« previous next »
Pages: [1]

Author Topic: unable to run any installer .exe  (Read 1129 times)

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« on: July 17, 2007, 09:35:30 PM »
here is the scan

Logfile of HijackThis v1.99.1
Scan saved at 10:35:02 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Andrew\Desktop\RumbleFighter-v0.80.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew\Desktop\Games\srobot2\srobot.exe
C:\Program Files\Silkroad\sro_client.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [winabc] rundll32.exe C:\DOCUME~1\Andrew\LOCALS~1\Temp\t.dll,abcLaunchEv
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.silkroadonline.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v6.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GrayPigeonServer - Unknown owner - C:\WINDOWS\system32\winlogin (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #1 on: July 17, 2007, 10:03:54 PM »
Can you see if you can run this file
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log that opens please

Or the log can also be found at C:\Combofix.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #2 on: July 17, 2007, 11:15:29 PM »
here is the log

"Andrew" - 2007-07-17 23:28:26 - ComboFix 07-07-14.6 - Service Pack 2  NTFS  


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

 

[color=\"blue\"]Infected copy of C:\WINDOWS\system32\winlogon.exe was found & disinfected
C:\_desktop.ini
C:\37c4c80b9be40e20192629a34c1f58ed\_desktop.ini
C:\as.txt
C:\ATI\_desktop.ini
C:\ATI\SUPPORT\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\ACE\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\BIN\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\Driver\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\Driver\2KXP_INF\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\Driver\2KXP_INF\B_35814\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\WDM_ALL\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\WDM_ALL\AVS_T200\_desktop.ini
C:\ATI\SUPPORT\6-9_xp-2k_dd_ccc_wdm_enu_35774\WDM_ALL\AVS_T200\XP\_desktop.ini
C:\Config.Msi\_desktop.ini
C:\DELL\_desktop.ini
C:\DELL\drivers\_desktop.ini
C:\DELL\drivers\R47822\_desktop.ini
C:\DELL\drivers\R47822\win2000\_desktop.ini
C:\DELL\drivers\R47822\win98se\_desktop.ini
C:\DELL\drivers\R47822\winme\_desktop.ini
C:\DELL\drivers\R47822\xp\_desktop.ini
C:\DELL\drivers\R52043\_desktop.ini
C:\DELL\drivers\R52043\Dos\_desktop.ini
C:\DELL\drivers\R52043\Unattend\_desktop.ini
C:\DELL\drivers\R52043\Unattend\Win2K\_desktop.ini
C:\DELL\drivers\R52043\Unattend\Win98\_desktop.ini
C:\DELL\drivers\R52043\Unattend\WinME\_desktop.ini
C:\DELL\drivers\R52043\Unattend\WinXP\_desktop.ini
C:\DELL\drivers\R52043\Win2K\_desktop.ini
C:\DELL\drivers\R52043\Win95\_desktop.ini
C:\DELL\drivers\R52043\Win98\_desktop.ini
C:\DELL\drivers\R52043\WinME\_desktop.ini
C:\DELL\drivers\R52043\WinXP\_desktop.ini
C:\DELL\drivers\R69382\_desktop.ini
C:\Documents and Settings\All Users\Documents\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists0348C06\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Videos\_desktop.ini
C:\Documents and Settings\Andrew\Application Data\Adobe\Bridge\Cache\Metadata\data\_desktop.ini
C:\Documents and Settings\Andrew\Application Data\Adobe\Bridge\Cache\Metadata\data\bridgedb\_desktop.ini
C:\Documents and Settings\Andrew\Application Data\Adobe\Bridge\Cache\Metadata\data\mysql\_desktop.ini
C:\Documents and Settings\Andrew\Application Data\Adobe\ImageReady\CS2\Settings\ImageReady Actions\_desktop.ini
C:\Documents and Settings\Andrew\Desktop\Games\ScreenShot\_desktop.ini
C:\Documents and Settings\Andrew\Desktop\Games\ScreenShot\New Folder\_desktop.ini
C:\Downloads\_desktop.ini
C:\Downloads\ksro\_desktop.ini
C:\Downloads\Macromedia Studio 8\_desktop.ini
C:\Downloads\New_Super_Mario_Bros_USA_NDS-pSyDS\_desktop.ini
C:\ijji\_desktop.ini
C:\ijji\ENGLISH\_desktop.ini
C:\ijji\ENGLISH\Gunz\_desktop.ini
C:\ijji\ENGLISH\Gunz\CUSTOM\_desktop.ini
C:\ijji\ENGLISH\Gunz\CUSTOM\CROSSHAIR\_desktop.ini
C:\ijji\ENGLISH\Gunz\GameGuard\_desktop.ini
C:\ijji\ENGLISH\Gunz\Interface\_desktop.ini
C:\ijji\ENGLISH\Gunz\Maps\_desktop.ini
C:\ijji\ENGLISH\Gunz\Model\_desktop.ini
C:\ijji\ENGLISH\Gunz\Model\NPC\_desktop.ini
C:\ijji\ENGLISH\Gunz\Quest\_desktop.ini
C:\ijji\ENGLISH\Gunz\Quest\Maps\_desktop.ini
C:\ijji\ENGLISH\Gunz\ReportError\_desktop.ini
C:\ijji\ENGLISH\Gunz\Shader\_desktop.ini
C:\ijji\ENGLISH\Gunz\Sound\_desktop.ini
C:\ijji\ENGLISH\U_KwonHoOnline\_desktop.ini
C:\ijji\ENGLISH\u_sf\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\area\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\clan\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\effect\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\force\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\lobby\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\menu\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\save\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\scr\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\screenshot\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\sound\_desktop.ini
C:\ijji\ENGLISH\u_sf\data\weapon\_desktop.ini
C:\ijji\ENGLISH\u_sf\GameGuard\_desktop.ini
C:\ijji\ENGLISH\u_sf\redist\_desktop.ini
C:\My Downloads\_desktop.ini
C:\My Photos\_desktop.ini
C:\My Photos\2006-12-27\_desktop.ini
C:\My Photos\2006-12-28\_desktop.ini
C:\My Photos\2006-12-31\_desktop.ini
C:\My Photos\2007-01-01\_desktop.ini
C:\My Photos\2007-01-03\_desktop.ini
C:\My Photos\2007-01-05\_desktop.ini
C:\MyWorks\_desktop.ini
C:\Program Files\_desktop.ini
C:\Program Files\Adaptec\_desktop.ini
C:\Program Files\Adaptec\Easy CD Creator 5\_desktop.ini
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\_desktop.ini
C:\Program Files\Adaptec\Easy CD Creator 5\Easy CD Creator\CreatorImages\_desktop.ini
C:\Program Files\Adobe\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Help\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Help\ENU\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\JavaScripts\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Legal\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Optional\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\InterTrust\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\SPPlugins\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\CMap\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\Font\_desktop.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\Font\PFM\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Activation\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Activation\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\browser\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\browser\classes\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\browser\defaults\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\browser\plugins\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\browser\skin\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\data\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\data\bridgedb\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\data\mysql\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\bridgedb\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\czech\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\danish\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\dutch\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\english\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\estonian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\french\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\german\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\greek\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\hungarian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\italian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\japanese\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\korean\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\norwegian-ny\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\norwegian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\polish\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\portuguese\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\romanian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\russian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\serbian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\solvak\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\spanish\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\swedish\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\ukrainian\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\ar_AE\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\cs_CZ\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\da_DK\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\de_DE\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\el_GR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\es_ES\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\fi_FI\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\fr_FR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\he_IL\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\hr_HR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\hu_HU\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\it_IT\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\ja_JP\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\ko_KR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\nl_NL\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\no_NO\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\pl_PL\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\pt_BR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\ro_RO\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\ru_RU\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\sl_SI\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\sv_SE\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\th_TH\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\tr_TR\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\vi_VN\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\zh_CN\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Legal\zh_TW\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Plug-Ins\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Presets\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Presets\color books\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\required\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Resources\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Resources\en\_customization\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Resources\en\_desktop.ini
C:\Program Files\Adobe\Adobe Bridge\Resources\en\_media\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\en_US\binary\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\en_US\binary\page\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\en_US\html\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\AdobeHelpCenter\1.0\en_US\html\page\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\DefaultProduct\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\DefaultProduct\1.0\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\DefaultProduct\1.0\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\1.0\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\1.0\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\en_US\binary\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\en_US\binary\page\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\en_US\html\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Cache\Photoshop\9.0\en_US\html\page\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Database\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Database\adobeassistance\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Packages\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Preferences\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\AdobeHelpData\Search\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\classes\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\defaults\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\plugins\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\acpo\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\cache4\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\images\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\keyboard\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\menu\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\mouse\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\sessions\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\Skin\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\profile\toolbar\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Browser\skin\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Required\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Required\help\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Required\help\en\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Required\help\en\images\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Required\help\images\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Resources\_desktop.ini
C:\Program Files\Adobe\Adobe Help Center\Resources\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\da_DK\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\de_DE\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\en_IE\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\es_ES\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\fi_FI\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\fr_FR\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\it_IT\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\ja_JP\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\ko_KR\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\nl_NL\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\no_NO\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\privacystatements\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\pt_BR\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\sv_SE\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\zh_CN\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Activation\zh_TW\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Help\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Help\additional how to content\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Help\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Help\Version_Cue\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Helpers\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Helpers\Jump To Graphics Editor\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Helpers\Jump To HTML Editor\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\da_dk\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\de_de\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\en_gb\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\en_us\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\es_es\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\fi_fi\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\fr_fr\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\it_it\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\ja_jp\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\ko_kr\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\nl_nl\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\no_no\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\pt_br\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\sv_se\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\zh_cn\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Legal\zh_tw\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe ImageReady Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe ImageReady Only\File Formats\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe ImageReady Only\Filters\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Extensions\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Extensions\Bigger Tiles\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\File Formats\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Filters\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Import-Export\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Digimarc\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Displacement Maps\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Effects\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Extensions\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Filters\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Filters\Lighting Styles\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Import-Export\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Parser\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Brushes\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Brushes\Adobe Photoshop Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Color Books\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Color Swatches\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Color Swatches\Adobe Photoshop Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Contours\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Custom Shapes\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Duotones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Duotones\Gray-Black Duotones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Duotones\PANTONE® Duotones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Duotones\Process Duotones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Quadtones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Quadtones\Gray Quadtones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Quadtones\PANTONE® Quadtones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\Quadtones\Process Quadtones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\TRITONE\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\TRITONE\Gray Tritones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\TRITONE\PANTONE® Tritones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Duotones\TRITONE\Process Tritones\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Gradients\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Keyboard Shortcuts\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Layouts\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Menu Customization\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Optimized Colors\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Optimized Output Settings\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Optimized Settings\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Patterns\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Patterns\Adobe ImageReady Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Patterns\PostScript Patterns\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Photoshop Actions\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Scripts\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Scripts\Event Scripts Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Styles\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Textures\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Tools\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Basic\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Basic\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Dotted Border - Black On White\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Dotted Border - Black On White\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Dotted Border - White on Black\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Dotted Border - White on Black\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Flash - Gallery 1\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Flash - Gallery 2\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Gray Thumbnails\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Gray Thumbnails\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal - Feedback\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal - Feedback\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Gray\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Gray\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Neutral\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Neutral\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Slideshow\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Horizontal Slideshow\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Thumbnail Table\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Thumbnail Table\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Simple\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table - Minimal\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table - Minimal\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table 1\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table 1\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table 2\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table 2\images\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Workspaces\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\ZoomView\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Required\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Required\ImageReady Default Actions\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\ImageReady Files\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Merge to HDR\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Photomerge\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Photomerge\Result\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\AppleScript\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\JavaScript\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\VBScript\_desktop.ini
C:\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Utilities\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\icons\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Resources\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Resources\en_US\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\FirstRun\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\ImgDetail\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\NavBar\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\Print\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\images\ShopCart\_desktop.ini
C:\Program Files\Adobe\Adobe Stock Photos\Template\stylesheets\_desktop.ini
C:\Program Files\Adobe\Adobe Utilities\_desktop.ini
C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\_desktop.ini
C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\Plug-Ins\_desktop.ini
C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\Required\_desktop.ini
C:\Program Files\Ahead\_desktop.ini
C:\Program Files\Ahead\CoverDesigner\_desktop.ini
C:\Program Files\Ahead\CoverDesigner\Templates\_desktop.ini
C:\Program Files\Ahead\InCD\_desktop.ini
C:\Program Files\Ahead\InCD\Temp\_desktop.ini
C:\Program Files\Ahead\Nero BackItUp\_desktop.ini
C:\Program Files\Ahead\Nero SoundTrax\_desktop.ini
C:\Program Files\Ahead\Nero StartSmart\_desktop.ini
C:\Program Files\Ahead\Nero Toolkit\_desktop.ini
C:\Program Files\Ahead\Nero Wave Editor\_desktop.ini
C:\Program Files\Ahead\Nero Wave Editor\Presets\_desktop.ini
C:\Program Files\Ahead\Nero\_desktop.ini
C:\Program Files\Ahead\Nero\CDI\_desktop.ini
C:\Program Files\Ahead\Nero\Uninstall\_desktop.ini
C:\Program Files\Ahead\WMPBurn\_desktop.ini
C:\Program Files\AsiaSoft\_desktop.ini
C:\Program Files\AsiaSoft\Common\_desktop.ini
C:\Program Files\AsiaSoft\KongKong\_desktop.ini
C:\Program Files\AsiaSoft\KongKong\data\_desktop.ini
C:\Program Files\AsiaSoft\KongKong\HShield\_desktop.ini
C:\Program Files\AsiaSoft\KongKong\TEMP\_desktop.ini
C:\Program Files\ATI Technologies\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\Data\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\images\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\scripts\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhdata\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhdata\common\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhdata\js\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhdata\js\search\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\images\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\html\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\images\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\private\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\scripts\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\html\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\private\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\scripts\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\js\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\js\html\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\js\images\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\js\private\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\js\scripts\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\skins\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\skins\ATI_Classic\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\skins\ATI_Crimson\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_SteelBlue\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\Welcome\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\Welcome\image\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\Welcome\images\_desktop.ini
C:\Program Files\ATI Technologies\ATI.ACE\Welcome\jpg\_desktop.ini
C:\Program Files\ATI Technologies\UninstallAll\_desktop.ini
C:\Program Files\Audible\_desktop.ini
C:\Program Files\Audible\Bin\_desktop.ini
C:\Program Files\Audible\Bin\Plugins\_desktop.ini
C:\Program Files\Audible\Bin\Plugins\Codec\_desktop.ini
C:\Program Files\Audible\Bin\Plugins\Device\_desktop.ini
C:\Program Files\Audible\Programs\_desktop.ini
C:\Program Files\Audible\Programs\Downloads\_desktop.ini
C:\Program Files\BitComet\_desktop.ini
C:\Program Files\BitComet\fav\_desktop.ini
C:\Program Files\BitComet\fav\ad\_desktop.ini
C:\Program Files\BitComet\lang\_desktop.ini
C:\Program Files\BitComet\rules\_desktop.ini
C:\Program Files\BitComet\scripts\_desktop.ini
C:\Program Files\BitComet\tools\_desktop.ini
C:\Program Files\BitComet\torrents\_desktop.ini
C:\Program Files\BitTorrent\_desktop.ini
C:\Program Files\BitTorrent\images\_desktop.ini
C:\Program Files\BitTorrent\images\flags\_desktop.ini
C:\Program Files\BitTorrent\images\logo\_desktop.ini
C:\Program Files\BitTorrent\images\themes\_desktop.ini
C:\Program Files\BitTorrent\images\themes\default\_desktop.ini
C:\Program Files\BitTorrent\images\themes\default\fileops\_desktop.ini
C:\Program Files\BitTorrent\images\themes\default\torrentops\_desktop.ini
C:\Program Files\BitTorrent\images\themes\default\torrentstate\_desktop.ini
C:\Program Files\CamStudio\_desktop.ini
C:\Program Files\CamStudio\controller\_desktop.ini
C:\Program Files\CamStudio\help_files\_desktop.ini
C:\Program Files\CamStudio\helpProducer_files\_desktop.ini
C:\Program Files\CIB\_desktop.ini
C:\Program Files\Creative Installation Information\_desktop.ini
C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\_desktop.ini
C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\_desktop.ini
C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\_desktop.ini
C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\_desktop.ini
C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\_desktop.ini
C:\Program Files\Creative\_desktop.ini
C:\Program Files\Creative\CD Ripping Wizard Unicode\_desktop.ini
C:\Program Files\Creative\Creative ZEN V Series\_desktop.ini
C:\Program Files\Creative\Creative ZEN V Series\Manual\_desktop.ini
C:\Program Files\Creative\Creative ZEN V Series\ZEN V Media Explorer\_desktop.ini
C:\Program Files\Creative\DiskManager\_desktop.ini
C:\Program Files\Creative\MediaSource5\_desktop.ini
C:\Program Files\Creative\MediaSource5\Help\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\Acupunch\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\Default\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\GM01\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\Icons\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\Micro\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\Mini\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\PlayCenter\_desktop.ini
C:\Program Files\Creative\MediaSource5\Theme\RB 002\_desktop.ini
C:\Program Files\Creative\Product Registration\_desktop.ini
C:\Program Files\Creative\Product Registration\English\_desktop.ini
C:\Program Files\Creative\SBLive\_desktop.ini
C:\Program Files\Creative\SBLive\Creative Mixer\_desktop.ini
C:\Program Files\Creative\SBLive\Diagnostics\_desktop.ini
C:\Program Files\Creative\SBLive\Diagnostics\Media\_desktop.ini
C:\Program Files\Creative\SBLive\Program\_desktop.ini
C:\Program Files\Creative\Shared Files\_desktop.ini
C:\Program Files\Creative\ShareDLL\_desktop.ini
C:\Program Files\Creative\ShareDLL\CADI\_desktop.ini
C:\Program Files\Creative\SmartFill Wizard\_desktop.ini
C:\Program Files\Creative\Support\_desktop.ini
C:\Program Files\Creative\Support\System Information\_desktop.ini
C:\Program Files\Creative\Sync Manager Unicode\_desktop.ini
C:\Program Files\Creative\Video Converter\_desktop.ini
C:\Program Files\Creative\ZENcast Organizer\_desktop.ini
C:\Program Files\CyberLink DVD Solution\_desktop.ini
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\_desktop.ini
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\Skin\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\OLRSubmission\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\Skins\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\Skins\Crystal\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\Skins\Neo\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerDVD\Skins\Oscar\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Cache\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\CHS\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\CHT\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\DEU\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\ESP\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\FRA\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\ITA\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\JPN\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\DVDPlayer\PDVD_RT\KOR\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\iPower\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Family\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Holiday\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (NTSC)\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Motion Style (PAL)\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Party\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Romance\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Audio\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Background\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Button\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Fontstyle\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Frame\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Highlight\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Layout\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\PCBG\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Sport\Text\_desktop.ini
C:\Program Files\CyberLink DVD Solution\PowerProducer\Menus\Vacation\_desktop.ini
C:\Program Files\CyberLink DVD Solution�
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #3 on: July 17, 2007, 11:25:32 PM »
This is a bad infection
but let's see what else we can find
I see you have both Norton's AntiVirus and AVG AV running
Can you decide which your happiest with and uninstall the other
Having more than one can and will cause conflicts and system instabilities

Reboot after removal of one or the other

Afterwards
Can you post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #4 on: July 17, 2007, 11:41:59 PM »
hmm i dont know which one to remove cause i dont see a difference byt my norton is a trial and expired so should i remove it ?
« Last Edit: July 17, 2007, 11:43:24 PM by khmer »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #5 on: July 17, 2007, 11:44:20 PM »
[quote name=\'khmer\' post=\'358821\' date=\'Jul 17 2007, 09:41 PM\']hmm i dont know which one to remove cause i dont see a difference byt my norton is a trial and expired so should i remove it ?[/quote]

Yes, remove it, it is probably infected anyways
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #6 on: July 18, 2007, 12:21:43 AM »
I probably won't see your new log from Hijackthis till the morning or after work
Off to bed soon

If you have trouble running Hijackthis, download the newest version from TrendMicro
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php
« Last Edit: July 18, 2007, 12:23:11 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #7 on: July 18, 2007, 10:35:52 AM »
sorry about taking so long to reply here is ther fresh log

Logfile of HijackThis v1.99.1
Scan saved at 11:34:06 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [winabc] rundll32.exe C:\DOCUME~1\Andrew\LOCALS~1\Temp\t.dll,abcLaunchEv
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.silkroadonline.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v6.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #8 on: July 18, 2007, 06:46:31 PM »
Let's see how many legit programs may be affected by this infection

Can you both the following
Download: CCleaner v1.40.520 - Slim from this link and install it
http://www.ccleaner.com/download/builds.aspx
Do Not run it yet

Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Do Not run it yet

Print the rest of these instructions or save them too a text file on desktop

Do a "System scan only" with Hijackthis and put a check next to this entry:

O4 - HKLM\..\Run: [winabc] rundll32.exe C:\DOCUME~1\Andrew\LOCALS~1\Temp\t.dll,abcLaunchEv


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
In safe mode do the following
Run CCleaner
Next: click Options click the Advanced button
Uncheck: "Only delete files in Windows temp folders older than 48 hrs."
NEXT: Click the Cleaner
Then click Run Cleaner (bottom right)
OK the prompt, when finished scanning, just exit the program

Remain in safe mode
Double click to run Dr.Web-cureit.exe from desktop
  • Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Reboot back to Normal windows

Post back the following

1. Post a fresh hijackthis log
2. Post the report from Dr.Web
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #9 on: July 18, 2007, 11:31:11 PM »
here is the fresh log

Logfile of HijackThis v1.99.1
Scan saved at 12:28:39 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.silkroadonline.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v6.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

the report from DrWeb is an excel file but here is what was in it

[font=\"Arial\"]
_desktop.ini;C:\Program Files\Scions of Fate\datas\NCSData\sky\ÇØ¿À¶ó±â;Win32.HLLW.Gavir.ini;Deleted.;[/size][/font]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #10 on: July 19, 2007, 08:20:44 AM »
Are you still having problems on your end running .exe's?

Can you do me a favor, run Combofix with the instructions I posted earlier and post the new log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #11 on: July 19, 2007, 12:02:23 PM »
fresh log

"Andrew" - 2007-07-19 12:50:21 - ComboFix 07-07-14.6 - Service Pack 2  NTFS  


(((((((((((((((((((((((((   Files Created from 2007-06-19 to 2007-07-19  )))))))))))))))))))))))))))))))


2007-07-18 21:53 <DIR> d-------- C:\DOCUME~1\Andrew\DoctorWeb
2007-07-18 21:49 <DIR> d-------- C:\Program Files\CCleaner
2007-07-17 23:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 21:28 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-17 21:27 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\HouseCall 6.6
2007-07-04 13:35 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\uTorrent
2007-07-04 00:44 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\Azureus
2007-07-04 00:43 <DIR> d-------- C:\Program Files\Azureus
2007-07-01 13:53 <DIR> d--h----- C:\DOCUME~1\Andrew\APPLIC~1\ijjigame
2007-06-30 21:21 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-30 20:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-30 18:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-30 18:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-29 18:42 <DIR> d-------- C:\Program Files\Silkroad
2007-06-23 11:00 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\DMCache


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 16:45:24 -------- d-----w C:\Program Files\Steam
2007-07-18 23:54:11 -------- d-----w C:\DOCUME~1\Andrew\APPLIC~1\Hamachi
2007-07-18 23:51:08 -------- d-----w C:\Program Files\Warcraft III
2007-07-18 05:33:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 05:32:39 -------- d-----w C:\Program Files\Symantec
2007-07-18 03:47:32 -------- d-----w C:\Program Files\Yahoo!
2007-07-18 03:47:31 -------- d-----w C:\Program Files\WIZET
2007-07-18 03:47:29 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-07-18 03:47:21 -------- d-----w C:\Program Files\Winamp
2007-07-18 03:46:54 -------- d-----w C:\Program Files\WarRock
2007-07-18 03:46:48 -------- d-----w C:\Program Files\VstPlugins
2007-07-18 03:46:48 -------- d-----w C:\Program Files\Visual Subst
2007-07-18 03:46:48 -------- d-----w C:\Program Files\Ventrilo
2007-07-18 03:46:47 -------- d-----w C:\Program Files\USB(CIF) Camera
2007-07-18 03:46:47 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-07-18 03:46:09 -------- d-----w C:\Program Files\Stardock
2007-07-18 03:46:04 -------- d-----w C:\Program Files\Sony Ericsson
2007-07-18 03:45:07 -------- d-----w C:\Program Files\Scions of Fate
2007-07-18 03:45:07 -------- d-----w C:\Program Files\Samsung
2007-07-18 03:45:05 -------- d-----w C:\Program Files\Rogers
2007-07-18 03:44:51 -------- d-----w C:\Program Files\Real
2007-07-18 03:43:48 -------- d-----w C:\Program Files\QuickTime
2007-07-18 03:43:41 -------- d-----w C:\Program Files\PokerStars
2007-07-18 03:43:37 -------- d-----w C:\Program Files\PartyGaming
2007-07-18 03:43:37 -------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-07-18 03:43:37 -------- d-----w C:\Program Files\Online Services
2007-07-18 03:43:36 -------- d-----w C:\Program Files\Norton AntiVirus
2007-07-18 03:43:32 -------- d-----w C:\Program Files\NewSoft
2007-07-18 03:43:25 -------- d-----w C:\Program Files\muvee Technologies
2007-07-18 03:43:25 -------- d-----w C:\Program Files\MSXML 4.0
2007-07-18 03:43:22 -------- d-----w C:\Program Files\MSN Messenger
2007-07-18 03:43:16 -------- d-----w C:\Program Files\Morpheus
2007-07-18 03:43:09 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-07-18 03:43:03 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-07-18 03:41:46 -------- d-----w C:\Program Files\Logitech
2007-07-18 03:41:45 -------- d-----w C:\Program Files\LimeWire
2007-07-18 03:41:44 -------- d-----w C:\Program Files\Lavasoft
2007-07-18 03:41:44 -------- d-----w C:\Program Files\Lame MP3 Codec
2007-07-18 03:41:43 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-07-18 03:41:26 -------- d-----w C:\Program Files\iTunes
2007-07-18 03:41:23 -------- d-----w C:\Program Files\iPod
2007-07-18 03:41:22 -------- d-----w C:\Program Files\Intel
2007-07-18 03:40:06 -------- d-----w C:\Program Files\Image-Line
2007-07-18 03:39:59 -------- d-----w C:\Program Files\HP
2007-07-18 03:39:56 -------- d-----w C:\Program Files\Hasbro Interactive
2007-07-18 03:39:56 -------- d-----w C:\Program Files\Hamachi
2007-07-18 03:39:56 -------- d-----w C:\Program Files\Guild Wars
2007-07-18 03:39:53 -------- d-----w C:\Program Files\Game Cam v1.4
2007-07-18 03:39:53 -------- d-----w C:\Program Files\FLVSplitter
2007-07-18 03:39:51 -------- d-----w C:\Program Files\DivX
2007-07-18 03:39:48 -------- d-----w C:\Program Files\Disc2Phone
2007-07-18 03:39:48 -------- d-----w C:\Program Files\Dell
2007-07-18 03:39:47 -------- d-----w C:\Program Files\DatPiff
2007-07-18 03:39:45 -------- d-----w C:\Program Files\DAP
2007-07-18 03:39:25 -------- d-----w C:\Program Files\CyberLink DVD Solution
2007-07-18 03:39:24 -------- d-----w C:\Program Files\CyberLink
2007-07-18 03:39:23 -------- d--h--w C:\Program Files\Creative Installation Information
2007-07-18 03:39:18 -------- d-----w C:\Program Files\Creative
2007-07-18 03:39:17 -------- d-----w C:\Program Files\CIB
2007-07-18 03:39:17 -------- d-----w C:\Program Files\CamStudio
2007-07-18 03:39:15 -------- d-----w C:\Program Files\BitTorrent
2007-07-18 03:39:14 -------- d-----w C:\Program Files\BitComet
2007-07-18 03:39:13 -------- d-----w C:\Program Files\Audible
2007-07-18 03:39:06 -------- d-----w C:\Program Files\ATI Technologies
2007-07-18 03:39:05 -------- d-----w C:\Program Files\AsiaSoft
2007-07-18 03:38:53 -------- d-----w C:\Program Files\Ahead
2007-07-18 03:37:59 -------- d-----w C:\Program Files\Adaptec
2007-07-15 03:17:45 -------- d-----w C:\Program Files\Sony
2007-07-09 12:16:34 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-06-20 04:12:04 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll
2007-06-20 04:12:04 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2007-06-20 04:11:56 362,312 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2007-06-20 04:01:36 479,744 ----a-w C:\WINDOWS\system32\kdfinj.dll
2007-06-13 19:50:17 43,152 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:24:32 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 19:24:13 2,155,520 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 19:07:26 2,922,208 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-06-13 18:57:21 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:46 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 18:36:45 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-06-09 19:07:15 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-07 15:31:26 65,536 --sh--r C:\WINDOWS\system32\WINLKEY.DLL
2007-06-07 15:31:04 698,880 --sh--r C:\WINDOWS\system32\winl.DLL


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-01-11 11:05 386624 --a------ C:\Program Files\BitComet\tools\BitCometBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 01:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 00:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-18 10:57]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-08 18:03]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-05-17 11:12]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 15:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 09:25]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-26 09:49]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2004-05-27 09:26]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 06:03]
"RHSI SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2006-11-06 15:15]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 08:20]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 18:08]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2006-11-06 12:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll --a------ 2006-10-10 18:53 135168 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2006-12-09 03:30:55  C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 12:57:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-19 13:00:24
C:\ComboFix-quarantined-files.txt ... 2007-07-19 13:00
C:\ComboFix2.txt ... 2007-07-18 00:07

 --- E O F ---
Logged

Offline khmer

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
unable to run any installer .exe
« Reply #12 on: July 19, 2007, 02:12:10 PM »
hey quest thanks for all the help my problem has been solved I am going to send in a donation
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #13 on: July 20, 2007, 11:23:24 PM »
Sorry for the delay, donation is appreciated  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Can you do the following
I want to check a couple files
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
C:\WINDOWS\system32\WINLKEY.DLL<-this file

Right click on the file,  and choose Select>>or double click on it
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Do the same for this file also
C:\WINDOWS\system32\winl.DLL
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
unable to run any installer .exe
« Reply #14 on: August 06, 2007, 11:55:19 AM »
As the original poster has not returned
And problems appear resolved
I'm locking this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »