54 replies to this topic

[Tomk]

OK... Let's take a completely different tack with this problem.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[eBayvictim]

will follow your instructions now.... I also found this error 87 problem in another thread on WTT, but the solution is complicated and involves removing leavings in the registry. I have not tried any of that.

[Tomk]

Yep... we're going to stir things around and see if we can clear it.

[eBayvictim]

OK I've got a log, should I post it? I was a little worried there for a few minutes Something called data pricegong was heavily there and deleted by combo fix

[Tomk]

Yes... please post.

Price gong is adware that you don't want.

[eBayvictim]

ComboFix 11-05-02.04 - Leonard Roe 05/03/2011 12:56:09.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.754 [GMT -4:00]
Running from: c:\documents and settings\Leonard Roe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Leonard Roe\Application Data\PriceGong
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Leonard Roe\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Leonard Roe\WINDOWS
c:\windows\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 09:08 . 2011-05-03 09:08 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBEDF015-71FB-435B-BA8A-063975879446}\MpKsl964b1d64.sys
2011-05-03 09:08 . 2011-04-11 04:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBEDF015-71FB-435B-BA8A-063975879446}\mpengine.dll
2011-05-01 01:04 . 2011-05-01 01:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 21:53 . 2011-04-21 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-04-21 07:00 . 2011-04-21 07:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-14 21:43 . 2011-04-14 21:43 -------- d-----w- c:\program files\WinPcap
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 04:04 . 2010-02-16 14:41 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2004-08-04 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 19:44 . 2009-04-22 07:28 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44 . 2008-07-31 22:17 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-03-04 19:44 . 2004-10-24 20:21 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44 . 2004-10-24 20:21 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 02:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-04 10:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2006-10-13 110592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R1 MpKsl3041a93a;MpKsl3041a93a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E755726A-C069-49D6-9102-042E646C7D63}\MpKsl3041a93a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E755726A-C069-49D6-9102-042E646C7D63}\MpKsl3041a93a.sys [?]
R1 MpKsl964b1d64;MpKsl964b1d64;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBEDF015-71FB-435B-BA8A-063975879446}\MpKsl964b1d64.sys [5/3/2011 5:08 AM 28752]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 2:19 PM 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [4/14/2011 5:42 PM 439632]
S1 MpKsl779adc92;MpKsl779adc92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7D51050-3BAC-47A8-8318-82FA9DC79E1B}\MpKsl779adc92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7D51050-3BAC-47A8-8318-82FA9DC79E1B}\MpKsl779adc92.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 8:56 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 C21ndisXP;Com21 USB Cable Modem;c:\windows\SYSTEM32\DRIVERS\C21ndisXP.sys [7/1/2005 12:56 PM 10368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 8:56 PM 136176]
S3 PD1030VID;Creative WebCam Pro;c:\windows\SYSTEM32\DRIVERS\p1030vid.sys [2/2/2005 2:28 AM 167673]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1BF638B1
*NewlyCreated* - MPKSL6EDBD276
*NewlyCreated* - MPKSL964B1D64
*Deregistered* - MpKsl1bf638b1
*Deregistered* - MpKsl6edbd276
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 00:56]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 00:56]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502690784-542892451-2706031008-1006Core.job
- c:\documents and settings\Leonard Roe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 17:37]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502690784-542892451-2706031008-1006UA.job
- c:\documents and settings\Leonard Roe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 17:37]
.
2010-09-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 17:51]
.
2010-09-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 17:43]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{8DD95D15-9132-4CA1-8998-B4F91695AF3E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Trusted Zone: auctiva.com\www
Trusted Zone: google.com\mail
Trusted Zone: hotmail.com
Trusted Zone: rubylane.com\www
FF - ProfilePath - c:\documents and settings\Leonard Roe\Application Data\Mozilla\Firefox\Profiles\62hh1b1j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 13:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1502690784-542892451-2706031008-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Ulead Systems\Ulead Photo Express My Custom Edition]
@DACL=(02 0000)
.
Completion time: 2011-05-03 13:08:14
ComboFix-quarantined-files.txt 2011-05-03 17:08
.
Pre-Run: 11,457,785,856 bytes free
Post-Run: 12,814,307,328 bytes free
.
- - End Of File - - CA155C2C7E575C550AE6057DEAA1174F

[Tomk]

eBayvictim,

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Folder::
  c:\program files\Common Files\Java
  c:\program files\Java
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  [-HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment]
  
  FireFox::
  FF - ProfilePath - c:\documents and settings\Leonard Roe\Application Data\Mozilla\Firefox\Profiles\62hh1b1j.default\
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
  FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
  
  Reglock::
  [HKEY_LOCAL_MACHINE\software\Ulead Systems\Ulead Photo Express My Custom Edition]

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[eBayvictim]

Holeeeee Crapoli!!!

I can't believe the number of files deleted.....wow

And I'm so careful ..... is this from the outdated Java? or maybe the couple of greasemonkey scripts I used?

Anyway....here's the second log:
_________________________

ComboFix 11-05-02.04 - Leonard Roe 05/03/2011 13:43:51.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.710 [GMT -4:00]
Running from: c:\documents and settings\Leonard Roe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leonard Roe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Java
c:\program files\Common Files\Java\Java Update\jaucheck.exe
c:\program files\Common Files\Java\Java Update\jaureg.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Java\Java Update\task.xml
c:\program files\Common Files\Java\Java Update\task64.xml
c:\program files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\other.zip
c:\program files\Java
c:\program files\Java\jre6\bin\awt.dll
c:\program files\Java\jre6\bin\axbridge.dll
c:\program files\Java\jre6\bin\client\classes.jsa
c:\program files\Java\jre6\bin\client\jvm.dll
c:\program files\Java\jre6\bin\client\Xusage.txt
c:\program files\Java\jre6\bin\cmm.dll
c:\program files\Java\jre6\bin\dcpr.dll
c:\program files\Java\jre6\bin\deploy.dll
c:\program files\Java\jre6\bin\deployJava1.dll
c:\program files\Java\jre6\bin\dt_shmem.dll
c:\program files\Java\jre6\bin\dt_socket.dll
c:\program files\Java\jre6\bin\fontmanager.dll
c:\program files\Java\jre6\bin\hpi.dll
c:\program files\Java\jre6\bin\hprof.dll
c:\program files\Java\jre6\bin\instrument.dll
c:\program files\Java\jre6\bin\ioser12.dll
c:\program files\Java\jre6\bin\j2pcsc.dll
c:\program files\Java\jre6\bin\j2pkcs11.dll
c:\program files\Java\jre6\bin\jaas_nt.dll
c:\program files\Java\jre6\bin\java-rmi.exe
c:\program files\Java\jre6\bin\java.dll
c:\program files\Java\jre6\bin\java.exe
c:\program files\Java\jre6\bin\java_crw_demo.dll
c:\program files\Java\jre6\bin\javacpl.cpl
c:\program files\Java\jre6\bin\javacpl.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Java\jre6\bin\javaws.exe
c:\program files\Java\jre6\bin\jawt.dll
c:\program files\Java\jre6\bin\jbroker.exe
c:\program files\Java\jre6\bin\JdbcOdbc.dll
c:\program files\Java\jre6\bin\jdwp.dll
c:\program files\Java\jre6\bin\jkernel.dll
c:\program files\Java\jre6\bin\jli.dll
c:\program files\Java\jre6\bin\jp2iexp.dll
c:\program files\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\jp2native.dll
c:\program files\Java\jre6\bin\jp2ssv.dll
c:\program files\Java\jre6\bin\jpeg.dll
c:\program files\Java\jre6\bin\jpicom.dll
c:\program files\Java\jre6\bin\jpiexp.dll
c:\program files\Java\jre6\bin\jpinscp.dll
c:\program files\Java\jre6\bin\jpioji.dll
c:\program files\Java\jre6\bin\jpishare.dll
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Java\jre6\bin\jqsnotify.exe
c:\program files\Java\jre6\bin\jsound.dll
c:\program files\Java\jre6\bin\jsoundds.dll
c:\program files\Java\jre6\bin\keytool.exe
c:\program files\Java\jre6\bin\kinit.exe
c:\program files\Java\jre6\bin\klist.exe
c:\program files\Java\jre6\bin\ktab.exe
c:\program files\Java\jre6\bin\management.dll
c:\program files\Java\jre6\bin\mlib_image.dll
c:\program files\Java\jre6\bin\msvcr71.dll
c:\program files\Java\jre6\bin\msvcrt.dll
c:\program files\Java\jre6\bin\net.dll
c:\program files\Java\jre6\bin\new_plugin\msvcr71.dll
c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
c:\program files\Java\jre6\bin\nio.dll
c:\program files\Java\jre6\bin\npdeployJava1.dll
c:\program files\Java\jre6\bin\npjpi160_20.dll
c:\program files\Java\jre6\bin\npoji610.dll
c:\program files\Java\jre6\bin\npt.dll
c:\program files\Java\jre6\bin\orbd.exe
c:\program files\Java\jre6\bin\pack200.exe
c:\program files\Java\jre6\bin\policytool.exe
c:\program files\Java\jre6\bin\regutils.dll
c:\program files\Java\jre6\bin\rmi.dll
c:\program files\Java\jre6\bin\rmid.exe
c:\program files\Java\jre6\bin\rmiregistry.exe
c:\program files\Java\jre6\bin\servertool.exe
c:\program files\Java\jre6\bin\splashscreen.dll
c:\program files\Java\jre6\bin\ssv.dll
c:\program files\Java\jre6\bin\ssvagent.exe
c:\program files\Java\jre6\bin\sunmscapi.dll
c:\program files\Java\jre6\bin\tnameserv.exe
c:\program files\Java\jre6\bin\unicows.dll
c:\program files\Java\jre6\bin\unpack.dll
c:\program files\Java\jre6\bin\unpack200.exe
c:\program files\Java\jre6\bin\verify.dll
c:\program files\Java\jre6\bin\w2k_lsa_auth.dll
c:\program files\Java\jre6\bin\wsdetect.dll
c:\program files\Java\jre6\bin\zip.dll
c:\program files\Java\jre6\COPYRIGHT
c:\program files\Java\jre6\lib\calendars.properties
c:\program files\Java\jre6\lib\charsets.jar
c:\program files\Java\jre6\lib\classlist
c:\program files\Java\jre6\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre6\lib\cmm\GRAY.pf
c:\program files\Java\jre6\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre6\lib\cmm\sRGB.pf
c:\program files\Java\jre6\lib\content-types.properties
c:\program files\Java\jre6\lib\deploy.jar
c:\program files\Java\jre6\lib\deploy\ffjcext.zip
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf
c:\program files\Java\jre6\lib\deploy\jqs\jqsmessages.properties
c:\program files\Java\jre6\lib\deploy\lzma.dll
c:\program files\Java\jre6\lib\deploy\messages.properties
c:\program files\Java\jre6\lib\deploy\messages_de.properties
c:\program files\Java\jre6\lib\deploy\messages_es.properties
c:\program files\Java\jre6\lib\deploy\messages_fr.properties
c:\program files\Java\jre6\lib\deploy\messages_it.properties
c:\program files\Java\jre6\lib\deploy\messages_ja.properties
c:\program files\Java\jre6\lib\deploy\messages_ko.properties
c:\program files\Java\jre6\lib\deploy\messages_sv.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_CN.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_HK.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_TW.properties
c:\program files\Java\jre6\lib\deploy\splash.gif
c:\program files\Java\jre6\lib\ext\dnsns.jar
c:\program files\Java\jre6\lib\ext\localedata.jar
c:\program files\Java\jre6\lib\ext\meta-index
c:\program files\Java\jre6\lib\ext\QTJava.zip
c:\program files\Java\jre6\lib\ext\sunjce_provider.jar
c:\program files\Java\jre6\lib\ext\sunmscapi.jar
c:\program files\Java\jre6\lib\ext\sunpkcs11.jar
c:\program files\Java\jre6\lib\flavormap.properties
c:\program files\Java\jre6\lib\fontconfig.98.bfc
c:\program files\Java\jre6\lib\fontconfig.98.properties.src
c:\program files\Java\jre6\lib\fontconfig.bfc
c:\program files\Java\jre6\lib\fontconfig.properties.src
c:\program files\Java\jre6\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre6\lib\i386\jvm.cfg
c:\program files\Java\jre6\lib\im\indicim.jar
c:\program files\Java\jre6\lib\im\thaiim.jar
c:\program files\Java\jre6\lib\images\cursors\cursors.properties
c:\program files\Java\jre6\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre6\lib\javaws.jar
c:\program files\Java\jre6\lib\jce.jar
c:\program files\Java\jre6\lib\jsse.jar
c:\program files\Java\jre6\lib\jvm.hprof.txt
c:\program files\Java\jre6\lib\logging.properties
c:\program files\Java\jre6\lib\management-agent.jar
c:\program files\Java\jre6\lib\management\jmxremote.access
c:\program files\Java\jre6\lib\management\jmxremote.password.template
c:\program files\Java\jre6\lib\management\management.properties
c:\program files\Java\jre6\lib\management\snmp.acl.template
c:\program files\Java\jre6\lib\meta-index
c:\program files\Java\jre6\lib\net.properties
c:\program files\Java\jre6\lib\plugin.jar
c:\program files\Java\jre6\lib\psfont.properties.ja
c:\program files\Java\jre6\lib\psfontj2d.properties
c:\program files\Java\jre6\lib\resources.jar
c:\program files\Java\jre6\lib\rt.jar
c:\program files\Java\jre6\lib\security\blacklist
c:\program files\Java\jre6\lib\security\cacerts
c:\program files\Java\jre6\lib\security\java.policy
c:\program files\Java\jre6\lib\security\java.security
c:\program files\Java\jre6\lib\security\javaws.policy
c:\program files\Java\jre6\lib\security\local_policy.jar
c:\program files\Java\jre6\lib\security\trusted.libraries
c:\program files\Java\jre6\lib\security\US_export_policy.jar
c:\program files\Java\jre6\lib\servicetag\jdk_header.png
c:\program files\Java\jre6\lib\servicetag\registration.xml
c:\program files\Java\jre6\lib\sound.properties
c:\program files\Java\jre6\lib\task.xml
c:\program files\Java\jre6\lib\task64.xml
c:\program files\Java\jre6\lib\tzmappings
c:\program files\Java\jre6\lib\zi\Africa\Abidjan
c:\program files\Java\jre6\lib\zi\Africa\Accra
c:\program files\Java\jre6\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre6\lib\zi\Africa\Algiers
c:\program files\Java\jre6\lib\zi\Africa\Asmara
c:\program files\Java\jre6\lib\zi\Africa\Bamako
c:\program files\Java\jre6\lib\zi\Africa\Bangui
c:\program files\Java\jre6\lib\zi\Africa\Banjul
c:\program files\Java\jre6\lib\zi\Africa\Bissau
c:\program files\Java\jre6\lib\zi\Africa\Blantyre
c:\program files\Java\jre6\lib\zi\Africa\Brazzaville
c:\program files\Java\jre6\lib\zi\Africa\Bujumbura
c:\program files\Java\jre6\lib\zi\Africa\Cairo
c:\program files\Java\jre6\lib\zi\Africa\Casablanca
c:\program files\Java\jre6\lib\zi\Africa\Ceuta
c:\program files\Java\jre6\lib\zi\Africa\Conakry
c:\program files\Java\jre6\lib\zi\Africa\Dakar
c:\program files\Java\jre6\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre6\lib\zi\Africa\Djibouti
c:\program files\Java\jre6\lib\zi\Africa\Douala
c:\program files\Java\jre6\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre6\lib\zi\Africa\Freetown
c:\program files\Java\jre6\lib\zi\Africa\Gaborone
c:\program files\Java\jre6\lib\zi\Africa\Harare
c:\program files\Java\jre6\lib\zi\Africa\Johannesburg
c:\program files\Java\jre6\lib\zi\Africa\Kampala
c:\program files\Java\jre6\lib\zi\Africa\Khartoum
c:\program files\Java\jre6\lib\zi\Africa\Kigali
c:\program files\Java\jre6\lib\zi\Africa\Kinshasa
c:\program files\Java\jre6\lib\zi\Africa\Lagos
c:\program files\Java\jre6\lib\zi\Africa\Libreville
c:\program files\Java\jre6\lib\zi\Africa\Lome
c:\program files\Java\jre6\lib\zi\Africa\Luanda
c:\program files\Java\jre6\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre6\lib\zi\Africa\Lusaka
c:\program files\Java\jre6\lib\zi\Africa\Malabo
c:\program files\Java\jre6\lib\zi\Africa\Maputo
c:\program files\Java\jre6\lib\zi\Africa\Maseru
c:\program files\Java\jre6\lib\zi\Africa\Mbabane
c:\program files\Java\jre6\lib\zi\Africa\Mogadishu
c:\program files\Java\jre6\lib\zi\Africa\Monrovia
c:\program files\Java\jre6\lib\zi\Africa\Nairobi
c:\program files\Java\jre6\lib\zi\Africa\Ndjamena
c:\program files\Java\jre6\lib\zi\Africa\Niamey
c:\program files\Java\jre6\lib\zi\Africa\Nouakchott
c:\program files\Java\jre6\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre6\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre6\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre6\lib\zi\Africa\Tripoli
c:\program files\Java\jre6\lib\zi\Africa\Tunis
c:\program files\Java\jre6\lib\zi\Africa\Windhoek
c:\program files\Java\jre6\lib\zi\America\Adak
c:\program files\Java\jre6\lib\zi\America\Anchorage
c:\program files\Java\jre6\lib\zi\America\Anguilla
c:\program files\Java\jre6\lib\zi\America\Antigua
c:\program files\Java\jre6\lib\zi\America\Araguaina
c:\program files\Java\jre6\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre6\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre6\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre6\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre6\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre6\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre6\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre6\lib\zi\America\Argentina\Salta
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Luis
c:\program files\Java\jre6\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre6\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre6\lib\zi\America\Aruba
c:\program files\Java\jre6\lib\zi\America\Asuncion
c:\program files\Java\jre6\lib\zi\America\Atikokan
c:\program files\Java\jre6\lib\zi\America\Bahia
c:\program files\Java\jre6\lib\zi\America\Barbados
c:\program files\Java\jre6\lib\zi\America\Belem
c:\program files\Java\jre6\lib\zi\America\Belize
c:\program files\Java\jre6\lib\zi\America\Blanc-Sablon
c:\program files\Java\jre6\lib\zi\America\Boa_Vista
c:\program files\Java\jre6\lib\zi\America\Bogota
c:\program files\Java\jre6\lib\zi\America\Boise
c:\program files\Java\jre6\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre6\lib\zi\America\Campo_Grande
c:\program files\Java\jre6\lib\zi\America\Cancun
c:\program files\Java\jre6\lib\zi\America\Caracas
c:\program files\Java\jre6\lib\zi\America\Cayenne
c:\program files\Java\jre6\lib\zi\America\Cayman
c:\program files\Java\jre6\lib\zi\America\Chicago
c:\program files\Java\jre6\lib\zi\America\Chihuahua
c:\program files\Java\jre6\lib\zi\America\Costa_Rica
c:\program files\Java\jre6\lib\zi\America\Cuiaba
c:\program files\Java\jre6\lib\zi\America\Curacao
c:\program files\Java\jre6\lib\zi\America\Danmarkshavn
c:\program files\Java\jre6\lib\zi\America\Dawson
c:\program files\Java\jre6\lib\zi\America\Dawson_Creek
c:\program files\Java\jre6\lib\zi\America\Denver
c:\program files\Java\jre6\lib\zi\America\Detroit
c:\program files\Java\jre6\lib\zi\America\Dominica
c:\program files\Java\jre6\lib\zi\America\Edmonton
c:\program files\Java\jre6\lib\zi\America\Eirunepe
c:\program files\Java\jre6\lib\zi\America\El_Salvador
c:\program files\Java\jre6\lib\zi\America\Fortaleza
c:\program files\Java\jre6\lib\zi\America\Glace_Bay
c:\program files\Java\jre6\lib\zi\America\Godthab
c:\program files\Java\jre6\lib\zi\America\Goose_Bay
c:\program files\Java\jre6\lib\zi\America\Grand_Turk
c:\program files\Java\jre6\lib\zi\America\Grenada
c:\program files\Java\jre6\lib\zi\America\Guadeloupe
c:\program files\Java\jre6\lib\zi\America\Guatemala
c:\program files\Java\jre6\lib\zi\America\Guayaquil
c:\program files\Java\jre6\lib\zi\America\Guyana
c:\program files\Java\jre6\lib\zi\America\Halifax
c:\program files\Java\jre6\lib\zi\America\Havana
c:\program files\Java\jre6\lib\zi\America\Hermosillo
c:\program files\Java\jre6\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre6\lib\zi\America\Indiana\Knox
c:\program files\Java\jre6\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre6\lib\zi\America\Indiana\Petersburg
c:\program files\Java\jre6\lib\zi\America\Indiana\Tell_City
c:\program files\Java\jre6\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre6\lib\zi\America\Indiana\Vincennes
c:\program files\Java\jre6\lib\zi\America\Indiana\Winamac
c:\program files\Java\jre6\lib\zi\America\Inuvik
c:\program files\Java\jre6\lib\zi\America\Iqaluit
c:\program files\Java\jre6\lib\zi\America\Jamaica
c:\program files\Java\jre6\lib\zi\America\Juneau
c:\program files\Java\jre6\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre6\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre6\lib\zi\America\La_Paz
c:\program files\Java\jre6\lib\zi\America\Lima
c:\program files\Java\jre6\lib\zi\America\Los_Angeles
c:\program files\Java\jre6\lib\zi\America\Maceio
c:\program files\Java\jre6\lib\zi\America\Managua
c:\program files\Java\jre6\lib\zi\America\Manaus
c:\program files\Java\jre6\lib\zi\America\Martinique
c:\program files\Java\jre6\lib\zi\America\Matamoros
c:\program files\Java\jre6\lib\zi\America\Mazatlan
c:\program files\Java\jre6\lib\zi\America\Menominee
c:\program files\Java\jre6\lib\zi\America\Merida
c:\program files\Java\jre6\lib\zi\America\Mexico_City
c:\program files\Java\jre6\lib\zi\America\Miquelon
c:\program files\Java\jre6\lib\zi\America\Moncton
c:\program files\Java\jre6\lib\zi\America\Monterrey
c:\program files\Java\jre6\lib\zi\America\Montevideo
c:\program files\Java\jre6\lib\zi\America\Montreal
c:\program files\Java\jre6\lib\zi\America\Montserrat
c:\program files\Java\jre6\lib\zi\America\Nassau
c:\program files\Java\jre6\lib\zi\America\New_York
c:\program files\Java\jre6\lib\zi\America\Nipigon
c:\program files\Java\jre6\lib\zi\America\Nome
c:\program files\Java\jre6\lib\zi\America\Noronha
c:\program files\Java\jre6\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre6\lib\zi\America\North_Dakota\New_Salem
c:\program files\Java\jre6\lib\zi\America\Ojinaga
c:\program files\Java\jre6\lib\zi\America\Panama
c:\program files\Java\jre6\lib\zi\America\Pangnirtung
c:\program files\Java\jre6\lib\zi\America\Paramaribo
c:\program files\Java\jre6\lib\zi\America\Phoenix
c:\program files\Java\jre6\lib\zi\America\Port-au-Prince
c:\program files\Java\jre6\lib\zi\America\Port_of_Spain
c:\program files\Java\jre6\lib\zi\America\Porto_Velho
c:\program files\Java\jre6\lib\zi\America\Puerto_Rico
c:\program files\Java\jre6\lib\zi\America\Rainy_River
c:\program files\Java\jre6\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre6\lib\zi\America\Recife
c:\program files\Java\jre6\lib\zi\America\Regina
c:\program files\Java\jre6\lib\zi\America\Resolute
c:\program files\Java\jre6\lib\zi\America\Rio_Branco
c:\program files\Java\jre6\lib\zi\America\Santa_Isabel
c:\program files\Java\jre6\lib\zi\America\Santarem
c:\program files\Java\jre6\lib\zi\America\Santiago
c:\program files\Java\jre6\lib\zi\America\Santo_Domingo
c:\program files\Java\jre6\lib\zi\America\Sao_Paulo
c:\program files\Java\jre6\lib\zi\America\Scoresbysund
c:\program files\Java\jre6\lib\zi\America\St_Johns
c:\program files\Java\jre6\lib\zi\America\St_Kitts
c:\program files\Java\jre6\lib\zi\America\St_Lucia
c:\program files\Java\jre6\lib\zi\America\St_Thomas
c:\program files\Java\jre6\lib\zi\America\St_Vincent
c:\program files\Java\jre6\lib\zi\America\Swift_Current
c:\program files\Java\jre6\lib\zi\America\Tegucigalpa
c:\program files\Java\jre6\lib\zi\America\Thule
c:\program files\Java\jre6\lib\zi\America\Thunder_Bay
c:\program files\Java\jre6\lib\zi\America\Tijuana
c:\program files\Java\jre6\lib\zi\America\Toronto
c:\program files\Java\jre6\lib\zi\America\Tortola
c:\program files\Java\jre6\lib\zi\America\Vancouver
c:\program files\Java\jre6\lib\zi\America\Whitehorse
c:\program files\Java\jre6\lib\zi\America\Winnipeg
c:\program files\Java\jre6\lib\zi\America\Yakutat
c:\program files\Java\jre6\lib\zi\America\Yellowknife
c:\program files\Java\jre6\lib\zi\Antarctica\Casey
c:\program files\Java\jre6\lib\zi\Antarctica\Davis
c:\program files\Java\jre6\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre6\lib\zi\Antarctica\Mawson
c:\program files\Java\jre6\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre6\lib\zi\Antarctica\Palmer
c:\program files\Java\jre6\lib\zi\Antarctica\Rothera
c:\program files\Java\jre6\lib\zi\Antarctica\Syowa
c:\program files\Java\jre6\lib\zi\Antarctica\Vostok
c:\program files\Java\jre6\lib\zi\Asia\Aden
c:\program files\Java\jre6\lib\zi\Asia\Almaty
c:\program files\Java\jre6\lib\zi\Asia\Amman
c:\program files\Java\jre6\lib\zi\Asia\Anadyr
c:\program files\Java\jre6\lib\zi\Asia\Aqtau
c:\program files\Java\jre6\lib\zi\Asia\Aqtobe
c:\program files\Java\jre6\lib\zi\Asia\Ashgabat
c:\program files\Java\jre6\lib\zi\Asia\Baghdad
c:\program files\Java\jre6\lib\zi\Asia\Bahrain
c:\program files\Java\jre6\lib\zi\Asia\Baku
c:\program files\Java\jre6\lib\zi\Asia\Bangkok
c:\program files\Java\jre6\lib\zi\Asia\Beirut
c:\program files\Java\jre6\lib\zi\Asia\Bishkek
c:\program files\Java\jre6\lib\zi\Asia\Brunei
c:\program files\Java\jre6\lib\zi\Asia\Choibalsan
c:\program files\Java\jre6\lib\zi\Asia\Chongqing
c:\program files\Java\jre6\lib\zi\Asia\Colombo
c:\program files\Java\jre6\lib\zi\Asia\Damascus
c:\program files\Java\jre6\lib\zi\Asia\Dhaka
c:\program files\Java\jre6\lib\zi\Asia\Dili
c:\program files\Java\jre6\lib\zi\Asia\Dubai
c:\program files\Java\jre6\lib\zi\Asia\Dushanbe
c:\program files\Java\jre6\lib\zi\Asia\Gaza
c:\program files\Java\jre6\lib\zi\Asia\Harbin
c:\program files\Java\jre6\lib\zi\Asia\Ho_Chi_Minh
c:\program files\Java\jre6\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre6\lib\zi\Asia\Hovd
c:\program files\Java\jre6\lib\zi\Asia\Irkutsk
c:\program files\Java\jre6\lib\zi\Asia\Jakarta
c:\program files\Java\jre6\lib\zi\Asia\Jayapura
c:\program files\Java\jre6\lib\zi\Asia\Jerusalem
c:\program files\Java\jre6\lib\zi\Asia\Kabul
c:\program files\Java\jre6\lib\zi\Asia\Kamchatka
c:\program files\Java\jre6\lib\zi\Asia\Karachi
c:\program files\Java\jre6\lib\zi\Asia\Kashgar
c:\program files\Java\jre6\lib\zi\Asia\Kathmandu
c:\program files\Java\jre6\lib\zi\Asia\Kolkata
c:\program files\Java\jre6\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre6\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre6\lib\zi\Asia\Kuching
c:\program files\Java\jre6\lib\zi\Asia\Kuwait
c:\program files\Java\jre6\lib\zi\Asia\Macau
c:\program files\Java\jre6\lib\zi\Asia\Magadan
c:\program files\Java\jre6\lib\zi\Asia\Makassar
c:\program files\Java\jre6\lib\zi\Asia\Manila
c:\program files\Java\jre6\lib\zi\Asia\Muscat
c:\program files\Java\jre6\lib\zi\Asia\Nicosia
c:\program files\Java\jre6\lib\zi\Asia\Novokuznetsk
c:\program files\Java\jre6\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre6\lib\zi\Asia\Omsk
c:\program files\Java\jre6\lib\zi\Asia\Oral
c:\program files\Java\jre6\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre6\lib\zi\Asia\Pontianak
c:\program files\Java\jre6\lib\zi\Asia\Pyongyang
c:\program files\Java\jre6\lib\zi\Asia\Qatar
c:\program files\Java\jre6\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre6\lib\zi\Asia\Rangoon
c:\program files\Java\jre6\lib\zi\Asia\Riyadh
c:\program files\Java\jre6\lib\zi\Asia\Riyadh87
c:\program files\Java\jre6\lib\zi\Asia\Riyadh88
c:\program files\Java\jre6\lib\zi\Asia\Riyadh89
c:\program files\Java\jre6\lib\zi\Asia\Sakhalin
c:\program files\Java\jre6\lib\zi\Asia\Samarkand
c:\program files\Java\jre6\lib\zi\Asia\Seoul
c:\program files\Java\jre6\lib\zi\Asia\Shanghai
c:\program files\Java\jre6\lib\zi\Asia\Singapore
c:\program files\Java\jre6\lib\zi\Asia\Taipei
c:\program files\Java\jre6\lib\zi\Asia\Tashkent
c:\program files\Java\jre6\lib\zi\Asia\Tbilisi
c:\program files\Java\jre6\lib\zi\Asia\Tehran
c:\program files\Java\jre6\lib\zi\Asia\Thimphu
c:\program files\Java\jre6\lib\zi\Asia\Tokyo
c:\program files\Java\jre6\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre6\lib\zi\Asia\Urumqi
c:\program files\Java\jre6\lib\zi\Asia\Vientiane
c:\program files\Java\jre6\lib\zi\Asia\Vladivostok
c:\program files\Java\jre6\lib\zi\Asia\Yakutsk
c:\program files\Java\jre6\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre6\lib\zi\Asia\Yerevan
c:\program files\Java\jre6\lib\zi\Atlantic\Azores
c:\program files\Java\jre6\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre6\lib\zi\Atlantic\Canary
c:\program files\Java\jre6\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre6\lib\zi\Atlantic\Faroe
c:\program files\Java\jre6\lib\zi\Atlantic\Madeira
c:\program files\Java\jre6\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre6\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre6\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre6\lib\zi\Atlantic\Stanley
c:\program files\Java\jre6\lib\zi\Australia\Adelaide
c:\program files\Java\jre6\lib\zi\Australia\Brisbane
c:\program files\Java\jre6\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre6\lib\zi\Australia\Currie
c:\program files\Java\jre6\lib\zi\Australia\Darwin
c:\program files\Java\jre6\lib\zi\Australia\Eucla
c:\program files\Java\jre6\lib\zi\Australia\Hobart
c:\program files\Java\jre6\lib\zi\Australia\Lindeman
c:\program files\Java\jre6\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre6\lib\zi\Australia\Melbourne
c:\program files\Java\jre6\lib\zi\Australia\Perth
c:\program files\Java\jre6\lib\zi\Australia\Sydney
c:\program files\Java\jre6\lib\zi\CET
c:\program files\Java\jre6\lib\zi\CST6CDT
c:\program files\Java\jre6\lib\zi\EET
c:\program files\Java\jre6\lib\zi\EST
c:\program files\Java\jre6\lib\zi\EST5EDT
c:\program files\Java\jre6\lib\zi\Etc\GMT-1
c:\program files\Java\jre6\lib\zi\Etc\GMT-10
c:\program files\Java\jre6\lib\zi\Etc\GMT-11
c:\program files\Java\jre6\lib\zi\Etc\GMT-12
c:\program files\Java\jre6\lib\zi\Etc\GMT-13
c:\program files\Java\jre6\lib\zi\Etc\GMT-14
c:\program files\Java\jre6\lib\zi\Etc\GMT-2
c:\program files\Java\jre6\lib\zi\Etc\GMT-3
c:\program files\Java\jre6\lib\zi\Etc\GMT-4
c:\program files\Java\jre6\lib\zi\Etc\GMT-5
c:\program files\Java\jre6\lib\zi\Etc\GMT-6
c:\program files\Java\jre6\lib\zi\Etc\GMT-7
c:\program files\Java\jre6\lib\zi\Etc\GMT-8
c:\program files\Java\jre6\lib\zi\Etc\GMT-9
c:\program files\Java\jre6\lib\zi\Etc\GMT
c:\program files\Java\jre6\lib\zi\Etc\GMT+1
c:\program files\Java\jre6\lib\zi\Etc\GMT+10
c:\program files\Java\jre6\lib\zi\Etc\GMT+11
c:\program files\Java\jre6\lib\zi\Etc\GMT+12
c:\program files\Java\jre6\lib\zi\Etc\GMT+2
c:\program files\Java\jre6\lib\zi\Etc\GMT+3
c:\program files\Java\jre6\lib\zi\Etc\GMT+4
c:\program files\Java\jre6\lib\zi\Etc\GMT+5
c:\program files\Java\jre6\lib\zi\Etc\GMT+6
c:\program files\Java\jre6\lib\zi\Etc\GMT+7
c:\program files\Java\jre6\lib\zi\Etc\GMT+8
c:\program files\Java\jre6\lib\zi\Etc\GMT+9
c:\program files\Java\jre6\lib\zi\Etc\UCT
c:\program files\Java\jre6\lib\zi\Etc\UTC
c:\program files\Java\jre6\lib\zi\Europe\Amsterdam
c:\program files\Java\jre6\lib\zi\Europe\Andorra
c:\program files\Java\jre6\lib\zi\Europe\Athens
c:\program files\Java\jre6\lib\zi\Europe\Belgrade
c:\program files\Java\jre6\lib\zi\Europe\Berlin
c:\program files\Java\jre6\lib\zi\Europe\Brussels
c:\program files\Java\jre6\lib\zi\Europe\Bucharest
c:\program files\Java\jre6\lib\zi\Europe\Budapest
c:\program files\Java\jre6\lib\zi\Europe\Chisinau
c:\program files\Java\jre6\lib\zi\Europe\Copenhagen
c:\program files\Java\jre6\lib\zi\Europe\Dublin
c:\program files\Java\jre6\lib\zi\Europe\Gibraltar
c:\program files\Java\jre6\lib\zi\Europe\Helsinki
c:\program files\Java\jre6\lib\zi\Europe\Istanbul
c:\program files\Java\jre6\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre6\lib\zi\Europe\Kiev
c:\program files\Java\jre6\lib\zi\Europe\Lisbon
c:\program files\Java\jre6\lib\zi\Europe\London
c:\program files\Java\jre6\lib\zi\Europe\Luxembourg
c:\program files\Java\jre6\lib\zi\Europe\Madrid
c:\program files\Java\jre6\lib\zi\Europe\Malta
c:\program files\Java\jre6\lib\zi\Europe\Minsk
c:\program files\Java\jre6\lib\zi\Europe\Monaco
c:\program files\Java\jre6\lib\zi\Europe\Moscow
c:\program files\Java\jre6\lib\zi\Europe\Oslo
c:\program files\Java\jre6\lib\zi\Europe\Paris
c:\program files\Java\jre6\lib\zi\Europe\Prague
c:\program files\Java\jre6\lib\zi\Europe\Riga
c:\program files\Java\jre6\lib\zi\Europe\Rome
c:\program files\Java\jre6\lib\zi\Europe\Samara
c:\program files\Java\jre6\lib\zi\Europe\Simferopol
c:\program files\Java\jre6\lib\zi\Europe\Sofia
c:\program files\Java\jre6\lib\zi\Europe\Stockholm
c:\program files\Java\jre6\lib\zi\Europe\Tallinn
c:\program files\Java\jre6\lib\zi\Europe\Tirane
c:\program files\Java\jre6\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre6\lib\zi\Europe\Vaduz
c:\program files\Java\jre6\lib\zi\Europe\Vienna
c:\program files\Java\jre6\lib\zi\Europe\Vilnius
c:\program files\Java\jre6\lib\zi\Europe\Volgograd
c:\program files\Java\jre6\lib\zi\Europe\Warsaw
c:\program files\Java\jre6\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre6\lib\zi\Europe\Zurich
c:\program files\Java\jre6\lib\zi\GMT
c:\program files\Java\jre6\lib\zi\HST
c:\program files\Java\jre6\lib\zi\Indian\Antananarivo
c:\program files\Java\jre6\lib\zi\Indian\Chagos
c:\program files\Java\jre6\lib\zi\Indian\Christmas
c:\program files\Java\jre6\lib\zi\Indian\Cocos
c:\program files\Java\jre6\lib\zi\Indian\Comoro
c:\program files\Java\jre6\lib\zi\Indian\Kerguelen
c:\program files\Java\jre6\lib\zi\Indian\Mahe
c:\program files\Java\jre6\lib\zi\Indian\Maldives
c:\program files\Java\jre6\lib\zi\Indian\Mauritius
c:\program files\Java\jre6\lib\zi\Indian\Mayotte
c:\program files\Java\jre6\lib\zi\Indian\Reunion
c:\program files\Java\jre6\lib\zi\MET
c:\program files\Java\jre6\lib\zi\MST
c:\program files\Java\jre6\lib\zi\MST7MDT
c:\program files\Java\jre6\lib\zi\Pacific\Apia
c:\program files\Java\jre6\lib\zi\Pacific\Auckland
c:\program files\Java\jre6\lib\zi\Pacific\Chatham
c:\program files\Java\jre6\lib\zi\Pacific\Easter
c:\program files\Java\jre6\lib\zi\Pacific\Efate
c:\program files\Java\jre6\lib\zi\Pacific\Enderbury
c:\program files\Java\jre6\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre6\lib\zi\Pacific\Fiji
c:\program files\Java\jre6\lib\zi\Pacific\Funafuti
c:\program files\Java\jre6\lib\zi\Pacific\Galapagos
c:\program files\Java\jre6\lib\zi\Pacific\Gambier
c:\program files\Java\jre6\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre6\lib\zi\Pacific\Guam
c:\program files\Java\jre6\lib\zi\Pacific\Honolulu
c:\program files\Java\jre6\lib\zi\Pacific\Johnston
c:\program files\Java\jre6\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre6\lib\zi\Pacific\Kosrae
c:\program files\Java\jre6\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre6\lib\zi\Pacific\Majuro
c:\program files\Java\jre6\lib\zi\Pacific\Marquesas
c:\program files\Java\jre6\lib\zi\Pacific\Midway
c:\program files\Java\jre6\lib\zi\Pacific\Nauru
c:\program files\Java\jre6\lib\zi\Pacific\Niue
c:\program files\Java\jre6\lib\zi\Pacific\Norfolk
c:\program files\Java\jre6\lib\zi\Pacific\Noumea
c:\program files\Java\jre6\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre6\lib\zi\Pacific\Palau
c:\program files\Java\jre6\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre6\lib\zi\Pacific\Ponape
c:\program files\Java\jre6\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre6\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre6\lib\zi\Pacific\Saipan
c:\program files\Java\jre6\lib\zi\Pacific\Tahiti
c:\program files\Java\jre6\lib\zi\Pacific\Tarawa
c:\program files\Java\jre6\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre6\lib\zi\Pacific\Truk
c:\program files\Java\jre6\lib\zi\Pacific\Wake
c:\program files\Java\jre6\lib\zi\Pacific\Wallis
c:\program files\Java\jre6\lib\zi\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\AST4
c:\program files\Java\jre6\lib\zi\SystemV\AST4ADT
c:\program files\Java\jre6\lib\zi\SystemV\CST6
c:\program files\Java\jre6\lib\zi\SystemV\CST6CDT
c:\program files\Java\jre6\lib\zi\SystemV\EST5
c:\program files\Java\jre6\lib\zi\SystemV\EST5EDT
c:\program files\Java\jre6\lib\zi\SystemV\HST10
c:\program files\Java\jre6\lib\zi\SystemV\MST7
c:\program files\Java\jre6\lib\zi\SystemV\MST7MDT
c:\program files\Java\jre6\lib\zi\SystemV\PST8
c:\program files\Java\jre6\lib\zi\SystemV\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\YST9
c:\program files\Java\jre6\lib\zi\SystemV\YST9YDT
c:\program files\Java\jre6\lib\zi\WET
c:\program files\Java\jre6\lib\zi\ZoneInfoMappings
c:\program files\Java\jre6\LICENSE
c:\program files\Java\jre6\README.txt
c:\program files\Java\jre6\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre6\Welcome.html
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JavaQuickStarterService
-------\Legacy_JavaQuickStarterService
-------\Service_JavaQuickStarterService
-------\Service_JavaQuickStarterService
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 17:27 . 2011-04-11 04:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94C0142-74EE-4C4E-9A0F-73A815A36D69}\mpengine.dll
2011-05-01 01:04 . 2011-05-01 01:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 21:53 . 2011-04-21 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-04-21 07:00 . 2011-04-21 07:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-14 21:43 . 2011-04-14 21:43 -------- d-----w- c:\program files\WinPcap
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 04:04 . 2010-02-16 14:41 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2004-08-04 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 19:44 . 2009-04-22 07:28 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44 . 2008-07-31 22:17 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-03-04 19:44 . 2004-10-24 20:21 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44 . 2004-10-24 20:21 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 02:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-04 10:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2006-10-13 110592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 2:19 PM 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [4/14/2011 5:42 PM 439632]
S1 MpKsl3041a93a;MpKsl3041a93a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E755726A-C069-49D6-9102-042E646C7D63}\MpKsl3041a93a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E755726A-C069-49D6-9102-042E646C7D63}\MpKsl3041a93a.sys [?]
S1 MpKsl779adc92;MpKsl779adc92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7D51050-3BAC-47A8-8318-82FA9DC79E1B}\MpKsl779adc92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7D51050-3BAC-47A8-8318-82FA9DC79E1B}\MpKsl779adc92.sys [?]
S1 MpKslda4d6458;MpKslda4d6458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94C0142-74EE-4C4E-9A0F-73A815A36D69}\MpKslda4d6458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94C0142-74EE-4C4E-9A0F-73A815A36D69}\MpKslda4d6458.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 8:56 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 C21ndisXP;Com21 USB Cable Modem;c:\windows\SYSTEM32\DRIVERS\C21ndisXP.sys [7/1/2005 12:56 PM 10368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 8:56 PM 136176]
S3 PD1030VID;Creative WebCam Pro;c:\windows\SYSTEM32\DRIVERS\p1030vid.sys [2/2/2005 2:28 AM 167673]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 00:56]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 00:56]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502690784-542892451-2706031008-1006Core.job
- c:\documents and settings\Leonard Roe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 17:37]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502690784-542892451-2706031008-1006UA.job
- c:\documents and settings\Leonard Roe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 17:37]
.
2010-09-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 17:51]
.
2010-09-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 17:43]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{8DD95D15-9132-4CA1-8998-B4F91695AF3E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Trusted Zone: auctiva.com\www
Trusted Zone: google.com\mail
Trusted Zone: hotmail.com
Trusted Zone: rubylane.com\www
FF - ProfilePath - c:\documents and settings\Leonard Roe\Application Data\Mozilla\Firefox\Profiles\62hh1b1j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1502690784-542892451-2706031008-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2011-05-03 13:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 17:58
ComboFix2.txt 2011-05-03 17:08
.
Pre-Run: 12,815,921,152 bytes free
Post-Run: 12,760,567,808 bytes free
.
- - End Of File - - C3DC4C17E1CA5D54514AE64659B08561

[Tomk]

I didn't mess with GreaseMonkey. Those are all remnants of Java that weren't wanting to go away. Now please try to run JavaMSIFix.exe If it runs... then try to run the Java installer you downloaded.

[eBayvictim]

do the offline 86? and do I need to disconnect from internet?

[eBayvictim]

I turned off security programs tried to run it, got the same prompt to fix then it displays the same error message for #87 I was still connected to the internet while doing this, but all other applications were closed ---------edit-------------- I just tried to verify what java I had, and it came up nothing, and the result could not be displayed because I have no Java now according to the site. --------edit--------------- I just tried running it again without the protect computer option.....same thing, "unknown error #87" --------------checked programs through CCleaner tools---------------- It shows: Java Uploader w/no version or publisher and Java™ 6 Update 20 w/ publisher and version 6.0.200 Also ---------- (don't know if this helps or not) ----------- those two Java entries only show up in CCleaner tools display of programs They DO NOT show in the programs list accessed through the START menu.

Edited by eBayvictim, 03 May 2011 - 01:58 PM.

[Tomk]

Hm... Can you try to uninstall both of them with CCleaner and see what happens?

[eBayvictim]

The first one called uploader deleted The second one tries to delete and then produces the message: Internal error 2753.Regutls.dll Tried to delete the entry as well, was prompted that it cannot be deleted. It says...."Cannot delete MSI installer"

Edited by eBayvictim, 03 May 2011 - 03:51 PM.

[Tomk]

Remember clear back in post #4 when you downloaded JavaRA? Please run it again and have it Remove older versions. Please post the resultant log.

[eBayvictim]

I just ran a START search for Java.....tons of stuff....do you need to see them? I will try to run that program now while I wait your answer.