Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page ads1.revenue.net
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 01-18-2009, 01:10 AM   #1 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


ads1.revenue.net
hello

i've recently been getting popups from ads1.revenue.net and have tried multiple times to remove it using spybot s&d and adaware. based on researching, i see that this is not enough to get rid of this malicious spyware. any help would be greatly appreciated.

============================================


DDS (Ver_09-01-07.01) - NTFSx86
Run by User at 2:57:39.76 on Sun 01/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1580 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\sppoolsv.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [svcshare] c:\windows\system32\drivers\sppoolsv.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\oqxtwadm.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-11-27 22784]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R4 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-1-16 941784]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-18 24652]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2008-9-4 587588]

=============== Created Last 30 ================

2009-01-16 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WebcamMax
2009-01-16 18:37 <DIR> --d----- c:\docume~1\user\applic~1\Webcammax
2009-01-16 18:37 941,784 a------- c:\windows\system32\drivers\CAMTHWDM.sys
2009-01-16 18:37 <DIR> --d----- c:\program files\WebcamMax
2009-01-16 18:08 <DIR> --d----- c:\docume~1\user\applic~1\ooVoo Details
2009-01-16 18:07 <DIR> --d----- c:\program files\oovooToolbar
2009-01-16 18:07 <DIR> --d----- c:\docume~1\user\applic~1\oovooToolbar
2009-01-16 18:07 <DIR> --d----- c:\program files\ooVoo

==================== Find3M ====================

2009-01-18 02:13 9 ---shr-- c:\program files\Desktop_.ini
2008-12-19 00:39 136,888 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-19 00:39 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2007-12-04 23:10 22,328 a------- c:\docume~1\user\applic~1\PnkBstrK.sys
2007-01-23 22:52 28,981 a--shr-- c:\windows\system32\drivers\sppoolsv.exe
2008-07-19 17:17 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-07-19 17:17 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-07-19 17:17 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 2:57:45.70 ===============
Attached Files
File Type: zip Attach.zip (2.4 KB, 3 views)
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-18-2009, 06:33 PM   #2 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Hello, xie3ix
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt Report
  1. Please download OTViewIt by OldTimer.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

BillyIII
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 01:20 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
Hey Billy,

Thank you for your help and your quick response. Just for your information as well, I have been receiving a critical error message from Windows ever since my original post. I don't know if that has been due to my attempts to clean up my computer or if it's because of the spyware. Either way, I have downloaded the program you asked for and here are the logs:

OTViewIt logfile created on: 1/19/2009 3:15:59 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.09% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 91.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 48.83 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
[2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
[2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2008/12/17 02:55:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/08/02 16:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services ==========

[2008/03/11 08:14:54 | 00,941,784 | ---- | M] () -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys -- (CAMTHWDM [Auto | Running])
[2006/09/05 04:04:38 | 01,419,968 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32 [On_Demand | Running])
[2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/11/04 21:19:36 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 16:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2007/10/04 17:14:00 | 06,854,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 03:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/09/29 23:52:20 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/09/29 23:52:22 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/20 02:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2001/05/02 13:35:32 | 00,587,588 | ---- | M] (Xirlink, Inc) -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-8087-36EE87E26986} (HKLM) -- C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-8087-36EE87E26986}" (HKLM) -- C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}" (HKLM) -- C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}" (HKLM) -- C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd File not found
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"oovoo.exe"=C:\Program Files\ooVoo\oovoo.exe /minimized (ooVoo)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe ()

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"oovoo.exe"=C:\Program Files\ooVoo\oovoo.exe /minimized (ooVoo)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe ()

========== (O4) Startup Folders ==========

[2008/09/26 02:18:12 | 24,096,981 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab -- Reg Error: Key does not exist or could not be opened.
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=67633 -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/...oUploader5.cab -- Facebook Photo Uploader 5
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{31435657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/downlo...8f/wvc1dmo.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/wind...?1196109557322 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab -- Java Plug-in 1.6.0_03
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get.../ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03

========== (O17) DNS Name Servers ==========

{204F822B-BC41-4C5D-BC32-7A31E4805436} (Servers: | Description: )
{24A29D96-1EF4-4B91-BACB-5B68F2F710D9} (Servers: | Description: 1394 Net Adapter)
{52AE25A2-7D48-477A-AE01-250B67DF4293} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- CLSID or file not found.

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/11/26 13:13:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[AutoRun] | OPEN=setup.exe | shellexecute=setup.exe | shell\Auto\command=setup.exe | ]
[2008/07/26 07:56:23 | 00,000,081 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\Auto\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/01/19 03:15:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 03:02:17 | 00,002,501 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/18 02:59:25 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/18 02:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\ETRemover
[2009/01/16 18:37:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2009/01/16 18:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Webcammax
[2009/01/16 18:37:29 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:37:13 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/01/16 18:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\WebcamMax
[2009/01/16 18:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ooVoo Details
[2009/01/16 18:07:58 | 00,000,000 | ---D | C] -- C:\Program Files\oovooToolbar
[2009/01/16 18:07:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\oovooToolbar
[2009/01/16 18:07:56 | 00,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 18:07:56 | 00,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2009/01/16 01:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Viewpoint
[2009/01/14 04:31:07 | 17,825,7920 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/09 19:28:35 | 17,842,1010 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/02 00:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Burn After Reading 2008 BDRip H264 ACC-SecretMyth (Kingdom-Release)

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 14:22:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/18 14:21:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/18 03:02:17 | 00,002,501 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/18 02:12:24 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/17 01:19:59 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/17 00:52:02 | 00,000,429 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2009/01/16 18:37:29 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:12:07 | 00,019,024 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/16 18:07:56 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 04:50:13 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/16 04:47:32 | 02,640,648 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/01/14 05:01:07 | 17,825,7920 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/13 01:12:28 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 19:56:05 | 17,842,1010 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/08 15:14:48 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 00:17:26 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\eugenechangresume.doc
< End of report >


============================================

OTViewIt Extras logfile created on: 1/19/2009 3:15:59 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.09% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 91.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 48.83 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2009/01/13 01:12:59 | 00,086,077 | ---- | M] (Valve) -- C:\Program Files\Steam\steamapps\ygcrew93@msn.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2006/10/18 20:30:18 | 00,087,552 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/12/19 00:39:11 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/20 14:43:00 | 03,330,048 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 08:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 17:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}"=AnswerWorks 4.0 Runtime - English
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}"=Razer DeathAdder(TM) Mouse
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}"=ooVoo
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"AOL Instant Messenger"=AOL Instant Messenger
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"Dropbox"=Dropbox
"Generic 6501 Sound"=C-Media 6501 Sound
"GoldWave v5.20"=GoldWave v5.20
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"KOIELangPack"=Korean Language Support
"mIRC"=mIRC
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"oovooToolbar"=ooVoo Toolbar
"PowerISO"=PowerISO
"Steam App 10"=Counter-Strike
"Steam App 240"=Counter-Strike: Source
"TurboTax Basic 2007"=TurboTax Basic 2007
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebcamMax"=WebcamMax
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2008 12:03:19 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5694, fault address 0x001209f8.

Error - 12/12/2008 7:15:51 AM | Computer Name = E3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 11:54:32 PM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.0.20, faulting module
teatimer.exe, version 1.6.0.20, fault address 0x000e4418.

Error - 1/16/2009 2:45:48 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is4.exe, version 12.0.0.49974, faulting module
_is4.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:53 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is5.exe, version 12.0.0.49974, faulting module
_is5.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:55 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is7.exe, version 12.0.0.49974, faulting module
_is7.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 5:33:39 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is107.exe, version 12.0.0.49974, faulting module
_is107.exe, version 12.0.0.49974, fault address 0x0001e48b.

[ System Events ]
Error - 1/18/2009 3:33:19 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/18/2009 3:33:19 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/18/2009 3:33:19 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/18/2009 3:33:19 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SCDEmu Tcpip

Error - 1/18/2009 3:35:36 AM | Computer Name = E3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/18/2009 3:38:01 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 1/18/2009 9:30:35 AM | Computer Name = E3 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b66ff7f3, parameter3
b601610c, parameter4 00000000.

Error - 1/18/2009 9:30:58 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 1/18/2009 3:23:12 PM | Computer Name = E3 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b66ff7f3, parameter3
b688d10c, parameter4 00000000.

Error - 1/18/2009 9:15:10 PM | Computer Name = E3 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'Desktop_.ini' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.


< End of report >
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 11:59 AM   #4 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Hello, xie3ix
We need to disable SpyBot Search and Destroy's "Tea Timer"
  1. Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
  2. On the left hand side, click on Tools, then click on the Resident Icon in the list.
  3. Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  4. Click on the "System Startup" icon in the List
  5. Uncheck the "TeaTimer" box and "OK" any prompts.
  6. If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  7. Exit/Close Spybot S&D when done.

We need to upload a file for further inspection
  1. Please go to this page.
  2. Where it asks for the "Link to where the file was requested" copy and paste in
    Code:
    http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/336043-ads1-revenue-net.html
  3. Where it says "Browse to the file you want to submit", browse to
    Code:
    C:\Program Files\Dropbox\Dropbox.exe
  4. Press the button.

We need to execute an OTMoveIt3 script
  1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
  2. Double click the icon on your desktop.
  3. Paste the following code under the area. Do not include the word "Code".
    Code:
    :files
c:\docume~1\user\applic~1\ooVoo Details
c:\program files\oovooToolbar
c:\docume~1\user\applic~1\oovooToolbar
c:\program files\ooVoo
C:\WINDOWS\system32\drivers\sppoolsv.exe
:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-8087-36EE87E26986}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}"=-
[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oovoo.exe"=-
"svcshare"=-
[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oovoo.exe"=-
"svcshare"=-
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com]
[-HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"=-
[-HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]
:commands
[EmptyTemp]
  4. Push the large button.
  5. OTMI3 may ask to reboot the machine. Please do so if asked.
  6. Copy/Paste the contents under the line here in your next reply.
  7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  5. Select your Language: "Multi-Language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Click on the link to download Windows Offline Installation and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button.
  13. Follow the onscreen instructions for the Java uninstaller.
  14. Repeat as many times as necessary to remove each Java version.
  15. Reboot your computer once all Java components are removed.
  16. Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  17. Follow the on screen instructions to install the latest Java version.

I would like us to use ESET (NOD32)'s Online Scanner
  1. Please go to ESET OnlineScan (NOD32)
  2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  3. Now click Start
  4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  5. Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  7. Press Scan
  8. The Onlinescan will now start and scan your pc (this could take a while)
  9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  11. The Scanresults will now open in Notepad
  12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
  13. Right-click again and chose "Copy" (or <Control>+C)
  14. Close/Exit Notepad
  15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

BillyIII
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 12:55 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
I can't seem to find the "Teatimer" checkbox that you're referring to in the Spybot S&D System Startup. All I see are checkboxes for programs that are run at startup. Please let me know if I should just continue on or wait for something else.

Thanks again.
Last edited by xie3ix; 01-19-2009 at 12:58 PM.
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 03:35 PM   #6 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
I'm sorry.. I wrote those instructions some time ago... apparently newer Spybot s have different instructions.

Until I get nice instructions, is there a systray icon for it where you can disable it?

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 03:50 PM   #7 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
I don't see anything on the systray icon. I'll be looking for your next instructions. Thanks
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 04:33 PM   #8 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Here are some nice instructions :)

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 11:17 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
Hey Billy,

Here are the logs:

========== FILES ==========
c:\docume~1\user\applic~1\ooVoo Details\Users\xie3ix moved successfully.
c:\docume~1\user\applic~1\ooVoo Details\Users moved successfully.
c:\docume~1\user\applic~1\ooVoo Details\Cache moved successfully.
c:\docume~1\user\applic~1\ooVoo Details moved successfully.
c:\program files\oovooToolbar moved successfully.
c:\docume~1\user\applic~1\oovooToolbar moved successfully.
c:\program files\ooVoo\languages\zh_CN moved successfully.
c:\program files\ooVoo\languages\tr_tr moved successfully.
c:\program files\ooVoo\languages\ru_RU moved successfully.
c:\program files\ooVoo\languages\pt_PT moved successfully.
c:\program files\ooVoo\languages\pl_pl moved successfully.
c:\program files\ooVoo\languages\ko_KR moved successfully.
c:\program files\ooVoo\languages\ja_JP moved successfully.
c:\program files\ooVoo\languages\it_IT moved successfully.
c:\program files\ooVoo\languages\he_IL moved successfully.
c:\program files\ooVoo\languages\fr_FR moved successfully.
c:\program files\ooVoo\languages\es_ES moved successfully.
c:\program files\ooVoo\languages\en_US moved successfully.
c:\program files\ooVoo\languages\de_DE moved successfully.
c:\program files\ooVoo\languages\bg_bg moved successfully.
c:\program files\ooVoo\languages\ar_sa moved successfully.
c:\program files\ooVoo\languages moved successfully.
c:\program files\ooVoo moved successfully.
C:\WINDOWS\system32\drivers\sppoolsv.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{A057A204-BACC-4D26-8087-36EE87E26986} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8087-36EE87E26986} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8087-36EE87E26986} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\C6501Sound deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oovoo.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svcshare deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oovoo.exe not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svcshare not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_0Wg1gaZeTyXAnozDX3Wx scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\0FD2977Ad01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_235521

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_0Wg1gaZeTyXAnozDX3Wx not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\0FD2977Ad01 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\XUL.mfl moved successfully.

================================

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3779 (20090119)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=41148a6336d1584183e41df988e7c461
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-20 05:56:43
# local_time=2009-01-20 12:56:43 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=173152
# found=4
# scan_time=1512
C:\autorun.inf Win32/Fujacks.O virus (unable to clean - deleted) 00000000000000000000000000000000
C:\setup.exe a variant of Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\User\My Documents\My Music\iTunes\iTunes Music\Rihanna - Good Girl Gone Bad Reloaded (2008)\08-rihanna-sell_me_candy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) FDD1373309A6B395AAF4295DEABF44A2
C:\_OTMoveIt\MovedFiles\01192009_235521\WINDOWS\system32\drivers\sppoolsv.exe a variant of Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000

==================================

OTViewIt logfile created on: 1/20/2009 1:00:59 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.15% Memory free
3.85 Gb Paging File | 2.07 Gb Available in Paging File | 53.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.28 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
[2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2009/01/20 00:21:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/17 02:55:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/08/02 16:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2009/01/20 00:21:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2008/03/11 08:14:54 | 00,941,784 | ---- | M] () -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys -- (CAMTHWDM [Auto | Running])
[2006/09/05 04:04:38 | 01,419,968 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32 [On_Demand | Running])
[2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/11/04 21:19:36 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 16:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2007/10/04 17:14:00 | 06,854,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 03:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/09/29 23:52:20 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/09/29 23:52:22 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/20 02:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2001/05/02 13:35:32 | 00,587,588 | ---- | M] (Xirlink, Inc) -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe File not found

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe File not found

========== (O4) Startup Folders ==========

[2008/09/26 02:18:12 | 24,096,981 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab -- Reg Error: Key does not exist or could not be opened.
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=67633 -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/...oUploader5.cab -- Facebook Photo Uploader 5
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{31435657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/downlo...8f/wvc1dmo.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/wind...?1196109557322 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get.../ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{204F822B-BC41-4C5D-BC32-7A31E4805436} (Servers: | Description: )
{24A29D96-1EF4-4B91-BACB-5B68F2F710D9} (Servers: | Description: 1394 Net Adapter)
{52AE25A2-7D48-477A-AE01-250B67DF4293} (Servers: | Description: NVIDIA nForce Networking Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/11/26 13:13:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\Auto\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/01/20 00:28:50 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/19 23:55:21 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/19 23:54:23 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2009/01/19 03:15:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 03:02:17 | 00,002,501 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/18 02:59:25 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/18 02:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\ETRemover
[2009/01/16 18:37:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2009/01/16 18:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Webcammax
[2009/01/16 18:37:29 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:37:13 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/01/16 18:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\WebcamMax
[2009/01/16 18:07:56 | 00,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 01:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Viewpoint
[2009/01/14 04:31:07 | 17,825,7920 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/09 19:28:35 | 17,842,1010 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/02 00:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Burn After Reading 2008 BDRip H264 ACC-SecretMyth (Kingdom-Release)

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/01/19 23:58:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/19 23:58:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/19 23:54:23 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2009/01/19 21:58:51 | 00,000,429 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2009/01/19 18:09:26 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/19 17:41:18 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 03:02:17 | 00,002,501 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/16 18:37:29 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:12:07 | 00,019,024 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/16 18:07:56 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 04:50:13 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/16 04:47:32 | 02,640,648 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/01/14 05:01:07 | 17,825,7920 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/13 01:12:28 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 19:56:05 | 17,842,1010 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/08 15:14:48 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 00:17:26 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\eugenechangresume.doc
< End of report >

=================================

OTViewIt Extras logfile created on: 1/20/2009 1:00:59 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.15% Memory free
3.85 Gb Paging File | 2.07 Gb Available in Paging File | 53.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.28 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2009/01/13 01:12:59 | 00,086,077 | ---- | M] (Valve) -- C:\Program Files\Steam\steamapps\ygcrew93@msn.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2006/10/18 20:30:18 | 00,087,552 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/12/19 00:39:11 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/20 14:43:00 | 03,330,048 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 08:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 17:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}"=AnswerWorks 4.0 Runtime - English
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}"=Razer DeathAdder(TM) Mouse
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}"=ooVoo
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"AOL Instant Messenger"=AOL Instant Messenger
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"Dropbox"=Dropbox
"EsetOnlineScanner"=ESET Online Scanner
"Generic 6501 Sound"=C-Media 6501 Sound
"GoldWave v5.20"=GoldWave v5.20
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"KOIELangPack"=Korean Language Support
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"oovooToolbar"=ooVoo Toolbar
"PowerISO"=PowerISO
"Steam App 10"=Counter-Strike
"Steam App 240"=Counter-Strike: Source
"TurboTax Basic 2007"=TurboTax Basic 2007
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebcamMax"=WebcamMax
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2008 12:03:19 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5694, fault address 0x001209f8.

Error - 12/12/2008 7:15:51 AM | Computer Name = E3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 11:54:32 PM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.0.20, faulting module
teatimer.exe, version 1.6.0.20, fault address 0x000e4418.

Error - 1/16/2009 2:45:48 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is4.exe, version 12.0.0.49974, faulting module
_is4.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:53 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is5.exe, version 12.0.0.49974, faulting module
_is5.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:55 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is7.exe, version 12.0.0.49974, faulting module
_is7.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 5:33:39 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is107.exe, version 12.0.0.49974, faulting module
_is107.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/19/2009 11:09:36 PM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is307.exe, version 12.0.0.49974, faulting module
_is307.exe, version 12.0.0.49974, fault address 0x0001e48b.

[ System Events ]
Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2009, 11:18 PM   #10 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
Hey Billy,

Here are the logs:

========== FILES ==========
c:\docume~1\user\applic~1\ooVoo Details\Users\xie3ix moved successfully.
c:\docume~1\user\applic~1\ooVoo Details\Users moved successfully.
c:\docume~1\user\applic~1\ooVoo Details\Cache moved successfully.
c:\docume~1\user\applic~1\ooVoo Details moved successfully.
c:\program files\oovooToolbar moved successfully.
c:\docume~1\user\applic~1\oovooToolbar moved successfully.
c:\program files\ooVoo\languages\zh_CN moved successfully.
c:\program files\ooVoo\languages\tr_tr moved successfully.
c:\program files\ooVoo\languages\ru_RU moved successfully.
c:\program files\ooVoo\languages\pt_PT moved successfully.
c:\program files\ooVoo\languages\pl_pl moved successfully.
c:\program files\ooVoo\languages\ko_KR moved successfully.
c:\program files\ooVoo\languages\ja_JP moved successfully.
c:\program files\ooVoo\languages\it_IT moved successfully.
c:\program files\ooVoo\languages\he_IL moved successfully.
c:\program files\ooVoo\languages\fr_FR moved successfully.
c:\program files\ooVoo\languages\es_ES moved successfully.
c:\program files\ooVoo\languages\en_US moved successfully.
c:\program files\ooVoo\languages\de_DE moved successfully.
c:\program files\ooVoo\languages\bg_bg moved successfully.
c:\program files\ooVoo\languages\ar_sa moved successfully.
c:\program files\ooVoo\languages moved successfully.
c:\program files\ooVoo moved successfully.
C:\WINDOWS\system32\drivers\sppoolsv.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{A057A204-BACC-4D26-8087-36EE87E26986} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8087-36EE87E26986} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8087-36EE87E26986} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\C6501Sound deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oovoo.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svcshare deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oovoo.exe not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svcshare not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_0Wg1gaZeTyXAnozDX3Wx scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\0FD2977Ad01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_235521

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_0Wg1gaZeTyXAnozDX3Wx not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\0FD2977Ad01 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\oqxtwadm.default\XUL.mfl moved successfully.

================================

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3779 (20090119)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=41148a6336d1584183e41df988e7c461
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-20 05:56:43
# local_time=2009-01-20 12:56:43 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=173152
# found=4
# scan_time=1512
C:\autorun.inf Win32/Fujacks.O virus (unable to clean - deleted) 00000000000000000000000000000000
C:\setup.exe a variant of Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\User\My Documents\My Music\iTunes\iTunes Music\Rihanna - Good Girl Gone Bad Reloaded (2008)\08-rihanna-sell_me_candy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) FDD1373309A6B395AAF4295DEABF44A2
C:\_OTMoveIt\MovedFiles\01192009_235521\WINDOWS\system32\drivers\sppoolsv.exe a variant of Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000

==================================

OTViewIt logfile created on: 1/20/2009 1:00:59 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.15% Memory free
3.85 Gb Paging File | 2.07 Gb Available in Paging File | 53.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.28 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
[2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2009/01/20 00:21:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/17 02:55:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/10/04 17:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/08/02 16:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2009/01/20 00:21:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2008/03/11 08:14:54 | 00,941,784 | ---- | M] () -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys -- (CAMTHWDM [Auto | Running])
[2006/09/05 04:04:38 | 01,419,968 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32 [On_Demand | Running])
[2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/11/04 21:19:36 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 16:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2007/10/04 17:14:00 | 06,854,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 03:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/09/29 23:52:20 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/09/29 23:52:22 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/20 02:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2001/05/02 13:35:32 | 00,587,588 | ---- | M] (Xirlink, Inc) -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe File not found

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"svcshare"=C:\WINDOWS\system32\drivers\sppoolsv.exe File not found

========== (O4) Startup Folders ==========

[2008/09/26 02:18:12 | 24,096,981 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/26 2054 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuStatusBar [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\MenuText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 17:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab -- Reg Error: Key does not exist or could not be opened.
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=67633 -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/...oUploader5.cab -- Facebook Photo Uploader 5
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{31435657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/downlo...8f/wvc1dmo.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/wind...?1196109557322 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get.../ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{204F822B-BC41-4C5D-BC32-7A31E4805436} (Servers: | Description: )
{24A29D96-1EF4-4B91-BACB-5B68F2F710D9} (Servers: | Description: 1394 Net Adapter)
{52AE25A2-7D48-477A-AE01-250B67DF4293} (Servers: | Description: NVIDIA nForce Networking Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/11/26 13:13:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\Auto\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e2918d-5873-11dd-b755-001bfc317fdf}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/01/20 00:28:50 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/19 23:55:21 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/19 23:54:23 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2009/01/19 03:15:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 03:02:17 | 00,002,501 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/18 02:59:25 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/18 02:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\ETRemover
[2009/01/16 18:37:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2009/01/16 18:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Webcammax
[2009/01/16 18:37:29 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:37:13 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/01/16 18:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\WebcamMax
[2009/01/16 18:07:56 | 00,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 01:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Viewpoint
[2009/01/14 04:31:07 | 17,825,7920 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/09 19:28:35 | 17,842,1010 | ---- | C] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/02 00:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Burn After Reading 2008 BDRip H264 ACC-SecretMyth (Kingdom-Release)

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/01/19 23:58:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/19 23:58:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/19 23:54:23 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2009/01/19 21:58:51 | 00,000,429 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2009/01/19 18:09:26 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/19 17:41:18 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/19 03:15:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/01/18 03:02:17 | 00,002,501 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip
[2009/01/18 02:59:26 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/18 02:59:25 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/18 02:59:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/18 02:59:25 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/16 18:37:29 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebcamMax.lnk
[2009/01/16 18:12:07 | 00,019,024 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/16 18:07:56 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2009/01/16 04:50:13 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/16 04:47:32 | 02,640,648 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/01/14 05:01:07 | 17,825,7920 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Bleach_202_[66E986B7].avi
[2009/01/13 01:12:28 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/09 19:56:05 | 17,842,1010 | ---- | M] () -- C:\Documents and Settings\User\Desktop\[DB]_Naruto_Shippuuden_091_[DD96793B].avi
[2009/01/08 15:14:48 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 00:17:26 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\eugenechangresume.doc
< End of report >

=================================

OTViewIt Extras logfile created on: 1/20/2009 1:00:59 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.15% Memory free
3.85 Gb Paging File | 2.07 Gb Available in Paging File | 53.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.28 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E3
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2009/01/13 01:12:59 | 00,086,077 | ---- | M] (Valve) -- C:\Program Files\Steam\steamapps\ygcrew93@msn.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2006/10/18 20:30:18 | 00,087,552 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
[2007/12/05 03:25:43 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/12/19 00:39:11 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/20 14:43:00 | 03,330,048 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 21:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 08:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 17:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}"=AnswerWorks 4.0 Runtime - English
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}"=Razer DeathAdder(TM) Mouse
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}"=ooVoo
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"AOL Instant Messenger"=AOL Instant Messenger
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"Dropbox"=Dropbox
"EsetOnlineScanner"=ESET Online Scanner
"Generic 6501 Sound"=C-Media 6501 Sound
"GoldWave v5.20"=GoldWave v5.20
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"KOIELangPack"=Korean Language Support
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"oovooToolbar"=ooVoo Toolbar
"PowerISO"=PowerISO
"Steam App 10"=Counter-Strike
"Steam App 240"=Counter-Strike: Source
"TurboTax Basic 2007"=TurboTax Basic 2007
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebcamMax"=WebcamMax
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker"=Absolute Poker
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2008 12:03:19 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5694, fault address 0x001209f8.

Error - 12/12/2008 7:15:51 AM | Computer Name = E3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 11:54:32 PM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.0.20, faulting module
teatimer.exe, version 1.6.0.20, fault address 0x000e4418.

Error - 1/16/2009 2:45:48 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is4.exe, version 12.0.0.49974, faulting module
_is4.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:53 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is5.exe, version 12.0.0.49974, faulting module
_is5.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 2:45:55 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is7.exe, version 12.0.0.49974, faulting module
_is7.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/16/2009 5:33:39 AM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is107.exe, version 12.0.0.49974, faulting module
_is107.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 1/19/2009 11:09:36 PM | Computer Name = E3 | Source = Application Error | ID = 1000
Description = Faulting application _is307.exe, version 12.0.0.49974, faulting module
_is307.exe, version 12.0.0.49974, fault address 0x0001e48b.

[ System Events ]
Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 1:20:33 AM | Computer Name = E3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-20-2009, 02:23 PM   #11 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
That looks much better :)

How are things running?

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-20-2009, 03:48 PM   #12 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
I'm still getting those popups from ads1.revenue.net and along with some other ones now whenever I use Firefox.
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2009, 11:54 AM   #13 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Hello, xie3ix
We need to scan for Rootkits with GMER
  1. Please download GMER from one of the following mirrors:
  2. Close any and all open programs, as this process may crash your computer.
  3. Unzip the downloaded file to your desktop.
  4. Double click on your desktop.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see this window. If you do, click No.
  7. Click on and wait for the scan to finish.
  8. If you see a rootkit warning window, click OK.
  9. Push and save the logfile to your desktop.
  10. Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:
  • GMER's Log

BillyIII
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2009, 03:55 PM   #14 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
The log didn't have anything on it. The popups seem to come up only on certain websites (although they aren't part of the site). When they do popup, it's always like 4-5 of the same ones that come out at the same time.

Also, my Firefox is very laggy compared to my IE. This seemed to start when we first started doing the changes. Any idea about that?
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2009, 03:58 PM   #15 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Gmer should still have produced a log. Do you have it?

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2009, 04:04 PM   #16 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
I let the whole thing scan and then clicked save like you told me to. It pretty much saved a blank notepad document. Should I try it again?
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2009, 06:31 PM   #17 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
If gmer ran correctly ran, it should still produce a file with a version number and an end of file marker. If it had a problem,than the log will be completely blank. The first log you posted was completely blank. I need to see the file in order to determine if there is a problem with gmer running, or if it legitimately didn't find anything of merit.
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2009, 09:44 PM   #18 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
I ran it again and followed your directions. It came up with another blank notepad. I'll attach it so you can see both for yourself. I don't know what I'm doing wrong.

Actually, I'm trying to upload the logs but the site keeps telling me that the upload has failed for both of them. Either way, there's nothing to look at on the documents. It doesn't show a version number or end of file marker.
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2009, 09:57 PM   #19 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: ads1.revenue.net
Hello, xie3ix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-22-2009, 11:38 PM   #20 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 13
OS: xp service pack 3


Re: ads1.revenue.net
Hey

I had to break it up into two parts since it was so big. Here you go:

ComboFix 09-01-21.04 - User 2009-01-23 0:59:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1628 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\ar_sa\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\bg_bg\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\de_DE\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\en_US\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\es_ES\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\fr_FR\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\he_IL\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\it_IT\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\ja_JP\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\ko_KR\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\pl_pl\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\pt_PT\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\ru_RU\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\tr_tr\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\ooVoo\languages\zh_CN\Desktop_.ini
c:\_otmoveit\MovedFiles\01192009_235521\program files\oovooToolbar\Desktop_.ini
c:\config.msi\Desktop_.ini
c:\documents and settings\User\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\User\Local Settings\Temporary Internet Files\ijjistarter2.exe
c:\downloads\Desktop_.ini
c:\downloads\Software\Desktop_.ini
c:\ijji\Desktop_.ini
c:\ijji\ENGLISH\Desktop_.ini
c:\logs\Desktop_.ini
c:\nvidia\Desktop_.ini
c:\nvidia\Win2k\163.75\Desktop_.ini
c:\nvidia\Win2k\163.75\English\Desktop_.ini
c:\nvidia\Win2k\Desktop_.ini
c:\program files\_uninstallation_info\Absolute Poker\Desktop_.ini
c:\program files\_uninstallation_info\Desktop_.ini
c:\program files\Absolute Poker\data\Desktop_.ini
c:\program files\Absolute Poker\Desktop_.ini
c:\program files\Absolute Poker\HandHistory\Desktop_.ini
c:\program files\Absolute Poker\HandHistory\LILPENNY\Desktop_.ini
c:\program files\Absolute Poker\HandHistory\XIE3IX\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Docs\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Docs\images\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\main\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\main\save\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\main\video\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\miles\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Mods\DAMN\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Mods\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\Mods\ModWarfare\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\dll\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\scrnshot\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\svlogs\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\pb\svss\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\E3\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\E3\mods\DAMN\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\E3\mods\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\E3\save\autosave\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\players\profiles\E3\save\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\zone\Desktop_.ini
c:\program files\Activision\Call of Duty 4 - Modern Warfare\zone\english\Desktop_.ini
c:\program files\Activision\Desktop_.ini
c:\program files\Adobe\Adobe Help Viewer\1.0\Desktop_.ini
c:\program files\Adobe\Adobe Help Viewer\1.0\Resources\Desktop_.ini
c:\program files\Adobe\Adobe Help Viewer\1.0\Resources\en\Desktop_.ini
c:\program files\Adobe\Adobe Help Viewer\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Microsoft.VC80.CRT\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Microsoft.VC80.MFC\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Microsoft.VC80.MFC\Microsoft.VC80.MFCLOC\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Modules\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\moxplugins\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\moxplugins\Microsoft.VC80.CRT\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\de\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\de\help\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\de\help\images\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\en\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\en\help\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\en\help\images\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\fr\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\fr\help\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\Resources\fr\help\images\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\autoviewer.lrwebengine\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_flash.lrwebengine\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_flash.lrwebengine\resources\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_flash.lrwebengine\resources\javascript\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_flash.lrwebengine\resources\localization\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_flash.lrwebengine\styles\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_html.lrwebengine\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_html.lrwebengine\resources\css\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_html.lrwebengine\resources\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_html.lrwebengine\resources\js\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\default_html.lrwebengine\resources\misc\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\postcardviewer.lrwebengine\Desktop_.ini
c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\shared\webengines\simpleviewer.lrwebengine\Desktop_.ini
c:\program files\Adobe\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Esl\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\adobe_epic\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\adobe_epic\eula\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\adobe_epic\eula\en_US\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\AIR\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\AMT\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\BeyondReader\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Browser\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\HowTo\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\HowTo\ENU\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\IDTemplates\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\IDTemplates\ENU\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Javascripts\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Legal\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Legal\en_US\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Optional\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\PMP\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\ENU\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\en_US\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins3d\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\plug_ins3d\prc\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\SPPlugins\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Reader\Tracker\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\CMap\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Font\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Font\PFM\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Linguistics\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Linguistics\LanguageNames\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81300000003}\Desktop_.ini
c:\program files\Adobe\Reader 8.0\Setup Files\Desktop_.ini
c:\program files\Ahead\CoverDesigner\Desktop_.ini
c:\program files\Ahead\CoverDesigner\LSTemplates\Desktop_.ini
c:\program files\Ahead\CoverDesigner\Templates\Desktop_.ini
c:\program files\Ahead\Desktop_.ini
c:\program files\Ahead\ImageDrive\Desktop_.ini
c:\program files\Ahead\Nero BackItUp\Desktop_.ini
c:\program files\Ahead\Nero SoundTrax\Desktop_.ini
c:\program files\Ahead\Nero StartSmart\Desktop_.ini
c:\program files\Ahead\Nero Toolkit\Desktop_.ini
c:\program files\Ahead\Nero Wave Editor\Desktop_.ini
c:\program files\Ahead\Nero Wave Editor\Presets\Desktop_.ini
c:\program files\Ahead\Nero\CDI\Desktop_.ini
c:\program files\Ahead\Nero\Desktop_.ini
c:\program files\Ahead\Nero\Uninstall\Desktop_.ini
c:\program files\Ahead\WMPBurn\Desktop_.ini
c:\program files\AIM\Desktop_.ini
c:\program files\AIM\Resources\Desktop_.ini
c:\program files\AIM\Sounds\Desktop_.ini
c:\program files\AIM\Sysfiles\Desktop_.ini
c:\program files\AIM6\Desktop_.ini
c:\program files\AIM6\services\addressBook\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_1_1\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_1_1\resources\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_1_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_2_1\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_2_1\resources\Desktop_.ini
c:\program files\AIM6\services\addressBook\ver1_10_2_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\content\addressCard\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\content\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\content\dialogs\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\content\gadgets\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\content\people_picker\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\resources\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\theme\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\theme\helixStyles\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_28_1\theme\standAloneStyles\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\content\addressCard\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\content\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\content\dialogs\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\content\gadgets\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\content\people_picker\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\resources\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\theme\Desktop_.ini
c:\program files\AIM6\services\addressBookApp\ver1_1_6_3\theme\images\Desktop_.ini
c:\program files\AIM6\services\addressBookPrint\Desktop_.ini
c:\program files\AIM6\services\addressBookPrint\ver1_4_5_1\Desktop_.ini
c:\program files\AIM6\services\addressBookPrint\ver1_4_5_1\resources\Desktop_.ini
c:\program files\AIM6\services\addressBookPrint\ver1_4_5_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\aolHelpBox\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\core\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\dialog\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\editorPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\extrasPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\inputPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\listPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\menuPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\tabPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\content\windowingPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\resources\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\DarkTwisty\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\FontToolbar\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\InputFields\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\SuperTwisty\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\TabScroll\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\aolHelpBox\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\core\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\dialog\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\editorPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\extrasPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\inputPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\listPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\menuPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\tabPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\content\windowingPack\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\resources\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\DarkTwisty\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\FontToolbar\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\InputFields\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\SuperTwisty\Desktop_.ini
c:\program files\AIM6\services\aimToolkit\ver6_8_15_1\theme\images\TabScroll\Desktop_.ini
c:\program files\AIM6\services\bfts\Desktop_.ini
c:\program files\AIM6\services\bfts\ver2_14_6_6\Desktop_.ini
c:\program files\AIM6\services\bfts\ver2_14_6_6\resources\Desktop_.ini
c:\program files\AIM6\services\bfts\ver2_14_6_6\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver2_5_5_1\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver2_5_5_1\resources\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver2_5_5_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver3_1_3_4\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver3_1_3_4\resources\Desktop_.ini
c:\program files\AIM6\services\boxelyrenderer\ver3_1_3_4\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\aolHelpBox\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\core\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\dialog\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\editorPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\extrasPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\inputPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\listPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\menuPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\tabPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\content\windowingPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\resources\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\DarkTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\FontToolbar\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\InputFields\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\SuperTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_4_5_1\theme\images\TabScroll\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\aolHelpBox\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\core\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\dialog\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\editorPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\extrasPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\inputPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\listPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\menuPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\tabPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\windowingPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\de-DE\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\he-IL\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\DarkTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\FontToolbar\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\InputFields\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\SuperTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\TabScroll\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\aolHelpBox\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\core\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\dialog\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\editorPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\extrasPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\inputPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\listPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\menuPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\tabPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\content\windowingPack\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\resources\de-DE\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\resources\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\resources\he-IL\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\DarkTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\FontToolbar\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\InputFields\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\SuperTwisty\Desktop_.ini
c:\program files\AIM6\services\boxelyToolkit\ver3_1_3_4\theme\images\TabScroll\Desktop_.ini
c:\program files\AIM6\services\compression\Desktop_.ini
c:\program files\AIM6\services\compression\ver3_1_2_1\Desktop_.ini
c:\program files\AIM6\services\Desktop_.ini
c:\program files\AIM6\services\htmlRenderer\Desktop_.ini
c:\program files\AIM6\services\htmlRenderer\ver2_0_6_1\Desktop_.ini
c:\program files\AIM6\services\http\Desktop_.ini
c:\program files\AIM6\services\http\ver2_8_8_1\Desktop_.ini
c:\program files\AIM6\services\http\ver2_8_9_1\Desktop_.ini
c:\program files\AIM6\services\imApp\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\ab\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\about\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\bl\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\gadgets\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\im\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\imSpam\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\logViewer\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\picshare\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\plaxo\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\plugin\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\prefs\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\signon\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\content\toaster\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\resources\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\blackChrome\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\blackChrome\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\chocolate\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\chocolate\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\gold\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\gold\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\gray\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\gray\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\green\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\green\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\images\plaxo\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\lightBlue\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\lightBlue\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\navy\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\navy\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\olive\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\olive\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\pink\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\pink\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\purple\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_5_9_1\theme\purple\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\ab\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\about\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\aimBrowser\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\bl\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\gadgets\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\im\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\imSpam\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\logViewer\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\picshare\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\plaxo\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\plugin\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\pluginManager\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\prefs\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\signon\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\content\toaster\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\resources\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\blackChrome\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\blackChrome\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\chocolate\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\chocolate\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\gold\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\gold\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\gray\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\gray\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\green\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\green\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\images\plaxo\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\lightBlue\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\lightBlue\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\navy\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\navy\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\olive\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\olive\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\pink\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\pink\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\purple\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\theme\purple\images\Desktop_.ini
c:\program files\AIM6\services\imApp\ver6_8_15_1\uiplugins_staging\Desktop_.ini
c:\program files\AIM6\services\localStorage\Desktop_.ini
c:\program files\AIM6\services\localStorage\ver7_3_2_1\Desktop_.ini
c:\program files\AIM6\services\miniXML\Desktop_.ini
c:\program files\AIM6\services\miniXML\ver1_6_1_2\Desktop_.ini
c:\program files\AIM6\services\notification\Desktop_.ini
c:\program files\AIM6\services\notification\ver6_4_1_1\Desktop_.ini
c:\program files\AIM6\services\os\Desktop_.ini
c:\program files\AIM6\services\os\ver5_2_1_1\Desktop_.ini
c:\program files\AIM6\services\osInfo\Desktop_.ini
c:\program files\AIM6\services\osInfo\ver1_2_2_1\Desktop_.ini
c:\program files\AIM6\services\preferences\Desktop_.ini
c:\program files\AIM6\services\preferences\ver5_2_1_1\Desktop_.ini
c:\program files\AIM6\services\security\Desktop_.ini
c:\program files\AIM6\services\security\ver4_0_5_1\Desktop_.ini
c:\program files\AIM6\services\softwareUpdate\Desktop_.ini
c:\program files\AIM6\services\softwareUpdate\ver2_14_11_12\Desktop_.ini
c:\program files\AIM6\services\softwareUpdate\ver2_14_11_12\resources\Desktop_.ini
c:\program files\AIM6\services\softwareUpdate\ver2_14_11_12\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\sync\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_2_1\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_2_1\resources\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_2_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_4_1\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_4_1\resources\Desktop_.ini
c:\program files\AIM6\services\sync\ver4_1_4_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\toaster\Desktop_.ini
c:\program files\AIM6\services\toaster\ver4_3_1_1\content\Desktop_.ini
c:\program files\AIM6\services\toaster\ver4_3_1_1\Desktop_.ini
c:\program files\AIM6\services\toaster\ver4_3_1_1\resources\Desktop_.ini
c:\program files\AIM6\services\toaster\ver4_3_1_1\resources\en-US\Desktop_.ini
c:\program files\AIM6\services\toaster\ver4_3_1_1\theme\Desktop_.ini
c:\program files\AIM6\services\urlData\Desktop_.ini
c:\program files\AIM6\services\urlData\ver1_6_1_1\Desktop_.ini
c:\program files\AIM6\services\urlDispatcher\Desktop_.ini
c:\program files\AIM6\services\urlDispatcher\ver4_3_4_1\Desktop_.ini
c:\program files\AIMTunes\Desktop_.ini
c:\program files\AIMTunes\Plugins\Desktop_.ini
c:\program files\AOD\aol\Desktop_.ini
c:\program files\AOD\Desktop_.ini
c:\program files\Apple Software Update\Desktop_.ini
c:\program files\Apple Software Update\plugins\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\de.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\es.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\fr.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\it.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\ja.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\ko.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\nl.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\AviSynth 2.5\Desktop_.ini
c:\program files\AviSynth 2.5\plugins\Desktop_.ini
c:\program files\BitComet\Desktop_.ini
c:\program files\BitComet\rules\Desktop_.ini
c:\program files\BitComet\share\Desktop_.ini
c:\program files\BitComet\tools\Desktop_.ini
c:\program files\BitComet\torrents\Desktop_.ini
c:\program files\BitTornado\Desktop_.ini
c:\program files\Bonjour\Desktop_.ini
c:\program files\C-Media 6501 Sound\Desktop_.ini
c:\program files\C-Media 6501 Sound\Driver\Desktop_.ini
c:\program files\Combined Community Codec Pack\Desktop_.ini
c:\program files\Combined Community Codec Pack\Filters\Desktop_.ini
c:\program files\Combined Community Codec Pack\Filters\FFDShow\Desktop_.ini
c:\program files\Combined Community Codec Pack\Filters\Haali\Desktop_.ini
c:\program files\Combined Community Codec Pack\MPC\Desktop_.ini
c:\program files\Combined Community Codec Pack\Zoom Player\Desktop_.ini
c:\program files\Combined Community Codec Pack\Zoom Player\DSFilters\Desktop_.ini
c:\program files\Combined Community Codec Pack\Zoom Player\Language\Desktop_.ini
c:\program files\CyberLink\Common\Desktop_.ini
c:\program files\CyberLink\Desktop_.ini
c:\program files\CyberLink\PowerDVD\Desktop_.ini
c:\program files\CyberLink\PowerDVD\Skins\Crystal\Desktop_.ini
c:\program files\CyberLink\PowerDVD\Skins\Desktop_.ini
c:\program files\CyberLink\PowerDVD\Skins\Neo\Desktop_.ini
c:\program files\CyberLink\PowerDVD\Skins\Oscar\Desktop_.ini
c:\program files\CyberLink\Shared Files\AudioFilter\Desktop_.ini
c:\program files\CyberLink\Shared Files\Desktop_.ini
c:\program files\CyberLink\Shared Files\NavFilter\Desktop_.ini
c:\program files\CyberLink\Shared Files\VideoFilter\Desktop_.ini
c:\program files\Desktop_.ini
c:\program files\DivX\Artwork\Desktop_.ini
c:\program files\DivX\AutoUpdate\Desktop_.ini
c:\program files\DivX\Desktop_.ini
c:\program files\DivX\DivX Codec\Desktop_.ini
c:\program files\DivX\DivX Content Uploader\Desktop_.ini
c:\program files\DivX\DivX Converter\Desktop_.ini
c:\program files\DivX\DivX Converter\Images\Desktop_.ini
c:\program files\DivX\DivX Converter\Microsoft.VC80.CRT\Desktop_.ini
c:\program files\DivX\DivX Converter\Microsoft.VC80.MFC\Desktop_.ini
c:\program files\DivX\DivX Player\Desktop_.ini
c:\program files\DivX\DivX Player\Microsoft.VC80.CRT\Desktop_.ini
c:\program files\DivX\DivX Player\Microsoft.VC80.MFC\Desktop_.ini
c:\program files\DivX\DivX Player\Skins\Desktop_.ini
c:\program files\DivX\DivX Web Player\Desktop_.ini
c:\program files\DivX\DivX Web Player\Microsoft.VC80.CRT\Desktop_.ini
c:\program files\DivX\DivX Web Player\Skins\Desktop_.ini
c:\program files\Dropbox\Desktop_.ini
c:\program files\EA SPORTS\Desktop_.ini
c:\program files\EA SPORTS\NBA Live 08\Desktop_.ini
c:\program files\EA SPORTS\NBA Live 08\sgsm\coach\Desktop_.ini
c:\program files\EA SPORTS\NBA Live 08\sgsm\Desktop_.ini
c:\program files\eRightSoft\Desktop_.ini
c:\program files\eRightSoft\SUPER\Desktop_.ini
c:\program files\eRightSoft\SUPER\OutPut\Desktop_.ini
c:\program files\ESEA\Desktop_.ini
c:\program files\ESEA\ESEA Client\Desktop_.ini
c:\program files\Frets on Fire\Desktop_.ini
c:\program files\Frets on Fire\OpenGL-3.0.0a4-py2.4.egg-info\Desktop_.ini
c:\program files\Garena\avatar\Desktop_.ini
c:\program files\Garena\Desktop_.ini
c:\program files\Garena\face\Desktop_.ini
c:\program files\Garena\GarenaTV\Desktop_.ini
c:\program files\Garena\Ladder\Desktop_.ini
c:\program files\Garena\Languages\Desktop_.ini
c:\program files\Garena\plugins\Desktop_.ini
c:\program files\Garena\plugins\Game\Desktop_.ini
c:\program files\Garena\plugins\UI\Desktop_.ini
c:\program files\Garena\Skin\Desktop_.ini
c:\program files\Garena\Skin\Flags\Desktop_.ini
c:\program files\Garena\sound\Desktop_.ini
c:\program files\Garena\user\7739207\Desktop_.ini
c:\program files\Garena\user\Desktop_.ini
c:\program files\GoldWave\Desktop_.ini
c:\program files\GoldWave\Effect\Desktop_.ini
c:\program files\GoldWave\File\Desktop_.ini
c:\program files\Hamachi\Desktop_.ini
c:\program files\IBM PC Camera\Album\Desktop_.ini
c:\program files\IBM PC Camera\Desktop_.ini
c:\program files\iPod\bin\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\da.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\de.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\en.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\es.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\fi.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\fr.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\it.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\ja.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\ko.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\nb.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\nl.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\pl.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\pt.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\pt_PT.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\ru.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\sv.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\iPod\bin\iPodService.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\iPod\Desktop_.ini
c:\program files\iTunes\CD Configuration\Desktop_.ini
c:\program files\iTunes\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\da.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\de.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\en.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\es.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fi.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\fr.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\it.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ja.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ko.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nb.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\nl.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pl.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\ru.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\sv.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\EQWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\GradientWindow.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\iPodSettings.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\MusicStoreBar.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\Placards.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\Ringtone.nib\Desktop_.ini
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\SetupAssistant.nib\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\da.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\de.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\en.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\es.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\fi.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\fr.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\it.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\ja.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\ko.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\nb.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\nl.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\pl.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\pt.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\pt_PT.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\ru.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\sv.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\iTunes\iTunesHelper.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\da.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\de.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\es.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\it.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\pt.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\Desktop_.ini
c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\Desktop_.ini
c:\program files\iTunes\Mozilla Plugins\Desktop_.ini
c:\program files\Java\Desktop_.ini
c:\program files\Java\jre1.6.0_03\Desktop_.ini
c:\program files\Java\jre1.6.0_03\lib\ext\Desktop_.ini
c:\program files\Lavasoft\Ad-Aware 2007\Desktop_.ini
c:\program files\Lavasoft\Ad-Aware 2007\Help\Desktop_.ini
c:\program files\Lavasoft\Ad-Aware 2007\Lang\Desktop_.ini
c:\program files\Lavasoft\Ad-Aware 2007\Registration\Desktop_.ini
c:\program files\Lavasoft\Ad-Aware 2007\Skin\Desktop_.ini
c:\program files\Lavasoft\Desktop_.ini
c:\program files\MagicISO\Desktop_.ini
c:\program files\Microsoft ActiveSync\Desktop_.ini
c:\program files\Microsoft Office\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\CAGCAT10\1033\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\CAGCAT10\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\OFFICE11\1033\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\OFFICE11\AUTOSHAP\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\OFFICE11\BULLETS\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\OFFICE11\Desktop_.ini
c:\program files\Microsoft Office\MEDIA\OFFICE11\LINES\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\1033\011\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\1033\BOTSTYLE\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\1033\DataServices\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\1033\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\ADDINS\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\CONVERT\1033\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\CONVERT\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\FORMS\1033\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\FORMS\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\HTML\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\Library\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\Migration\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\QUERIES\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\SAMPLES\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\STARTUP\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\XLATORS\Desktop_.ini
c:\program files\Microsoft Office\OFFICE11\XLSTART\Desktop_.ini
c:\program files\Microsoft Office\Templates\1033\Desktop_.ini
c:\program files\Microsoft Office\Templates\1033\FAX\Desktop_.ini
c:\program files\Microsoft Office\Templates\Desktop_.ini
c:\program files\Microsoft Office\Templates\Presentation Designs\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\de\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\es\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\fr\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\it\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\ja\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\ko\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\zh-Hans\Desktop_.ini
c:\program files\Microsoft Silverlight\2.0.30523.8\zh-Hant\Desktop_.ini
c:\program files\Microsoft Silverlight\Desktop_.ini
c:\program files\Microsoft.NET\Desktop_.ini
c:\program files\Microsoft.NET\Primary Interop Assemblies\Desktop_.ini
c:\program files\mIRC\Desktop_.ini
c:\program files\Mozilla Firefox\chrome\Desktop_.ini
c:\program files\Mozilla Firefox\components\Desktop_.ini
c:\program files\Mozilla Firefox\defaults\autoconfig\Desktop_.ini
c:\program files\Mozilla Firefox\defaults\Desktop_.ini
c:\program files\Mozilla Firefox\defaults\pref\Desktop_.ini
c:\program files\Mozilla Firefox\defaults\profile\chrome\Desktop_.ini
c:\program files\Mozilla Firefox\defaults\profile\Desktop_.ini
c:\program files\Mozilla Firefox\Desktop_.ini
c:\program files\Mozilla Firefox\dictionaries\Desktop_.ini
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Desktop_.ini
c:\program files\Mozilla Firefox\extensions\Desktop_.ini
c:\program files\Mozilla Firefox\greprefs\Desktop_.ini
c:\program files\Mozilla Firefox\modules\Desktop_.ini
c:\program files\Mozilla Firefox\plugins\Desktop_.ini
c:\program files\Mozilla Firefox\res\Desktop_.ini
c:\program files\Mozilla Firefox\res\dtd\Desktop_.ini
c:\program files\Mozilla Firefox\res\entityTables\Desktop_.ini
c:\program files\Mozilla Firefox\res\fonts\Desktop_.ini
c:\program files\Mozilla Firefox\res\html\Desktop_.ini
c:\program files\Mozilla Firefox\searchplugins\Desktop_.ini
c:\program files\Mozilla Firefox\uninstall\Desktop_.ini
c:\program files\MSN Gaming Zone\Desktop_.ini
c:\program files\OGPlanet\Desktop_.ini
c:\program files\Online Services\Desktop_.ini
c:\program files\PowerISO\Desktop_.ini
c:\program files\PowerISO\Lang\Desktop_.ini
c:\program files\PowerISO\Skins\Desktop_.ini
xie3ix is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:33 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85