LandzDown Forum

Hi, Acrylic_Duckie.  Welcome to LandzDown Forum.

Different vendors refer to various trojans by their selected nomenclature.  Regardless of the "name", you have a serious problem and seeing no software firewall has given the means for easy transmission of your data.  Thus, regardless of the name, whether it be generic or specifically identified, MBAM has identified "Backdoor.Bot".  As defined by Sunbelt:

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security.  In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The decision whether to reformat or not should be based on:

• The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  
• The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE you need to consider carefully your options.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

• Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
• Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
• If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:

 Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.

• From a clean computer, change ALL your online passwords -- for ISP login, email,  banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  
• Take any other steps you think appropriate for an attempted identity theft.

While you are deciding whether to reformat and re-install, a useful link is here: http://www.dslreports.com/faq/10063

Please let me know what you decide.

Hi, Acrylic_Duckie. 

Because there is no way of knowing how long the Backdoor.Bot was on your computer and you had no firewall to prevent it from "calling home", I suggest going to a family member, friend or neighbor's house or even the public library.  Log on to your accounts to change the passwords.  Do not log on to those accounts from the infected machine until it is either cleaned or re-formatted.  I would also advise you to check your bank and credit card statements to be sure there is no unusual activity. 

Although handy, I don't think you need an external hard drive for this process.  You can back up important documents to a CD or a Flash Drive.  Another option, if you have a Hotmail account is to use SkyDrive.  You can zip files and upload them to private folders there.  See http://skydrive.live.com/welcomemoreinfo.aspx

As indicated above, if you re-format, you are better off reinstalling your software or downloading it again from the vendor's site because you cannot tell if it too has been infected. 

The Windows Firewall with XP SP2 and SP3 does not monitor or block outbound traffic.  The Windows Vista Firewall is a major improvement, being a two-way firewall and also providing the ability to create rules. 

It really isn't feasible to back up 85 GB to SkyDrive. My concern, obviously, is with the protection of your personal information.  Most public libraries have free internet access.  They generally don't allow unlimited access (i.e., time restrictions).  However, spending a half hour or so at the public library changing your password to your bank and credit card accounts is certainly better than chancing the alternative.

Now let's see what we can do to clean your computer.  Just remember that even when clean, because the Backdoor.bot was not the only trojan on your computer, you really need to change your passwords and check your account statements. 

We will start with ComboFix.  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2
Link 3

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
  
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click "Yes" to continue scanning for malware.
• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
  

Hi, Acrylic_Duckie.  Those were all services that ComboFix removed.  There appears to be one more that we'll take care as well.  However, first I'd like you to take care of updating vulnerable software and then run ComboFix and an online scan.

If you have a licensed version of Adobe Acrobat, it needs to be updated as there have been a number of vulnerabilities reported this past week.  You will also need to update Adobe Flash.  Just watch for the pre-checked extras when installing the updates.  http://www.adobe.com/products/ 

I would also like to be sure that the vulnerable versions of SunJava are off your computer.  Please download JavaRa and unzip it to your desktop.

• Double-click on JavaRa.exe to start the program.
  
• Click on Remove Older Versions to remove older versions of Java.
  
• A logfile will pop up. Please save it to a convenient location.

=====================

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

File::
C:\WINDOWS\system32\solewxte.exe

Driver::
solewxte


• Save this as CFScript.txt and place it on your desktop.
  
• Close any open browsers
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

=====================

Next an on-line scan.  In fact, I would prefer that you do two separate scans with a shutdown/restart in between. 

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Note:

• This scan is best done from IE (Internet Explorer)
• Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here: http://www.kaspersky.com/kos/eng/partner/default/languages/english/check.html?n=1223851135704

• Read the Requirements and limitations before you click Accept.
  
• Once the database has downloaded, click My Computer in the left pane
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Note: To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

=====================

Shutdown/restart

=====================

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

[list=1]

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
• After the scanner is initialized, click Start.
  
• Uncheck (untick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
• Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

=====================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=====================

Logs Required
ComboFix Log
Kaspersky Scan Log
ESET Nod32 Log
Hijackthis Log

I have about 85GB of "stuff" on my computer

It takes a while to scan all those files. 

Of course I'm right.   

Okay here goes...


JavaRa
JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Nov 09 14:09:55 2008

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Nov 09 14:10:59 2008

------------------------------------

Finished reporting.






ComboFix

ComboFix 08-11-07.01 - Owner 2008-11-09 14:18:13.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.133 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
c:\windows\system32\solewxte.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SOLEWXTE
-------\Service_solewxte


(((((((((((((((((((((((((   Files Created from 2008-10-09 to 2008-11-09  )))))))))))))))))))))))))))))))
.

2008-11-09 14:01 . 2008-11-09 14:01   <DIR>   d--------   c:\program files\Common Files\Adobe AIR
2008-11-09 13:36 . 2008-11-09 14:15   <DIR>   d--------   c:\program files\NOS
2008-11-09 13:36 . 2008-11-09 14:15   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\NOS
2008-11-07 21:22 . 2008-11-07 21:22   <DIR>   d--------   c:\program files\Trend Micro
2008-11-07 19:31 . 2008-11-07 19:31   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-11-07 19:31 . 2008-11-07 19:31   <DIR>   d----c---   c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-07 19:31 . 2008-11-07 19:31   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 19:31 . 2008-10-22 16:10   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 19:31 . 2008-10-22 16:10   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-10-27 22:44 . 2008-10-27 22:44   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-10-24 02:36 . 2008-10-15 09:34   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 05:13 . 2008-09-08 03:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-10-15 05:07 . 2008-09-15 05:12   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-10-15 05:06 . 2008-08-14 03:11   2,189,184   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 05:06 . 2008-08-14 03:09   2,145,280   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 05:06 . 2008-08-14 02:33   2,066,048   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 05:06 . 2008-08-14 02:33   2,023,936   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 21:10   ---------   d-----w   c:\program files\Java
2008-11-09 21:00   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-28 05:45   ---------   d-----w   c:\program files\Lavasoft
2008-10-28 05:42   ---------   dc----w   c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-28 05:31   ---------   dc--a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-10-28 05:31   ---------   d-----w   c:\program files\SpywareBlaster
2008-10-21 13:30   ---------   d-----w   c:\program files\LimeWire
.

(((((((((((((((((((((((((((((   snapshot@2008-11-09_11.31.46.89   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 22:06:42   295,606   ----a-r   c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-09-13 01:25:08   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-09 20:37:22   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-13 01:25:08   32,768   ----a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-09 20:37:22   32,768   ----a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-13 01:25:08   32,768   ----a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-09 20:37:22   32,768   ----a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-05 17:44:39   88,590   ----a-w   c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-09 21:05:10   89,102   ----a-w   c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-08-15 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 98304]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-11 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-10-30 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= lvfwwdmt.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\utorrent.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-18 76040]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\Drivers\RIOXDRV.sys [2003-02-06 18304]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;c:\docume~1\Owner\LOCALS~1\Temp\TCCpuInfo.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0139f1c3-0909-11da-ad6b-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a99c35-0aaa-11da-92d3-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 14:31:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-09 14:41:40 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-09 21:41:18
ComboFix2.txt  2008-11-09 18:33:09

Pre-Run: 29,519,986,688 bytes free
Post-Run: 29,526,982,656 bytes free

157   --- E O F ---   2008-10-24 12:22:42


Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Sunday, November 9, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Sunday, November 09, 2008 20:42:17
 Records in database: 1377092
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Scan statistics:
   Files scanned: 66612
   Threat name: 6
   Infected objects: 8
   Suspicious objects: 0
   Duration of the scan: 02:12:23


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\oduxftw.sys.vir   Infected: Trojan-Clicker.Win32.VB.bwv   1
C:\WINDOWS\system32\tmp0_123501601221.bk.old   Infected: Trojan.Win32.DNSChanger.inr   1
C:\WINDOWS\system32\tmpxr_447400678105.bk   Infected: Trojan.Win32.Delf.ffb   1
C:\WINDOWS\system32\tmpxr_489966761291.bk   Infected: Trojan.Win32.Delf.ffb   1
C:\WINDOWS\system32\tmpxr_676259759994.bk   Infected: Trojan.Win32.Delf.ffb   1
C:\WINDOWS\system32\tmpxr_794261529486.bk   Infected: Trojan.Win32.Delf.ffa   1
C:\WINDOWS\system32\xdufytw.sys   Infected: Trojan-Clicker.Win32.VB.cfx   1
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe   Infected: not-a-virus:AdWare.Win32.SearchIt.t   1

The selected area was scanned.


ESET

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3597 (20081108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=5b8c246fa514a24ab4f77014dcf7a939
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-10 03:21:22
# local_time=2008-11-09 08:21:23 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=478257
# found=40
# scan_time=3987
C:\Qoobox\Quarantine\C\WINDOWS\system32\oduxftw.sys.vir   a variant of Win32/TrojanClicker.VB.NET trojan   88CDEA496B34E47B9F2DC97451C7BBA1
C:\WINDOWS\system32\tmpxr_113965127447.bk   a variant of Win32/Adware.Coolezweb application   8F6962F8A46949A98235F3C74A541A4F
C:\WINDOWS\system32\tmpxr_121863277018.bk   a variant of Win32/Adware.Coolezweb application   52FB2D88CB0DB98999BBB98E95AD9334
C:\WINDOWS\system32\tmpxr_1326257771.bk   a variant of Win32/Adware.Coolezweb application   6A319C395576EEAA4EA7F09FA6B422CC
C:\WINDOWS\system32\tmpxr_165775457855.bk   a variant of Win32/Adware.Coolezweb application   3AFFA06F04BAD17861804952E7DF1122
C:\WINDOWS\system32\tmpxr_169135620091.bk   a variant of Win32/Adware.Coolezweb application   52FB2D88CB0DB98999BBB98E95AD9334
C:\WINDOWS\system32\tmpxr_171298367478.bk   a variant of Win32/Adware.Coolezweb application   C229D16C6B40D8F047AF9E555FE8044B
C:\WINDOWS\system32\tmpxr_251882775017.bk   a variant of Win32/Adware.Coolezweb application   502501DE0F95674BE0162E59DAECE0CB
C:\WINDOWS\system32\tmpxr_25968696129.bk   a variant of Win32/Adware.Coolezweb application   853614CE021CE4E0E11D99D6DF45F832
C:\WINDOWS\system32\tmpxr_26122537045.bk   a variant of Win32/Adware.Coolezweb application   983CF12D541C9BB67C36EDD08FA9D109
C:\WINDOWS\system32\tmpxr_269187402835.bk   a variant of Win32/Adware.Coolezweb application   97B7B582A261F43A8CEAB02A2FFD3CF8
C:\WINDOWS\system32\tmpxr_285632302436.bk   a variant of Win32/Adware.Coolezweb application   716A11A3CF71B13A236D3123B2E98C51
C:\WINDOWS\system32\tmpxr_312730456670.bk   a variant of Win32/Adware.Coolezweb application   F910A95C0936D60DCA50C3F463B3504C
C:\WINDOWS\system32\tmpxr_34150561193.bk   a variant of Win32/Adware.Coolezweb application   BBE6CDAAF9717B481C2196462830FBAF
C:\WINDOWS\system32\tmpxr_3584318732.bk   a variant of Win32/Adware.Coolezweb application   2B71088ACCB7834656E6FD594D05C69D
C:\WINDOWS\system32\tmpxr_360057757864.bk   a variant of Win32/Adware.Coolezweb application   DFAC592A2F1AF0A3CFE43640D43E4BD8
C:\WINDOWS\system32\tmpxr_38291189300.bk   a variant of Win32/Adware.Coolezweb application   2B71088ACCB7834656E6FD594D05C69D
C:\WINDOWS\system32\tmpxr_39277030322.bk   a variant of Win32/Adware.Coolezweb application   21EED78CB2BD68C5B03C3848C2A9AA53
C:\WINDOWS\system32\tmpxr_447400678105.bk   a variant of Win32/Adware.Coolezweb application   A116E713FB9FCAB812AE59DD7A605C14
C:\WINDOWS\system32\tmpxr_455615451612.bk   a variant of Win32/Adware.Coolezweb application   B2B53CE1261AB0CF77144CC6A911E80D
C:\WINDOWS\system32\tmpxr_456497128999.bk   a variant of Win32/Adware.Coolezweb application   C229D16C6B40D8F047AF9E555FE8044B
C:\WINDOWS\system32\tmpxr_4871851931.bk   a variant of Win32/Adware.Coolezweb application   851D00F24841AA0681E108C1175DA194
C:\WINDOWS\system32\tmpxr_489168222975.bk   a variant of Win32/Adware.Coolezweb application   163F0BCDCBF11FE86FB61E664FDC4B39
C:\WINDOWS\system32\tmpxr_489966761291.bk   a variant of Win32/Adware.Coolezweb application   A116E713FB9FCAB812AE59DD7A605C14
C:\WINDOWS\system32\tmpxr_534074182103.bk   a variant of Win32/Adware.Coolezweb application   851D00F24841AA0681E108C1175DA194
C:\WINDOWS\system32\tmpxr_565000482036.bk   a variant of Win32/Adware.Coolezweb application   EA75A8E5C07A88ED3E49FCD78A475574
C:\WINDOWS\system32\tmpxr_574770524087.bk   a variant of Win32/Adware.Coolezweb application   97C570C61E06DF455FA668C6F6CE69CD
C:\WINDOWS\system32\tmpxr_649333806314.bk   a variant of Win32/Adware.Coolezweb application   48E44646132A3C8ACB5A6D7425000DDF
C:\WINDOWS\system32\tmpxr_676259759994.bk   a variant of Win32/Adware.Coolezweb application   291FB5FC3D20C4B6F83FE84FA9C16A64
C:\WINDOWS\system32\tmpxr_692387680604.bk   a variant of Win32/Adware.Coolezweb application   AF6C9F8E6686158B8FA4A688A7F89E9A
C:\WINDOWS\system32\tmpxr_721629774584.bk   a variant of Win32/Adware.Coolezweb application   F910A95C0936D60DCA50C3F463B3504C
C:\WINDOWS\system32\tmpxr_745220870253.bk   a variant of Win32/Adware.Coolezweb application   48E44646132A3C8ACB5A6D7425000DDF
C:\WINDOWS\system32\tmpxr_748103197388.bk   a variant of Win32/Adware.Coolezweb application   853614CE021CE4E0E11D99D6DF45F832
C:\WINDOWS\system32\tmpxr_751599731368.bk   a variant of Win32/Adware.Coolezweb application   52FB2D88CB0DB98999BBB98E95AD9334
C:\WINDOWS\system32\tmpxr_76728704160.bk   a variant of Win32/Adware.Coolezweb application   070A8B879C4446DB6297C2C95DA6FA9F
C:\WINDOWS\system32\tmpxr_776903365217.bk   a variant of Win32/Adware.Coolezweb application   E00A71833991D6230974E81A7A86C356
C:\WINDOWS\system32\tmpxr_794261529486.bk   a variant of Win32/Adware.Coolezweb application   C07951E5D404E994BE4F2CDCE038BB1C
C:\WINDOWS\system32\tmpxr_839050459708.bk   a variant of Win32/Adware.Coolezweb application   502501DE0F95674BE0162E59DAECE0CB
C:\WINDOWS\system32\tmpxr_847666733972.bk   a variant of Win32/Adware.Coolezweb application   851D00F24841AA0681E108C1175DA194
C:\WINDOWS\system32\xdufytw.sys   a variant of Win32/TrojanClicker.VB.NET trojan   6197371802831C2554BD828B1E71F9DD


Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:56 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.22.58.150/activex/AxisCamControl.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9838 bytes



Now, what do I do to remove all this junk???