Tech Support Forum - View Single Post - "Windows Security Alert" continues after XPAntivirus removed

mimartin · 08-15-2008, 10:07 AM

Hi,

Thanks for your continued support with this issue. I haven't seen the "Windows Security Alert" in a couple of days now. Also the XPAntivirus and Joke.Blusod are not showing up as well.

I'm not aware of any illegal programs (cracked or otherwise) on this computer. It is a family computer so it is possible that someone else installed something. I looked at the combofix log and saw the files in limewire directory. I went there and didn't see those files or any others like that after the scan. But if you can see something else that isn't legit, please let me know and I will remove.

I cleared the Norton quarantine folder.

I ran combofix using the CFScript text you provided. Combofix said a newer version was available when it started so I accepted to update it. It then ran. It did reboot before ending.

I then ran HJT

Here are the logs.

***********************

ComboFix 08-08-14.03 - Michael 2008-08-15 10:00:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.224 [GMT -5:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@a.hasbro[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@bellaonline[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@belointeractive[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@boxofficemojo[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@catalog.target[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@cuc.famousfootwear[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ebaumsworld[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ebay[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ejbdotcom[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@expedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@famousfootwear[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@livescience[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@mapquest[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@metacafe[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@metrics.adobe[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@my.clearchannelradio[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@myspace[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@photobucket[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@rtm[4].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@sanangelostandardtimes[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@shopzilla[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@turn[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@tvguide[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@walmart[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[3].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@www.potpourrigift[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@yahoo[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@yellowpages[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@youtube[2].txt
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\downloads.bak
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\downloads.dat
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\T-218-Plus! Digital Media Edition (DME) Key.txt
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\DVD XCopy Xpress Platinum v3.20+Crack.exe
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\Microsoft_Windows_95_98_ME_2000_2k_XP_Plus_Office_Product_Keys_Cd_Key_License_Crack.txt.exe
C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\Plus_DME_Crack_A0015556.exe
C:\Documents and Settings\User\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\user@my.clearchannelradio[2].txt
C:\Program Files\Java\jre1.6.0_03
C:\Program Files\Java\jre1.6.0_03\bin\awt.dll
C:\Program Files\Java\jre1.6.0_03\bin\axbridge.dll
C:\Program Files\Java\jre1.6.0_03\bin\client\classes.jsa
C:\Program Files\Java\jre1.6.0_03\bin\client\jvm.dll
C:\Program Files\Java\jre1.6.0_03\bin\client\Xusage.txt
C:\Program Files\Java\jre1.6.0_03\bin\cmm.dll
C:\Program Files\Java\jre1.6.0_03\bin\dcpr.dll
C:\Program Files\Java\jre1.6.0_03\bin\deploy.dll
C:\Program Files\Java\jre1.6.0_03\bin\dt_shmem.dll
C:\Program Files\Java\jre1.6.0_03\bin\dt_socket.dll
C:\Program Files\Java\jre1.6.0_03\bin\fontmanager.dll
C:\Program Files\Java\jre1.6.0_03\bin\hpi.dll
C:\Program Files\Java\jre1.6.0_03\bin\hprof.dll
C:\Program Files\Java\jre1.6.0_03\bin\instrument.dll
C:\Program Files\Java\jre1.6.0_03\bin\ioser12.dll
C:\Program Files\Java\jre1.6.0_03\bin\j2pcsc.dll
C:\Program Files\Java\jre1.6.0_03\bin\j2pkcs11.dll
C:\Program Files\Java\jre1.6.0_03\bin\jaas_nt.dll
C:\Program Files\Java\jre1.6.0_03\bin\java-rmi.exe
C:\Program Files\Java\jre1.6.0_03\bin\java.dll
C:\Program Files\Java\jre1.6.0_03\bin\java.exe
C:\Program Files\Java\jre1.6.0_03\bin\java_crw_demo.dll
C:\Program Files\Java\jre1.6.0_03\bin\javacpl.cpl
C:\Program Files\Java\jre1.6.0_03\bin\javacpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe
C:\Program Files\Java\jre1.6.0_03\bin\jawt.dll
C:\Program Files\Java\jre1.6.0_03\bin\JdbcOdbc.dll
C:\Program Files\Java\jre1.6.0_03\bin\jdwp.dll
C:\Program Files\Java\jre1.6.0_03\bin\jli.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpeg.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpicom.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpiexp.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpinscp.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpioji.dll
C:\Program Files\Java\jre1.6.0_03\bin\jpishare.dll
C:\Program Files\Java\jre1.6.0_03\bin\jsound.dll
C:\Program Files\Java\jre1.6.0_03\bin\jsoundds.dll
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Java\jre1.6.0_03\bin\jureg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\keytool.exe
C:\Program Files\Java\jre1.6.0_03\bin\kinit.exe
C:\Program Files\Java\jre1.6.0_03\bin\klist.exe
C:\Program Files\Java\jre1.6.0_03\bin\ktab.exe
C:\Program Files\Java\jre1.6.0_03\bin\management.dll
C:\Program Files\Java\jre1.6.0_03\bin\msvcr71.dll
C:\Program Files\Java\jre1.6.0_03\bin\net.dll
C:\Program Files\Java\jre1.6.0_03\bin\nio.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll
C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll
C:\Program Files\Java\jre1.6.0_03\bin\npt.dll
C:\Program Files\Java\jre1.6.0_03\bin\orbd.exe
C:\Program Files\Java\jre1.6.0_03\bin\pack200.exe
C:\Program Files\Java\jre1.6.0_03\bin\policytool.exe
C:\Program Files\Java\jre1.6.0_03\bin\regutils.dll
C:\Program Files\Java\jre1.6.0_03\bin\rmi.dll
C:\Program Files\Java\jre1.6.0_03\bin\rmid.exe
C:\Program Files\Java\jre1.6.0_03\bin\rmiregistry.exe
C:\Program Files\Java\jre1.6.0_03\bin\servertool.exe
C:\Program Files\Java\jre1.6.0_03\bin\splashscreen.dll
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_03\bin\sunmscapi.dll
C:\Program Files\Java\jre1.6.0_03\bin\tnameserv.exe
C:\Program Files\Java\jre1.6.0_03\bin\unpack.dll
C:\Program Files\Java\jre1.6.0_03\bin\unpack200.exe
C:\Program Files\Java\jre1.6.0_03\bin\verify.dll
C:\Program Files\Java\jre1.6.0_03\bin\w2k_lsa_auth.dll
C:\Program Files\Java\jre1.6.0_03\bin\wsdetect.dll
C:\Program Files\Java\jre1.6.0_03\bin\zip.dll
C:\Program Files\Java\jre1.6.0_03\COPYRIGHT
C:\Program Files\Java\jre1.6.0_03\lib\applet\WMPNS.jar
C:\Program Files\Java\jre1.6.0_03\lib\calendars.properties
C:\Program Files\Java\jre1.6.0_03\lib\classlist
C:\Program Files\Java\jre1.6.0_03\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\jre1.6.0_03\lib\cmm\GRAY.pf
C:\Program Files\Java\jre1.6.0_03\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\jre1.6.0_03\lib\cmm\sRGB.pf
C:\Program Files\Java\jre1.6.0_03\lib\content-types.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy.jar
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_de.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_es.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_fr.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_it.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_ja.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_ko.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_sv.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_CN.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_HK.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_TW.properties
C:\Program Files\Java\jre1.6.0_03\lib\deploy\splash.jpg
C:\Program Files\Java\jre1.6.0_03\lib\ext\dnsns.jar
C:\Program Files\Java\jre1.6.0_03\lib\ext\meta-index
C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
C:\Program Files\Java\jre1.6.0_03\lib\ext\sunjce_provider.jar
C:\Program Files\Java\jre1.6.0_03\lib\ext\sunmscapi.jar
C:\Program Files\Java\jre1.6.0_03\lib\ext\sunpkcs11.jar
C:\Program Files\Java\jre1.6.0_03\lib\flavormap.properties
C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.98.bfc
C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.98.properties.src
C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.bfc
C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.properties.src
C:\Program Files\Java\jre1.6.0_03\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\jre1.6.0_03\lib\i386\jvm.cfg
C:\Program Files\Java\jre1.6.0_03\lib\im\indicim.jar
C:\Program Files\Java\jre1.6.0_03\lib\im\thaiim.jar
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\cursors.properties
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_03\lib\javaws.jar
C:\Program Files\Java\jre1.6.0_03\lib\jce.jar
C:\Program Files\Java\jre1.6.0_03\lib\jsse.jar
C:\Program Files\Java\jre1.6.0_03\lib\jvm.hprof.txt
C:\Program Files\Java\jre1.6.0_03\lib\logging.properties
C:\Program Files\Java\jre1.6.0_03\lib\management-agent.jar
C:\Program Files\Java\jre1.6.0_03\lib\management\jmxremote.access
C:\Program Files\Java\jre1.6.0_03\lib\management\jmxremote.password.template
C:\Program Files\Java\jre1.6.0_03\lib\management\management.properties
C:\Program Files\Java\jre1.6.0_03\lib\management\snmp.acl.template
C:\Program Files\Java\jre1.6.0_03\lib\meta-index
C:\Program Files\Java\jre1.6.0_03\lib\net.properties
C:\Program Files\Java\jre1.6.0_03\lib\plugin.jar
C:\Program Files\Java\jre1.6.0_03\lib\psfont.properties.ja
C:\Program Files\Java\jre1.6.0_03\lib\psfontj2d.properties
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar
C:\Program Files\Java\jre1.6.0_03\lib\rt.jar
C:\Program Files\Java\jre1.6.0_03\lib\security\cacerts
C:\Program Files\Java\jre1.6.0_03\lib\security\java.policy
C:\Program Files\Java\jre1.6.0_03\lib\security\java.security
C:\Program Files\Java\jre1.6.0_03\lib\security\javaws.policy
C:\Program Files\Java\jre1.6.0_03\lib\security\local_policy.jar
C:\Program Files\Java\jre1.6.0_03\lib\security\US_export_policy.jar
C:\Program Files\Java\jre1.6.0_03\lib\sound.properties
C:\Program Files\Java\jre1.6.0_03\lib\tzmappings
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Abidjan
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Accra
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Algiers
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Asmara
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bamako
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bangui
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Banjul
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bissau
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Blantyre
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Brazzaville
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bujumbura
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Cairo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Casablanca
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ceuta
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Conakry
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Dakar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Djibouti
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Douala
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Freetown
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Gaborone
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Harare
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Johannesburg
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kampala
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Khartoum
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kigali
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kinshasa
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lagos
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Libreville
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lome
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Luanda
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lusaka
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Malabo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Maputo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Maseru
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Mbabane
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Mogadishu
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Monrovia
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Nairobi
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ndjamena
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Niamey
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Nouakchott
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Tripoli
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Tunis
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Windhoek
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Adak
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Anchorage
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Anguilla
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Antigua
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Araguaina
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Buenos_Aires
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Catamarca
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Cordoba
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Jujuy
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\La_Rioja
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Mendoza
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Rio_Gallegos
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\San_Juan
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Tucuman
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Ushuaia
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Aruba
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Asuncion
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Atikokan
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Bahia
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Barbados
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Belem
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Belize
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Blanc-Sablon
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Boa_Vista
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Bogota
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Boise
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Campo_Grande
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cancun
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Caracas
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cayenne
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cayman
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Chicago
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Chihuahua
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Costa_Rica
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cuiaba
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Curacao
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Danmarkshavn
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dawson
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dawson_Creek
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Denver
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Detroit
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dominica
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Edmonton
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Eirunepe
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\El_Salvador
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Fortaleza
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Glace_Bay
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Godthab
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Goose_Bay
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Grand_Turk
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Grenada
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guadeloupe
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guatemala
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guayaquil
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guyana
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Halifax
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Havana
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Hermosillo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Indianapolis
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Knox
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Petersburg
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Tell_City
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vincennes
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Winamac
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Inuvik
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Iqaluit
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Jamaica
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Juneau
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Louisville
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\La_Paz
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Lima
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Los_Angeles
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Maceio
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Managua
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Manaus
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Martinique
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Mazatlan
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Menominee
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Merida
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Mexico_City
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Miquelon
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Moncton
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Monterrey
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montevideo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montreal
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montserrat
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nassau
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\New_York
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nipigon
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nome
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Noronha
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\New_Salem
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Panama
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Pangnirtung
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Paramaribo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Phoenix
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Port-au-Prince
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Port_of_Spain
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Porto_Velho
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Puerto_Rico
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rainy_River
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Recife
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Regina
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Resolute
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rio_Branco
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Santiago
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Santo_Domingo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Sao_Paulo
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Scoresbysund
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Johns
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Kitts
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Lucia
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Thomas
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Vincent
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Swift_Current
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tegucigalpa
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Thule
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Thunder_Bay
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tijuana
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Toronto
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tortola
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Vancouver
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Whitehorse
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Winnipeg
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Yakutat
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Yellowknife
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Casey
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Davis
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Mawson
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Palmer
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Rothera
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Syowa
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Vostok
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aden
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Almaty
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Amman
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Anadyr
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aqtau
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aqtobe
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Ashgabat
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Baghdad
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bahrain
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Baku
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bangkok
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Beirut
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bishkek
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Brunei
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Calcutta
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Choibalsan
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Chongqing
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Colombo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Damascus
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dhaka
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dili
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dubai
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dushanbe
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Gaza
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Harbin
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Hovd
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Irkutsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jakarta
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jayapura
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jerusalem
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kabul
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kamchatka
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Karachi
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kashgar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Katmandu
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuching
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuwait
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Macau
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Magadan
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Makassar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Manila
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Muscat
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Nicosia
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Omsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Oral
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Pontianak
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Pyongyang
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Qatar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Rangoon
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh87
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh88
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh89
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Saigon
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Sakhalin
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Samarkand
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Seoul
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Shanghai
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Singapore
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Taipei
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tashkent
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tbilisi
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tehran
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Thimphu
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tokyo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Urumqi
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Vientiane
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Vladivostok
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yakutsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yerevan
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Azores
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Canary
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Faroe
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Madeira
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Stanley
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Adelaide
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Brisbane
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Currie
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Darwin
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Eucla
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Hobart
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Lindeman
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Melbourne
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Perth
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Sydney
C:\Program Files\Java\jre1.6.0_03\lib\zi\CET
C:\Program Files\Java\jre1.6.0_03\lib\zi\CST6CDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\EET
C:\Program Files\Java\jre1.6.0_03\lib\zi\EST
C:\Program Files\Java\jre1.6.0_03\lib\zi\EST5EDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-1
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-10
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-11
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-12
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-13
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-14
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-2
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-3
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-4
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-5
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-6
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-7
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-8
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-9
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\UCT
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\UTC
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Amsterdam
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Andorra
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Athens
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Belgrade
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Berlin
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Brussels
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Bucharest
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Budapest
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Chisinau
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Copenhagen
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Dublin
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Gibraltar
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Helsinki
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Istanbul
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Kiev
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Lisbon
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\London
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Luxembourg
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Madrid
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Malta
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Minsk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Monaco
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Moscow
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Oslo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Paris
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Prague
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Riga
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Rome
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Samara
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Simferopol
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Sofia
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Stockholm
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Tallinn
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Tirane
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vaduz
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vienna
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vilnius
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Volgograd
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Warsaw
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Zurich
C:\Program Files\Java\jre1.6.0_03\lib\zi\GMT
C:\Program Files\Java\jre1.6.0_03\lib\zi\HST
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Antananarivo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Chagos
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Christmas
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Cocos
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Comoro
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Kerguelen
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mahe
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Maldives
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mauritius
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mayotte
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Reunion
C:\Program Files\Java\jre1.6.0_03\lib\zi\MET
C:\Program Files\Java\jre1.6.0_03\lib\zi\MST
C:\Program Files\Java\jre1.6.0_03\lib\zi\MST7MDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Apia
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Auckland
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Chatham
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Easter
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Efate
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Enderbury
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Fiji
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Funafuti
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Galapagos
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Gambier
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Guam
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Honolulu
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Johnston
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kosrae
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Majuro
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Marquesas
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Midway
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Nauru
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Niue
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Norfolk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Noumea
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Palau
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Ponape
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Saipan
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tahiti
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tarawa
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Truk
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Wake
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Wallis
C:\Program Files\Java\jre1.6.0_03\lib\zi\PST8PDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\AST4
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\AST4ADT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\CST6
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\CST6CDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\EST5
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\EST5EDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\HST10
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\MST7
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\MST7MDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\PST8
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\PST8PDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\YST9
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\YST9YDT
C:\Program Files\Java\jre1.6.0_03\lib\zi\WET
C:\Program Files\Java\jre1.6.0_03\lib\zi\ZoneInfoMappings
C:\Program Files\Java\jre1.6.0_03\LICENSE
C:\Program Files\Java\jre1.6.0_03\PATCH.ERR
C:\Program Files\Java\jre1.6.0_03\README.txt
C:\Program Files\Java\jre1.6.0_03\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\jre1.6.0_03\Welcome.html
C:\Program Files\rcecdxf
C:\Program Files\rcecdxf\UiHlp.dll
C:\WINDOWS\system32\wdgzyfmf.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-15 10:10 . 2008-08-15 10:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-15 10:10 . 2008-08-15 10:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-14 19:06 . 2008-08-14 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-14 17:20 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 17:20 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:17 . 2008-08-13 11:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-10 21:29 . 2008-08-10 21:29 <DIR> d-------- C:\Deckard
2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-10 20:24 . 2008-04-13 19:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-10 20:23 . 2008-04-13 19:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-10 19:38 . 2008-08-10 19:38 <DIR> d-------- C:\ie-spyad_zo
2008-08-10 19:27 . 2008-08-10 19:30 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-10 16:38 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-10 16:37 . 2008-08-10 16:37 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 22:32 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 22:32 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 16:07 . 2008-08-09 16:07 0 --a------ C:\WINDOWS\system32\FCF.tmp
2008-08-08 21:10 . 2008-08-08 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-08-07 06:18 . 2008-08-07 06:18 <DIR> d-------- C:\Documents and Settings\Michael\.Arachnophilia
2008-08-07 06:17 . 2008-08-07 06:17 <DIR> d-------- C:\Program Files\Arachnophilia
2008-07-15 22:03 . 2008-07-15 22:03 40,304 --ah----- C:\WINDOWS\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 15:03 --------- d-----w C:\Program Files\Java
2008-08-15 01:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 23:57 --------- d-----w C:\Documents and Settings\Michael\Application Data\Skype
2008-08-13 21:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\skypePM
2008-08-12 10:47 --------- d-----w C:\Program Files\Paint.NET
2008-08-10 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 12:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-10 04:01 --------- d-----w C:\Program Files\Lavasoft
2008-08-09 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-07-16 02:26 --------- d-----w C:\Program Files\Picasa2
2008-07-12 14:07 --------- d-----w C:\Documents and Settings\Michael\Application Data\ICAClient
2008-07-12 14:06 --------- d-----w C:\Documents and Settings\Michael\Application Data\Runaware
2008-06-30 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-30 15:34 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-06-30 15:31 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-06-30 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 15:30 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield
2008-06-27 20:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-22 13:27 --------- d-----w C:\Program Files\UltraEdit
2008-06-22 13:25 1,564,236 ----a-w C:\Program Files\UltraEdit.zip
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-25 16:56 56,912 ----a-w C:\Documents and Settings\Michael\g2mdlhlpx.exe
2008-01-15 03:59 744 ----a-w C:\Documents and Settings\Michael\pass.dat
2007-12-22 12:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-01-01 06:53 37 ----a-w C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
2005-01-01 06:52 127 ----a-w C:\Documents and Settings\Owner\Application Data\tvmdmns.dll
2004-12-31 20:46 163 ----a-w C:\Documents and Settings\Michael\Application Data\tvmdmns.dll
2004-12-31 20:03 28 ----a-w C:\Documents and Settings\Michael\Application Data\tvmcwrd.dll
2002-08-29 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-13_10.37.03.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-15 01:09:33 59,904 ----a-r C:\WINDOWS\Installer\{7EC96FCD-0C12-46D3-988A-FB802F138BEB}\IconA3AFE979.exe
+ 2008-07-07 20:26:58 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-06-24 16:43:16 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-21 06:44:29 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:09:27 3,067,392 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-21 06:44:29 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:09:27 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-14 00:11:53 246,272 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-04-14 00:11:54 691,712 ------w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ------w C:\WINDOWS\system32\inetcomm.dll
- 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 00:11:58 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 00:12:05 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-04-14 00:12:38 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-14 00:12:08 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 23:25 24576]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"NVIEW"="nview.dll" [2003-08-19 04:56 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 04:56 4841472]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23 90112]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 01:36 45056]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 11:18 45056]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:33 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"PNAgent"="C:\Program Files\PhatNoise Media Manager\PNAgent.exe" [2006-07-05 16:51 40960]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
"dmvoq.exe"="C:\WINDOWS\system32\dmvoq.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2003-08-19 04:56 323584 C:\WINDOWS\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [2007-05-23 12:13 173680]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-01-13 08:45:57 25214]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-26 15:51:14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MindManager PDF Writer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MindManager PDF Writer.lnk
backup=C:\WINDOWS\pss\MindManager PDF Writer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2007-06-10 19:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 22:02 61440 C:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-22 19:20 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe]
--a------ 2007-12-22 07:57 6742016 C:\Program Files\Pamela\Pamela.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2003-07-11 13:51 57344 C:\Program Files\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\Program Files\\Best Buy Digital Music Store Powered by Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 NEOFLTR_530_10641;Juniper Networks TDI Filter Driver (NEOFLTR_530_10641);C:\WINDOWS\system32\Drivers\NEOFLTR_530_10641.SYS [2006-04-27 00:40]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 10:49]
R3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e2986f-2c64-11dd-a400-000ea6631781}]
\Shell\AutoRun\command - K:\Launch.exe /run
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13]

2008-08-14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-02-16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 10:09:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2008-08-15 10:20:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 15:20:38
ComboFix2.txt 2008-08-13 15:38:22

Pre-Run: 30,958,436,352 bytes free
Post-Run: 30,979,305,472 bytes free

916 --- E O F --- 2008-08-15 03:36:23

*******************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:24 AM, on 8/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dmvoq.exe] C:\WINDOWS\system32\dmvoq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.38/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B7D92DE-C59E-4A96-8384-87D106A9DE5B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9852F02-FE8C-49A1-86BC-15688CF57C8D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 16488 bytes

Thanks,
Michael.

08-15-2008, 10:07 AM	#10 (permalink)
mimartin Registered User Join Date: Aug 2008 Posts: 17 OS: xp, service pack 3	Re: "Windows Security Alert" continues after XPAntivirus removed Hi, Thanks for your continued support with this issue. I haven't seen the "Windows Security Alert" in a couple of days now. Also the XPAntivirus and Joke.Blusod are not showing up as well. I'm not aware of any illegal programs (cracked or otherwise) on this computer. It is a family computer so it is possible that someone else installed something. I looked at the combofix log and saw the files in limewire directory. I went there and didn't see those files or any others like that after the scan. But if you can see something else that isn't legit, please let me know and I will remove. I cleared the Norton quarantine folder. I ran combofix using the CFScript text you provided. Combofix said a newer version was available when it started so I accepted to update it. It then ran. It did reboot before ending. I then ran HJT Here are the logs. *********************** ComboFix 08-08-14.03 - Michael 2008-08-15 10:00:38.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.224 [GMT -5:00] Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@2o7[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@a.hasbro[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ad.yieldmanager[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ads.pointroll[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@bellaonline[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@belointeractive[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@boxofficemojo[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@casalemedia[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@catalog.target[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@cuc.famousfootwear[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ebaumsworld[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ebay[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@edge.ru4[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@ejbdotcom[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@expedia[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@famousfootwear[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@insightexpressai[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@livescience[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@mapquest[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@metacafe[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@metrics.adobe[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@my.clearchannelradio[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@myspace[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@nextag[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@partner2profit[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@photobucket[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@questionmarket[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@revsci[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@rtm[4].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@sanangelostandardtimes[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@shopzilla[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@specificclick[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@statcounter[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@trafficmp[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@tribalfusion[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@turn[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@tvguide[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@walmart[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@weather[3].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@www.potpourrigift[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@yahoo[2].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@yellowpages[1].txt C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\owner@youtube[2].txt C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\downloads.bak C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\downloads.dat C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Incomplete\T-218-Plus! Digital Media Edition (DME) Key.txt C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\DVD XCopy Xpress Platinum v3.20+Crack.exe C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\Microsoft_Windows_95_98_ME_2000_2k_XP_Plus_Office_Product_Keys_Cd_Key_License_Crack.txt.exe C:\Documents and Settings\Owner\My Documents\Michaels Files\Limewire\Shared\Plus_DME_Crack_A0015556.exe C:\Documents and Settings\User\Application Data\Earthlink\6.0\mmlm@earthlink.net\Cookies\user@my.clearchannelradio[2].txt C:\Program Files\Java\jre1.6.0_03 C:\Program Files\Java\jre1.6.0_03\bin\awt.dll C:\Program Files\Java\jre1.6.0_03\bin\axbridge.dll C:\Program Files\Java\jre1.6.0_03\bin\client\classes.jsa C:\Program Files\Java\jre1.6.0_03\bin\client\jvm.dll C:\Program Files\Java\jre1.6.0_03\bin\client\Xusage.txt C:\Program Files\Java\jre1.6.0_03\bin\cmm.dll C:\Program Files\Java\jre1.6.0_03\bin\dcpr.dll C:\Program Files\Java\jre1.6.0_03\bin\deploy.dll C:\Program Files\Java\jre1.6.0_03\bin\dt_shmem.dll C:\Program Files\Java\jre1.6.0_03\bin\dt_socket.dll C:\Program Files\Java\jre1.6.0_03\bin\fontmanager.dll C:\Program Files\Java\jre1.6.0_03\bin\hpi.dll C:\Program Files\Java\jre1.6.0_03\bin\hprof.dll C:\Program Files\Java\jre1.6.0_03\bin\instrument.dll C:\Program Files\Java\jre1.6.0_03\bin\ioser12.dll C:\Program Files\Java\jre1.6.0_03\bin\j2pcsc.dll C:\Program Files\Java\jre1.6.0_03\bin\j2pkcs11.dll C:\Program Files\Java\jre1.6.0_03\bin\jaas_nt.dll C:\Program Files\Java\jre1.6.0_03\bin\java-rmi.exe C:\Program Files\Java\jre1.6.0_03\bin\java.dll C:\Program Files\Java\jre1.6.0_03\bin\java.exe C:\Program Files\Java\jre1.6.0_03\bin\java_crw_demo.dll C:\Program Files\Java\jre1.6.0_03\bin\javacpl.cpl C:\Program Files\Java\jre1.6.0_03\bin\javacpl.exe C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe C:\Program Files\Java\jre1.6.0_03\bin\jawt.dll C:\Program Files\Java\jre1.6.0_03\bin\JdbcOdbc.dll C:\Program Files\Java\jre1.6.0_03\bin\jdwp.dll C:\Program Files\Java\jre1.6.0_03\bin\jli.dll C:\Program Files\Java\jre1.6.0_03\bin\jpeg.dll C:\Program Files\Java\jre1.6.0_03\bin\jpicom.dll C:\Program Files\Java\jre1.6.0_03\bin\jpiexp.dll C:\Program Files\Java\jre1.6.0_03\bin\jpinscp.dll C:\Program Files\Java\jre1.6.0_03\bin\jpioji.dll C:\Program Files\Java\jre1.6.0_03\bin\jpishare.dll C:\Program Files\Java\jre1.6.0_03\bin\jsound.dll C:\Program Files\Java\jre1.6.0_03\bin\jsoundds.dll C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Java\jre1.6.0_03\bin\jureg.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Java\jre1.6.0_03\bin\keytool.exe C:\Program Files\Java\jre1.6.0_03\bin\kinit.exe C:\Program Files\Java\jre1.6.0_03\bin\klist.exe C:\Program Files\Java\jre1.6.0_03\bin\ktab.exe C:\Program Files\Java\jre1.6.0_03\bin\management.dll C:\Program Files\Java\jre1.6.0_03\bin\msvcr71.dll C:\Program Files\Java\jre1.6.0_03\bin\net.dll C:\Program Files\Java\jre1.6.0_03\bin\nio.dll C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll C:\Program Files\Java\jre1.6.0_03\bin\npt.dll C:\Program Files\Java\jre1.6.0_03\bin\orbd.exe C:\Program Files\Java\jre1.6.0_03\bin\pack200.exe C:\Program Files\Java\jre1.6.0_03\bin\policytool.exe C:\Program Files\Java\jre1.6.0_03\bin\regutils.dll C:\Program Files\Java\jre1.6.0_03\bin\rmi.dll C:\Program Files\Java\jre1.6.0_03\bin\rmid.exe C:\Program Files\Java\jre1.6.0_03\bin\rmiregistry.exe C:\Program Files\Java\jre1.6.0_03\bin\servertool.exe C:\Program Files\Java\jre1.6.0_03\bin\splashscreen.dll C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll C:\Program Files\Java\jre1.6.0_03\bin\sunmscapi.dll C:\Program Files\Java\jre1.6.0_03\bin\tnameserv.exe C:\Program Files\Java\jre1.6.0_03\bin\unpack.dll C:\Program Files\Java\jre1.6.0_03\bin\unpack200.exe C:\Program Files\Java\jre1.6.0_03\bin\verify.dll C:\Program Files\Java\jre1.6.0_03\bin\w2k_lsa_auth.dll C:\Program Files\Java\jre1.6.0_03\bin\wsdetect.dll C:\Program Files\Java\jre1.6.0_03\bin\zip.dll C:\Program Files\Java\jre1.6.0_03\COPYRIGHT C:\Program Files\Java\jre1.6.0_03\lib\applet\WMPNS.jar C:\Program Files\Java\jre1.6.0_03\lib\calendars.properties C:\Program Files\Java\jre1.6.0_03\lib\classlist C:\Program Files\Java\jre1.6.0_03\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.6.0_03\lib\cmm\GRAY.pf C:\Program Files\Java\jre1.6.0_03\lib\cmm\LINEAR_RGB.pf C:\Program Files\Java\jre1.6.0_03\lib\cmm\sRGB.pf C:\Program Files\Java\jre1.6.0_03\lib\content-types.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy.jar C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_de.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_es.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_fr.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_it.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_ja.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_ko.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_sv.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_CN.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_HK.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\messages_zh_TW.properties C:\Program Files\Java\jre1.6.0_03\lib\deploy\splash.jpg C:\Program Files\Java\jre1.6.0_03\lib\ext\dnsns.jar C:\Program Files\Java\jre1.6.0_03\lib\ext\meta-index C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip C:\Program Files\Java\jre1.6.0_03\lib\ext\sunjce_provider.jar C:\Program Files\Java\jre1.6.0_03\lib\ext\sunmscapi.jar C:\Program Files\Java\jre1.6.0_03\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre1.6.0_03\lib\flavormap.properties C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.98.bfc C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.98.properties.src C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.bfc C:\Program Files\Java\jre1.6.0_03\lib\fontconfig.properties.src C:\Program Files\Java\jre1.6.0_03\lib\fonts\LucidaSansRegular.ttf C:\Program Files\Java\jre1.6.0_03\lib\i386\jvm.cfg C:\Program Files\Java\jre1.6.0_03\lib\im\indicim.jar C:\Program Files\Java\jre1.6.0_03\lib\im\thaiim.jar C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\cursors.properties C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Program Files\Java\jre1.6.0_03\lib\javaws.jar C:\Program Files\Java\jre1.6.0_03\lib\jce.jar C:\Program Files\Java\jre1.6.0_03\lib\jsse.jar C:\Program Files\Java\jre1.6.0_03\lib\jvm.hprof.txt C:\Program Files\Java\jre1.6.0_03\lib\logging.properties C:\Program Files\Java\jre1.6.0_03\lib\management-agent.jar C:\Program Files\Java\jre1.6.0_03\lib\management\jmxremote.access C:\Program Files\Java\jre1.6.0_03\lib\management\jmxremote.password.template C:\Program Files\Java\jre1.6.0_03\lib\management\management.properties C:\Program Files\Java\jre1.6.0_03\lib\management\snmp.acl.template C:\Program Files\Java\jre1.6.0_03\lib\meta-index C:\Program Files\Java\jre1.6.0_03\lib\net.properties C:\Program Files\Java\jre1.6.0_03\lib\plugin.jar C:\Program Files\Java\jre1.6.0_03\lib\psfont.properties.ja C:\Program Files\Java\jre1.6.0_03\lib\psfontj2d.properties C:\Program Files\Java\jre1.6.0_03\lib\resources.jar C:\Program Files\Java\jre1.6.0_03\lib\rt.jar C:\Program Files\Java\jre1.6.0_03\lib\security\cacerts C:\Program Files\Java\jre1.6.0_03\lib\security\java.policy C:\Program Files\Java\jre1.6.0_03\lib\security\java.security C:\Program Files\Java\jre1.6.0_03\lib\security\javaws.policy C:\Program Files\Java\jre1.6.0_03\lib\security\local_policy.jar C:\Program Files\Java\jre1.6.0_03\lib\security\US_export_policy.jar C:\Program Files\Java\jre1.6.0_03\lib\sound.properties C:\Program Files\Java\jre1.6.0_03\lib\tzmappings C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Abidjan C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Accra C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Addis_Ababa C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Algiers C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Asmara C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bamako C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bangui C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Banjul C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bissau C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Blantyre C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Brazzaville C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Bujumbura C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Cairo C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Casablanca C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ceuta C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Conakry C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Dakar C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Dar_es_Salaam C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Djibouti C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Douala C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\El_Aaiun C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Freetown C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Gaborone C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Harare C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Johannesburg C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kampala C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Khartoum C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kigali C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Kinshasa C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lagos C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Libreville C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lome C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Luanda C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lubumbashi C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Lusaka C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Malabo C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Maputo C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Maseru C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Mbabane C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Mogadishu C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Monrovia C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Nairobi C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ndjamena C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Niamey C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Nouakchott C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Ouagadougou C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Porto-Novo C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Sao_Tome C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Tripoli C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Tunis C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Windhoek C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Adak C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Anchorage C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Anguilla C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Antigua C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Araguaina C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Buenos_Aires C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Catamarca C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Cordoba C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Jujuy C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\La_Rioja C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Mendoza C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Rio_Gallegos C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\San_Juan C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Tucuman C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Ushuaia C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Aruba C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Asuncion C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Atikokan C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Bahia C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Barbados C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Belem C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Belize C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Blanc-Sablon C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Boa_Vista C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Bogota C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Boise C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cambridge_Bay C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Campo_Grande C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cancun C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Caracas C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cayenne C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cayman C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Chicago C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Chihuahua C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Costa_Rica C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Cuiaba C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Curacao C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Danmarkshavn C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dawson C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dawson_Creek C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Denver C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Detroit C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Dominica C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Edmonton C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Eirunepe C:\Program Files\Java\jre1.6.0_03\lib\zi\America\El_Salvador C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Fortaleza C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Glace_Bay C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Godthab C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Goose_Bay C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Grand_Turk C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Grenada C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guadeloupe C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guatemala C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guayaquil C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Guyana C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Halifax C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Havana C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Hermosillo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Indianapolis C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Knox C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Marengo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Petersburg C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Tell_City C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vevay C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vincennes C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Winamac C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Inuvik C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Iqaluit C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Jamaica C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Juneau C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Louisville C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Monticello C:\Program Files\Java\jre1.6.0_03\lib\zi\America\La_Paz C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Lima C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Los_Angeles C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Maceio C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Managua C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Manaus C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Martinique C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Mazatlan C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Menominee C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Merida C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Mexico_City C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Miquelon C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Moncton C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Monterrey C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montevideo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montreal C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Montserrat C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nassau C:\Program Files\Java\jre1.6.0_03\lib\zi\America\New_York C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nipigon C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Nome C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Noronha C:\Program Files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\Center C:\Program Files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\New_Salem C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Panama C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Pangnirtung C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Paramaribo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Phoenix C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Port-au-Prince C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Port_of_Spain C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Porto_Velho C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Puerto_Rico C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rainy_River C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rankin_Inlet C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Recife C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Regina C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Resolute C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Rio_Branco C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Santiago C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Santo_Domingo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Sao_Paulo C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Scoresbysund C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Johns C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Kitts C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Lucia C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Thomas C:\Program Files\Java\jre1.6.0_03\lib\zi\America\St_Vincent C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Swift_Current C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tegucigalpa C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Thule C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Thunder_Bay C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tijuana C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Toronto C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Tortola C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Vancouver C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Whitehorse C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Winnipeg C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Yakutat C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Yellowknife C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Casey C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Davis C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\DumontDUrville C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Mawson C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\McMurdo C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Palmer C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Rothera C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Syowa C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Vostok C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aden C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Almaty C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Amman C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Anadyr C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aqtau C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Aqtobe C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Ashgabat C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Baghdad C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bahrain C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Baku C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bangkok C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Beirut C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Bishkek C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Brunei C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Calcutta C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Choibalsan C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Chongqing C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Colombo C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Damascus C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dhaka C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dili C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dubai C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Dushanbe C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Gaza C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Harbin C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Hong_Kong C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Hovd C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Irkutsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jakarta C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jayapura C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Jerusalem C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kabul C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kamchatka C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Karachi C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kashgar C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Katmandu C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Krasnoyarsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuala_Lumpur C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuching C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Kuwait C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Macau C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Magadan C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Makassar C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Manila C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Muscat C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Nicosia C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Novosibirsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Omsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Oral C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Phnom_Penh C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Pontianak C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Pyongyang C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Qatar C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Qyzylorda C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Rangoon C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh87 C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh88 C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh89 C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Saigon C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Sakhalin C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Samarkand C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Seoul C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Shanghai C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Singapore C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Taipei C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tashkent C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tbilisi C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tehran C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Thimphu C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Tokyo C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Ulaanbaatar C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Urumqi C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Vientiane C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Vladivostok C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yakutsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yekaterinburg C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Yerevan C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Azores C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Bermuda C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Canary C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Cape_Verde C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Faroe C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Madeira C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Reykjavik C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\South_Georgia C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\St_Helena C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Stanley C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Adelaide C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Brisbane C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Broken_Hill C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Currie C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Darwin C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Eucla C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Hobart C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Lindeman C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Lord_Howe C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Melbourne C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Perth C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Sydney C:\Program Files\Java\jre1.6.0_03\lib\zi\CET C:\Program Files\Java\jre1.6.0_03\lib\zi\CST6CDT C:\Program Files\Java\jre1.6.0_03\lib\zi\EET C:\Program Files\Java\jre1.6.0_03\lib\zi\EST C:\Program Files\Java\jre1.6.0_03\lib\zi\EST5EDT C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-1 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-10 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-11 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-12 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-13 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-14 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-2 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-3 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-4 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-5 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-6 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-7 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-8 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT-9 C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\GMT C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\UCT C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\UTC C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Amsterdam C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Andorra C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Athens C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Belgrade C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Berlin C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Brussels C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Bucharest C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Budapest C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Chisinau C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Copenhagen C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Dublin C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Gibraltar C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Helsinki C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Istanbul C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Kaliningrad C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Kiev C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Lisbon C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\London C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Luxembourg C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Madrid C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Malta C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Minsk C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Monaco C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Moscow C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Oslo C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Paris C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Prague C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Riga C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Rome C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Samara C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Simferopol C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Sofia C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Stockholm C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Tallinn C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Tirane C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Uzhgorod C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vaduz C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vienna C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Vilnius C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Volgograd C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Warsaw C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Zaporozhye C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Zurich C:\Program Files\Java\jre1.6.0_03\lib\zi\GMT C:\Program Files\Java\jre1.6.0_03\lib\zi\HST C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Antananarivo C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Chagos C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Christmas C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Cocos C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Comoro C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Kerguelen C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mahe C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Maldives C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mauritius C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Mayotte C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Reunion C:\Program Files\Java\jre1.6.0_03\lib\zi\MET C:\Program Files\Java\jre1.6.0_03\lib\zi\MST C:\Program Files\Java\jre1.6.0_03\lib\zi\MST7MDT C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Apia C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Auckland C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Chatham C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Easter C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Efate C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Enderbury C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Fakaofo C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Fiji C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Funafuti C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Galapagos C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Gambier C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Guadalcanal C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Guam C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Honolulu C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Johnston C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kiritimati C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kosrae C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Kwajalein C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Majuro C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Marquesas C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Midway C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Nauru C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Niue C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Norfolk C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Noumea C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Pago_Pago C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Palau C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Pitcairn C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Ponape C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Port_Moresby C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Rarotonga C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Saipan C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tahiti C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tarawa C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Tongatapu C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Truk C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Wake C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Wallis C:\Program Files\Java\jre1.6.0_03\lib\zi\PST8PDT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\AST4 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\AST4ADT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\CST6 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\CST6CDT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\EST5 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\EST5EDT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\HST10 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\MST7 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\MST7MDT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\PST8 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\PST8PDT C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\YST9 C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\YST9YDT C:\Program Files\Java\jre1.6.0_03\lib\zi\WET C:\Program Files\Java\jre1.6.0_03\lib\zi\ZoneInfoMappings C:\Program Files\Java\jre1.6.0_03\LICENSE C:\Program Files\Java\jre1.6.0_03\PATCH.ERR C:\Program Files\Java\jre1.6.0_03\README.txt C:\Program Files\Java\jre1.6.0_03\THIRDPARTYLICENSEREADME.txt C:\Program Files\Java\jre1.6.0_03\Welcome.html C:\Program Files\rcecdxf C:\Program Files\rcecdxf\UiHlp.dll C:\WINDOWS\system32\wdgzyfmf.exe . ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 10:10 . 2008-08-15 10:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-15 10:10 . 2008-08-15 10:10 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-14 19:06 . 2008-08-14 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-08-14 17:20 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 17:20 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 11:17 . 2008-08-13 11:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-10 21:29 . 2008-08-10 21:29 <DIR> d-------- C:\Deckard 2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-10 20:56 . 2008-08-10 20:56 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-10 20:24 . 2008-04-13 19:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-08-10 20:23 . 2008-04-13 19:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll 2008-08-10 19:38 . 2008-08-10 19:38 <DIR> d-------- C:\ie-spyad_zo 2008-08-10 19:27 . 2008-08-10 19:30 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-10 16:38 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-10 16:37 . 2008-08-10 16:37 <DIR> d-------- C:\Program Files\Panda Security 2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes 2008-08-09 22:32 . 2008-08-09 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-09 22:32 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-09 22:32 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-09 16:07 . 2008-08-09 16:07 0 --a------ C:\WINDOWS\system32\FCF.tmp 2008-08-08 21:10 . 2008-08-08 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks 2008-08-07 06:18 . 2008-08-07 06:18 <DIR> d-------- C:\Documents and Settings\Michael\.Arachnophilia 2008-08-07 06:17 . 2008-08-07 06:17 <DIR> d-------- C:\Program Files\Arachnophilia 2008-07-15 22:03 . 2008-07-15 22:03 40,304 --ah----- C:\WINDOWS\system32\mlfcache.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-15 15:03 --------- d-----w C:\Program Files\Java 2008-08-15 01:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-13 23:57 --------- d-----w C:\Documents and Settings\Michael\Application Data\Skype 2008-08-13 21:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\skypePM 2008-08-12 10:47 --------- d-----w C:\Program Files\Paint.NET 2008-08-10 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-10 12:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-10 04:01 --------- d-----w C:\Program Files\Lavasoft 2008-08-09 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-03 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-07-16 02:26 --------- d-----w C:\Program Files\Picasa2 2008-07-12 14:07 --------- d-----w C:\Documents and Settings\Michael\Application Data\ICAClient 2008-07-12 14:06 --------- d-----w C:\Documents and Settings\Michael\Application Data\Runaware 2008-06-30 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-06-30 15:34 --------- d-----w C:\Program Files\Motorola Phone Tools 2008-06-30 15:31 --------- d-----w C:\Program Files\Common Files\Motorola Shared 2008-06-30 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-30 15:30 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield 2008-06-27 20:14 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-22 13:27 --------- d-----w C:\Program Files\UltraEdit 2008-06-22 13:25 1,564,236 ----a-w C:\Program Files\UltraEdit.zip 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-25 16:56 56,912 ----a-w C:\Documents and Settings\Michael\g2mdlhlpx.exe 2008-01-15 03:59 744 ----a-w C:\Documents and Settings\Michael\pass.dat 2007-12-22 12:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2005-01-01 06:53 37 ----a-w C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll 2005-01-01 06:52 127 ----a-w C:\Documents and Settings\Owner\Application Data\tvmdmns.dll 2004-12-31 20:46 163 ----a-w C:\Documents and Settings\Michael\Application Data\tvmdmns.dll 2004-12-31 20:03 28 ----a-w C:\Documents and Settings\Michael\Application Data\tvmcwrd.dll 2002-08-29 12:00 94,784 --sh--w C:\WINDOWS\twain.dll 2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-13_10.37.03.40 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-15 01:09:33 59,904 ----a-r C:\WINDOWS\Installer\{7EC96FCD-0C12-46D3-988A-FB802F138BEB}\IconA3AFE979.exe + 2008-07-07 20:26:58 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll + 2008-06-24 16:43:16 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-04-21 06:44:29 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-23 15:09:27 3,067,392 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-26 08:15:29 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-06-26 08:15:30 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-21 06:44:29 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 15:09:27 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-04-14 00:11:53 246,272 ----a-w C:\WINDOWS\system32\es.dll + 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\system32\es.dll - 2008-04-14 00:11:54 691,712 ------w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 19:04:26 691,712 ------w C:\WINDOWS\system32\inetcomm.dll - 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2008-04-14 00:11:58 73,728 ----a-w C:\WINDOWS\system32\mscms.dll + 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\system32\mscms.dll - 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-04-14 00:12:05 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-04-14 00:12:38 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-11 12:42:28 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-04-14 00:12:08 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 23:25 24576] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232] "NVIEW"="nview.dll" [2003-08-19 04:56 852038 C:\WINDOWS\system32\nview.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 04:56 4841472] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07 114688] "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23 90112] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 01:36 45056] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264] "CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 11:18 45056] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:33 53096] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "PNAgent"="C:\Program Files\PhatNoise Media Manager\PNAgent.exe" [2006-07-05 16:51 40960] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50 1603152] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400] "WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480] "dmvoq.exe"="C:\WINDOWS\system32\dmvoq.exe" [BU] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "nwiz"="nwiz.exe" [2003-08-19 04:56 323584 C:\WINDOWS\system32\nwiz.exe] "LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [2007-05-23 12:13 173680] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-01-13 08:45:57 25214] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-26 15:51:14 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 0 (0x0) "Btn_Search"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "vidc.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MindManager PDF Writer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MindManager PDF Writer.lnk backup=C:\WINDOWS\pss\MindManager PDF Writer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] --a------ 2007-06-10 19:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2003-02-11 22:02 61440 C:\hp\KBD\kbd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-09-22 19:20 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2003-12-10 04:52 380928 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe] --a------ 2007-12-22 07:57 6742016 C:\Program Files\Pamela\Pamela.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] --a------ 2003-07-11 13:51 57344 C:\Program Files\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"= "C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"= "C:\\Program Files\\Best Buy Digital Music Store Powered by Rhapsody\\rhapsody.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 NEOFLTR_530_10641;Juniper Networks TDI Filter Driver (NEOFLTR_530_10641);C:\WINDOWS\system32\Drivers\NEOFLTR_530_10641.SYS [2006-04-27 00:40] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 10:49] R3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 15:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e2986f-2c64-11dd-a400-000ea6631781}] \Shell\AutoRun\command - K:\Launch.exe /run . Contents of the 'Scheduled Tasks' folder 2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2008-08-14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-02-16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 10:09:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE . ********************************************************************** . Completion time: 2008-08-15 10:20:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 15:20:38 ComboFix2.txt 2008-08-13 15:38:22 Pre-Run: 30,958,436,352 bytes free Post-Run: 30,979,305,472 bytes free 916 --- E O F --- 2008-08-15 03:36:23 ***************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:24 AM, on 8/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\LTMSG.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\PhatNoise Media Manager\PNAgent.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Media Manager\PNAgent.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [dmvoq.exe] C:\WINDOWS\system32\dmvoq.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.38/ttinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B7D92DE-C59E-4A96-8384-87D106A9DE5B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F9852F02-FE8C-49A1-86BC-15688CF57C8D}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0689CEC2-8D77-4684-9520-B9193268E020}: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 16488 bytes Thanks, Michael.