterDrip.wav C:\Program Files\Creative\SBLive2k\SBLiveXP\XPRes.dll C:\Program Files\Creative\SBLive2k\SFBank\2GMGSMT.SF2 C:\Program Files\Creative\SBLive2k\SFBank\4GMGSMT.SF2 C:\Program Files\Creative\SBLive2k\SFBank\8MBGMSFX.SF2 C:\Program Files\Creative\SBLive2k\SoundFont.isu C:\Program Files\Creative\SBLive2k\Speaker\2EAX.REG C:\Program Files\Creative\SBLive2k\Speaker\2spkr.reg C:\Program Files\Creative\SBLive2k\Speaker\4EAX.REG C:\Program Files\Creative\SBLive2k\Speaker\4spkr.reg C:\Program Files\Creative\SBLive2k\Speaker\5eax.reg C:\Program Files\Creative\SBLive2k\Speaker\5spkr.reg C:\Program Files\Creative\SBLive2k\Speaker\ALLEMPTY.REG C:\Program Files\Creative\SBLive2k\Speaker\Config2.reg C:\Program Files\Creative\SBLive2k\Speaker\Config4.reg C:\Program Files\Creative\SBLive2k\Speaker\Config5.reg C:\Program Files\Creative\SBLive2k\Speaker\Confighp.reg C:\Program Files\Creative\SBLive2k\Speaker\Configls.reg C:\Program Files\Creative\SBLive2k\Speaker\Hdphone.reg C:\Program Files\Creative\SBLive2k\Speaker\HEADEAX.REG C:\Program Files\Creative\SBLive2k\Speaker\LIVEEAX.REG C:\Program Files\Creative\SBLive2k\Speaker\Lsurnd.reg C:\Program Files\Creative\SBLive2k\Speaker\MRT99.REG C:\Program Files\Creative\SBLive2k\Speaker\SET2.REG C:\Program Files\Creative\SBLive2k\Speaker\SET4.REG C:\Program Files\Creative\SBLive2k\Speaker\Set5.reg C:\Program Files\Creative\SBLive2k\Speaker\SETH.REG C:\Program Files\Creative\SBLive2k\Speaker\SETL.REG C:\Program Files\Creative\SBLive2k\WaveStudio\CTWave32.cnt C:\Program Files\Creative\SBLive2k\WaveStudio\CTWave32.exe C:\Program Files\Creative\SBLive2k\WaveStudio\ctwave32.ftg C:\Program Files\Creative\SBLive2k\WaveStudio\ctwave32.fts C:\Program Files\Creative\SBLive2k\WaveStudio\ctwave32.gid C:\Program Files\Creative\SBLive2k\WaveStudio\CTWave32.hlp C:\Program Files\Creative\SBLive2k\WaveStudio\Plugins\effect01.dll C:\Program Files\Creative\SBLive2k\WaveStudio\Plugins\effect02.dll C:\Program Files\Creative\SBLive2k\WaveStudio\Plugins\effect03.dll C:\Program Files\Creative\SBLive2k\WaveStudio\Ws2k.wss C:\Program Files\Creative\SBLive2k\WaveStudio\Ws32res.dll C:\Program Files\Creative\SBLive2k\WaveStudio\Wstudio.isu C:\Program Files\Creative\Shared Files\Audio.pid C:\Program Files\Creative\Shared Files\Audiopid.dat C:\Program Files\Creative\Shared Files\audiopid.vxd C:\Program Files\Creative\Shared Files\CTPKPCMIDI.PID C:\Program Files\Creative\Shared Files\CtWebCam.pid C:\Program Files\Creative\Shared Files\Pd0620.pid C:\Program Files\Creative\Shared Files\Pd0630.pid C:\Program Files\Creative\Shared Files\Pd0870.pid C:\Program Files\Creative\Shared Files\Pd1110.pid C:\Program Files\Creative\Shared Files\Pd1120.pid C:\Program Files\Creative\Shared Files\Pd1130.pid C:\Program Files\Creative\Shared Files\Pd1131.pid C:\Program Files\Creative\Shared Files\PD1150.pid C:\Program Files\Creative\Shared Files\pd1170.pid C:\Program Files\Creative\Shared Files\Pd1171.pid C:\Program Files\Creative\Shared Files\PD1200.PID C:\Program Files\Creative\Shared Files\PDEJB.pid C:\Program Files\Creative\Shared Files\PDEMuVo.pid C:\Program Files\Creative\Shared Files\Pdenibo.pid C:\Program Files\Creative\Shared Files\PdeNm2.pid C:\Program Files\Creative\Shared Files\PDEPMC.pid C:\Program Files\Creative\Shared Files\PdtIdMgr.pid C:\Program Files\Creative\Shared Files\ProdikeysUSB.pid C:\Program Files\Creative\Shared Files\SBAudigy.pid C:\Program Files\Creative\Shared Files\SBWEpid.pid C:\Program Files\Creative\Shared Files\SBWMpid.pid C:\Program Files\Creative\Shared Files\vf0010.pid C:\Program Files\Creative\Shared Files\VF0010b.pid C:\Program Files\Creative\Shared Files\Vf0060.pid C:\Program Files\Creative\Shared Files\Vf0070.pid C:\Program Files\Creative\Shared Files\Vf0080.pid C:\Program Files\Creative\Shared Files\Vf0090.pid C:\Program Files\Creative\Shared Files\Vf0091.pid C:\Program Files\Creative\Shared Files\VF0100.pid C:\Program Files\Creative\ShareDLL\AudPlug\AC3Filt.dll C:\Program Files\Creative\ShareDLL\AudPlug\Amsdspvt.dll C:\Program Files\Creative\ShareDLL\AudPlug\AMSPCore.dll C:\Program Files\Creative\ShareDLL\AudPlug\AMSPMan.dll C:\Program Files\Creative\ShareDLL\AudPlug\Amspvts.dll C:\Program Files\Creative\ShareDLL\AudPlug\CTDream.ax C:\Program Files\Creative\ShareDLL\AudPlug\CTLavaFt.dll C:\Program Files\Creative\ShareDLL\AudPlug\CTMp3SFt.dll C:\Program Files\Creative\ShareDLL\AudPlug\CTNvfFlt.dll C:\Program Files\Creative\ShareDLL\AudPlug\CTWmSFlt.dll C:\Program Files\Creative\ShareDLL\AudPlug\DSNoiseR.ax C:\Program Files\Creative\ShareDLL\AudPlug\LavaPI.dll C:\Program Files\Creative\ShareDLL\AudPlug\LavaPI.exe C:\Program Files\Creative\ShareDLL\AudPlug\SrcSep.dll C:\Program Files\Creative\ShareDLL\CTCDAEng.dll C:\Program Files\Creative\ShareDLL\CtCdda.dll C:\Program Files\Creative\ShareDLL\CTCDPwr.dll C:\Program Files\Creative\ShareDLL\CTEnvAu.dll C:\Program Files\Creative\ShareDLL\CTId3Res.dll C:\Program Files\Creative\ShareDLL\CTId3Tag.dll C:\Program Files\Creative\ShareDLL\CTNIE.ocx C:\Program Files\Creative\ShareDLL\CTNomad.dll C:\Program Files\Creative\ShareDLL\CTNotify.exe C:\Program Files\Creative\ShareDLL\CTProp.dll C:\Program Files\Creative\ShareDLL\CTProp.hlp C:\Program Files\Creative\ShareDLL\CTProRes.dll C:\Program Files\Creative\ShareDLL\CTRes32.dll C:\Program Files\Creative\ShareDLL\CTRMENU.DLL C:\Program Files\Creative\ShareDLL\CTSkin.dll C:\Program Files\Creative\ShareDLL\Ctskinx.dll C:\Program Files\Creative\ShareDLL\Ctspea32.dll C:\Program Files\Creative\ShareDLL\Mediadet.exe C:\Program Files\Creative\ShareDLL\Mediadet.log C:\Program Files\Creative\ShareDLL\PFMOD.DLL C:\Program Files\Creative\ShareDLL\PFMOD16.DLL C:\Program Files\Creative\Software Update\CTCRC.dll C:\Program Files\Creative\Software Update\ctsu.xml C:\Program Files\Creative\Software Update\CTSURun.exe C:\Program Files\Creative\Software Update\CTXMLPsr.dll C:\Program Files\Creative\Software Update\Data\0111006000000073.cab C:\Program Files\Creative\Software Update\shfolder.dll C:\Program Files\Creative\Software Update\sudata.arc C:\Program Files\Creative\Uninstall\_INST32I.EX_ C:\Program Files\Creative\Uninstall\_ISDel.exe C:\Program Files\Creative\Uninstall\_Setup.dll C:\Program Files\Creative\Uninstall\_sys1.cab C:\Program Files\Creative\Uninstall\_sys1.hdr C:\Program Files\Creative\Uninstall\_user1.cab C:\Program Files\Creative\Uninstall\_user1.hdr C:\Program Files\Creative\Uninstall\CTUninst.exe C:\Program Files\Creative\Uninstall\DATA.TAG C:\Program Files\Creative\Uninstall\data1.cab C:\Program Files\Creative\Uninstall\data1.hdr C:\Program Files\Creative\Uninstall\Installer.isu C:\Program Files\Creative\Uninstall\lang.dat C:\Program Files\Creative\Uninstall\layout.bin C:\Program Files\Creative\Uninstall\os.dat C:\Program Files\Creative\Uninstall\SETUP.INI C:\Program Files\Creative\Uninstall\Setup.Ins C:\Program Files\Creative\Uninstall\setup.lid C:\Program Files\Creative\Uninstall\UNINST1.INI C:\WINDOWS\OkyFlyPC_uninstall.exe C:\WINDOWS\system32\acfii.bak2 C:\WINDOWS\system32\acfii.ini2 C:\WINDOWS\system32\clbcatexu.2 . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-04 11:23 . 2007-12-04 11:23 <DIR> d-------- C:\Deckard 2007-12-04 11:22 . 2007-12-04 11:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 17:57 . 2007-12-03 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-03 17:57 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-12-03 17:57 . 2007-12-03 17:57 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2007-12-03 17:56 . 2007-12-03 20:38 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-12-03 17:56 . 2007-12-03 17:56 <DIR> d-------- C:\Program Files\Panda Security 2007-12-03 17:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2007-12-03 17:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-03 17:51 . 2007-12-03 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 14:41 . 2007-12-03 14:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-03 14:41 . 2007-12-03 14:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-03 14:41 . 2007-12-03 14:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-03 14:40 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-03 13:47 . 2007-12-03 22:29 <DIR> d-------- C:\Program Files\Yahoo! 2007-12-03 13:47 . 2007-12-03 13:47 <DIR> d-------- C:\Program Files\CCleaner 2007-12-01 16:06 . 2007-12-01 16:07 <DIR> d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo 2007-12-01 15:09 . 2007-12-03 04:17 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-30 00:16 . 2007-11-30 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-30 00:15 . 2007-11-30 03:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Program Files\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-11-28 17:40 . 2007-11-28 17:40 216,576 --a------ C:\WINDOWS\system32\monln.dll 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-28 02:54 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\AppCert . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 22:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-04 19:11 --------- d-----w C:\Program Files\Java 2007-12-04 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-04 05:58 --------- d-----w C:\Program Files\eMule 2007-12-03 20:45 --------- d-----w C:\Program Files\SmartPopupBlocker 2007-12-03 20:37 --------- d-----w C:\Program Files\LeechGet 2006 2007-11-30 22:27 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\.ABC 2007-11-28 04:13 --------- d-----w C:\Program Files\PeerGuardian2 2007-11-27 06:04 --------- d-----w C:\Program Files\AIM6 2007-11-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-16 03:50 --------- d-----w C:\Program Files\Sony 2007-11-13 14:16 --------- d-----w C:\Program Files\Norton SystemWorks 2007-11-06 08:23 --------- d-----w C:\Program Files\MySpace 2007-10-21 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-10-21 02:36 --------- d-----w C:\Program Files\Security Task Manager 2007-10-19 00:09 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4 2007-10-08 18:40 --------- d-----w C:\Program Files\Alcohol Soft 2007-10-08 17:55 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\SlySoft 2007-10-08 16:40 --------- d-----w C:\Program Files\SlySoft 2007-10-08 15:39 --------- d-----w C:\Program Files\Common Files\cdrdao 2007-10-08 15:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 04:46 --------- d-----w C:\Program Files\ABC 2007-10-04 09:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 09:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 09:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 09:16 --------- d-----w C:\Program Files\Symantec 2007-09-25 09:56 737,280 ----a-w C:\WINDOWS\iun6002.exe 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{18BEC826-02D5-4AFC-BAA8-C06B7EAB8247}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{523B879B-62A5-4392-812E-C5C284AAAEB0}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\{8B10D43A-7FBF-4947-8390-C8AEA7B1A949}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{9107C27E-3342-4C64-870B-2A9833AF5EA8}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{E181FAE3-12E5-4654-8CB9-3D85D62C6E5F}.dat 2005-10-08 06:58 32 --sha-w C:\WINDOWS\{FF9E27A5-0ED2-4D8F-B439-23DF433F51F3}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{4BE1F716-C1DB-473A-AF35-DF7BF40B97BC}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{5C486995-454D-49E0-AB83-DCFEE9493C6A}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{64E1E082-BD47-4A27-9249-CAF1E0BCEC51}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{800FBB96-2302-4899-9281-E5075BBA36DD}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{E7870D69-EE94-4DB9-8072-6DDBCBF01D05}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\system32\{ED529549-8B17-4BB0-A251-7996E420AC9B}.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-04_14.58.25.49 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-04 19:50:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-04 23:03:58 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-12-04 19:50:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-12-04 23:03:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-12-04 19:50:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-04 23:03:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-12-04 19:56:35 4,593 --sha-w C:\WINDOWS\system32\mmf.sys + 2007-12-04 22:58:59 4,593 --sha-w C:\WINDOWS\system32\mmf.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 13:34] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk] path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer] 2002-08-29 05:41 91136 --a------ C:\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4] 1999-11-18 18:12 24650 --a------ C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 -ra------ C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 --a------ C:\WINDOWS\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-01-23 14:42 196608 --a------ C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys R3 Ausbflt;Ausbflt;C:\WINDOWS\System32\Drivers\Ausbflt.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\System32\drivers\atibtcap.sys S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\System32\drivers\atibtxbr.sys S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\System32\drivers\ativtutw.sys S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\System32\drivers\ativxstw.sys S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\System32\DRIVERS\GcKernel.sys S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}] C:\WINDOWS\System32\msnvl.exe . Contents of the 'Scheduled Tasks' folder "2007-12-04 22:23:13 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 18:07:04 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 18:09:06 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 14:59 . --- E O F --- |
|
|
|
|
12-04-2007, 05:36 PM
|
#13 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Tuesday, December 04, 2007 8:33:07 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/12/2007 Kaspersky Anti-Virus database records: 472667 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ G:\ Scan Statistics: Total number of scanned objects: 113474 Number of viruses found: 3 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 01:51:07 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\cert8.db Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\flashgot.log Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\history.dat Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\key3.db Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\parent.lock Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\search.sqlite Object is locked skipped C:\Documents and Settings\Michael Bottella\Application Data\Mozilla\Firefox\Profiles\m700altq.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Michael Bottella\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Mozilla\Firefox\Profiles\m700altq.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Mozilla\Firefox\Profiles\m700altq.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Mozilla\Firefox\Profiles\m700altq.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Application Data\Mozilla\Firefox\Profiles\m700altq.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Temp\~DFC21A.tmp Object is locked skipped C:\Documents and Settings\Michael Bottella\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michael Bottella\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Michael Bottella\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071204-175900.log Object is locked skipped C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\clbcatexu.2.vir Infected: Trojan.Win32.BHO.abm skipped C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\hobiowbn.dat.vir Object is locked skipped C:\qoobox\Quarantine\catchme2007-12-04_145714.67.zip/hobiowbn.dat Infected: Rootkit.Win32.Agent.pk skipped C:\qoobox\Quarantine\catchme2007-12-04_145714.67.zip/clbcatexu.dll Infected: Trojan.Win32.BHO.abo skipped C:\qoobox\Quarantine\catchme2007-12-04_145714.67.zip ZIP: infected - 2 skipped C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped C:\System Volume Information\_restore{F6C9F65D-7983-4B96-91F0-05709AC61B12}\RP3\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\mmf.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
12-04-2007, 05:36 PM
|
#14 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:24 PM, on 12/4/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186686942690 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186686931264 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9919 bytes |
|
|
|
|
12-04-2007, 10:28 PM
|
#15 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
so far I haven't seen any of the funky messages in my system tray. I haven't used IE to browse google and see if I get the redirect though. Am I going to be able to delete all the logs and stuff when I'm done and reinstall my Creative software?
|
|
|
|
|
12-05-2007, 06:04 AM
|
#16 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,530
OS: XP
|
Re: search-daily.com
Hello again
Please update your Service Pack to SP2,you can download SP2 from Here if you have any trouble trying to download SP2 you can order the CD version.Stay off the internet as much as possible until SP2 is installed as you leave yourself open to re-infection. After installing SP2 run Hijackthis. As for Creative software if you wish to reinstall that after i have given you the all clear that is your decision. ================================================== Logs Required Hijackthis log |
|
|
|
|
12-05-2007, 07:28 AM
|
#17 (permalink) | |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Quote:
Last edited by Michael Wayne; 12-05-2007 at 07:33 AM. |
|
|
|
|
|
12-05-2007, 09:16 AM
|
#19 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,530
OS: XP
|
Re: search-daily.com
Quote:
Visit Microsoft update page(if you have not done so already) and obtain the latest fixes. http://windowsupdate.microsoft.com/ You could also try Belarc Advisor which builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. http://www.belarc.com/free_download.html Let me know how you get on. |
|
|
|
|
|
12-05-2007, 12:28 PM
|
#20 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
okay... Ran the software, downloaded the microsoft updates, security patches, and hotfixes that I needed. I attempted to download SP2 and it almost completed installation, and then I received an error message "access denied". Would you like me to generate a new hijack this log?
Last edited by Michael Wayne; 12-05-2007 at 12:29 PM. |
|
|
|
| Thread Tools | |
|
|
