OTListIt Extras logfile created on: 5/7/2009 7:43:56 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 377.18 Mb Available Physical Memory | 53.69% Memory free
1.68 Gb Paging File | 1.32 Gb Available in Paging File | 78.56% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 131.89 Gb Free Space | 90.93% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.24 Gb Free Space | 56.31% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-E33A47D287
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.html [@ = htmlfile] – C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
“EnableFirewall” = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Application Loader (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe::Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe::Enabled:AOLTopSpeed File not found
C:\Program Files\Common Files\AOL\1236643324\EE\AOLServiceHost.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe::Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe::Enabled:AOL (Gteko Ltd.)
%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\AIM6\aim6.exe::Enabled:AIM (AOL LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{15377C3E-9655-400F-B441-E69F0A6BEAFE}” = Recovery Software Suite eMachines
“{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}” = Scan
“{21E75254-410E-49C4-8981-2E1A2A2221F2}” = HP Diagnostic Assistant
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{2405665A-16C9-4D3A-B70E-F006220E1472}” = Overland
“{267868CE-6DFF-40F7-9C58-C01119B7B117}” = Fax
“{26A24AE4-039D-4CA4-87B4-2F83216013FF}” = Java™ 6 Update 13
“{287ECFA4-719A-2143-A09B-D6A12DE54E40}” = Acrobat.com
“{2B43252C-A1E3-4C47-927C-9F2C276D3515}” = S3GSetup
“{2BBC9458-07CA-4843-848B-5C8146E5EFA8}” = CreativeProjects
“{2C927BC2-D402-4781-97BD-920E415847A2}” = 6200Trb
“{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}” = AiOSoftware
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3AE681E0-4E8D-453F-950A-48534D3C0724}” = Copy
“{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}” = HPSystemDiagnostics
“{41254D7B-EADF-4078-AE4A-BD73B300EE86}” = Unload
“{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}” = Microsoft Works
“{457791C5-D702-4143-A7B2-2744BE9573F2}” = HP Software Update
“{597D73A8-5FDB-4bc1-9893-40B54459F1BC}” = ProductContext
“{5B8B3C61-BDF7-4882-807E-A30AF1A64A9C}” = 6200
“{65563451-00B6-458C-9F9A-03A7757355A6}” = Compact Wireless-G USB Network Adapter with SpeedBooster
“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD
“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable
“{76EFFC7C-17A6-479D-9E47-8E658C1695AE}” = Windows Backup Utility
“{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}” = Digital Media Reader
“{8777AC6D-89F9-4793-8266-DE406F343E89}” = QFolder
“{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}” = Napster Burn Engine
“{91110409-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Professional Edition 2003
“{94FB906A-CF42-4128-A509-D353026A607E}” = REALTEK Gigabit and Fast Ethernet NIC Driver
“{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}” = SkinsHP1
“{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}” = QuickProjects
“{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}” = PrintScreen
“{A1062847-0846-427A-92A1-BB8251A91E91}” = HP PSC & OfficeJet 4.2
“{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}” = PhotoGallery
“{A2500497-FD32-493e-B8E5-28D6728DBEF5}” = Readme
“{A2BCA9F1-566C-4805-97D1-7FDC93386723}” = Adobe AIR
“{A4EA3AB4-E78C-4286-96DF-26035507CE55}” = AiO_Scan
“{AC76BA86-7AD7-1033-7B44-A91000000001}” = Adobe Reader 9.1
“{B32C75F2-7495-4D01-9431-C11E97D66F8C}” = DocProc
“{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}” = Director
“{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}” = CreativeProjectsTemplates
“{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}” = DocumentViewer
“{BBBCAE4B-B416-4182-A6F2-438180894A81}” = Napster
“{BCC992E5-5C81-4066-9B55-03DC10B24D21}” = InstantShare
“{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}” = TrayApp
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}” = getPlus(R) for Adobe
“{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}” = Lets Ride Corral Club
“{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}” = Ad-Aware
“{EC8673DA-F96B-497E-B2DB-BC7B029FD680}” = BufferChm
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime - (v9.0.30729)
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime - v9.0.30729.01
“{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}” = Destinations
“{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}” = WebReg
“{F8CA8A19-48E5-4510-BD5C-B148862D8439}” = 6200_Help
“{FB08F381-6533-4108-B7DD-039E11FBC27E}” = Realtek AC’97 Audio
“{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}” = CueTour
“Ad-Aware” = Ad-Aware
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
“AIM_6” = AIM 6
“AOL Toolbar” = AOL Toolbar
“AOL YGP Screensaver” = AOL You’ve Got Pictures Screensaver
“AolCoach2_en” = AOL Coach Version 2.0(Build:20041026.5 en)
“avast!” = avast! Antivirus
“BigFix” = BigFix
“CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1” = SoftV92 Data Fax Modem with SmartCP
“HijackThis” = HijackThis 2.0.2
“HP Photo & Imaging” = HP Image Zone 4.2
“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs
“ie7” = Windows Internet Explorer 7
“InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}” = Digital Media Reader
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Money2005b” = Microsoft Money 2005
“Mozilla Firefox (3.0.7)” = Mozilla Firefox (3.0.7)
“Nero PhotoShow Elite” = Nero PhotoShow Elite
“NeroMultiInstaller!UninstallKey” = Nero Suite
“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs
“OnlineArmor_is1” = Online Armor 3.0
“QuickTime” = QuickTime
“RealPlayer 6.0” = RealPlayer Basic
“VIA/S3G UniChrome Family Win2K/XP Display” = VIA/S3G Display Driver
“ViewpointMediaPlayer” = Viewpoint Media Player
“VLC media player” = VLC media player 0.9.8a
“Windows Live OneCare safety scanner” = Windows Live OneCare safety scanner
“Windows Media Format Runtime” = Windows Media Format Runtime
“Windows Media Player” = Windows Media Player 10
“Windows XP Service Pack” = Windows XP Service Pack 3
“Yahoo! Companion” = Yahoo! Toolbar
“Yahoo! Messenger” = Yahoo! Messenger
“Yahoo! Search Defender” = Yahoo! Search Protection
“Yahoo! Software Update” = Yahoo! Software Update
“YInstHelper” = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2009 4:00:34 AM | Computer Name = YOUR-E33A47D287 | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Professional Edition 2003 – Error 1719.
The Windows Installer Service could not be accessed. This can occur if you are
running Windows in safe mode, or if the Windows Installer is not correctly installed.
Contact your support personnel for assistance.

Error - 4/29/2009 4:00:34 AM | Computer Name = YOUR-E33A47D287 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update ‘Update
for Outlook 2003: Junk E-mail Filter (KB969376): OUTLFLTR’ could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 5/7/2009 8:00:21 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2009 8:01:20 PM | Computer Name = YOUR-E33A47D287 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips OADevice Processor

Error - 5/7/2009 8:01:44 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2009 8:02:26 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service StiSvc with
arguments “” in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/7/2009 8:03:54 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2009 8:14:51 PM | Computer Name = YOUR-E33A47D287 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips OADevice Processor

Error - 5/7/2009 8:14:59 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2009 8:17:17 PM | Computer Name = YOUR-E33A47D287 | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2009 8:23:44 PM | Computer Name = YOUR-E33A47D287 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-491F9BB9C8 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2442D6D6-36B. The master browser is stopping or an election is being
forced.

Error - 5/7/2009 8:38:53 PM | Computer Name = YOUR-E33A47D287 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp

< End of report >

I think this was the result of the first ot list log ?

Files moved on Reboot…
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DF4219.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DFA1E6.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DFE290.tmp moved successfully.

Registry entries deleted on Reboot…

I dont know how to get mba log b/c computer made me restart before i could save the log

If you mean the MBAM MalwareBytes AntiMalware, run it again to open it and click the Logs tab and that will display the list of all previous logs.

Hi Jamboy,

That was part of the OTLISIT2 log created when you ran the fix. The log can be found at C:_OTListIt\MovedFiles In the right hand panel you should see a file that is a series of numbers ending with .log.

For the MBAM log do as DavidR said. Open MBAM and click on the logs tab. It will simply be named mbam-log followed by a date. Click on it then click the Open button.

Since we are dealing with vundo, the quicker and harder we hit, the easier it will be to get it all.

Thanks

Malwarebytes’ Anti-Malware 1.36
Database version: 2090
Windows 5.1.2600 Service Pack 3

5/7/2009 7:36:34 PM
mbam-log-2009-05-07 (19-36-34).txt

Scan type: Quick Scan
Objects scanned: 101662
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) → Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fuyuvugo.dll (Trojan.Vundo.H) → Quarantined and deleted successfully.
C:\WINDOWS\system32\oguvuyuf.ini (Trojan.Vundo.H) → Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) → Quarantined and deleted successfully.
C:\WINDOWS\system32\bafuvisi.exe (Trojan.Vundo.V) → Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\WINDOWS\system32\zavisomu.exe (Trojan.Vundo.V) → Quarantined and deleted successfully.
C:\WINDOWS\system32\zizedilo.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\MWSSVC.EXE (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Agent) → Delete on reboot.
C:\WINDOWS\system32\fozehuka.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\femawiko.dll (Trojan.Vundo) → Delete on reboot.

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\system32\yodedafi.dll not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05072009_185947

Files moved on Reboot…
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DF4219.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DFA1E6.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DFE290.tmp moved successfully.

Registry entries deleted on Reboot…

hi old timer posted all the logs and yes this is for the living room computer, please let me know if i need to do anything else and as far as i can tell comp is running fine so far.

Hi Jamboy,

old timer

OldTimer creates the tools, I just get to play with them.

Some more to remove with OTLISTIT2.

.
Next, Double click on OTList2.exe
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[*]Do Not copy the word CODE
[*]please note the fix starts with the :

:OTLI
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
[1 C:\WINDOWS\*.tmp files]:Services
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [Aim6]  File not found

:Reg

:Files
C:\WINDOWS\System32\osusoley.ini
C:\WINDOWS\System32\ovalejat.ini
C:\WINDOWS\System32\ewotevuz.ini
C:\WINDOWS\System32\ihuwulod.ini
C:\WINDOWS\System32\otekifol.ini
C:\WINDOWS\System32\omunajid.ini
C:\WINDOWS\System32\unihuvov.ini
C:\WINDOWS\System32\aredufak.ini
C:\WINDOWS\System32\ayuzilas.ini
C:\WINDOWS\System32\nanehutu.dll
C:\WINDOWS\System32\osakohiv.ini
C:\WINDOWS\System32\elavasak.ini
C:\WINDOWS\System32\odetevej.ini
C:\WINDOWS\System32\apuwowek.ini
C:\WINDOWS\imsins.BAK
C:\WINDOWS\System32\utobakoh.ini

:Commands
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

[]Let the program run unhindered
[]Please save the resulting log to be posted in your next reply.

.
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you – please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

.
Please post back with

• OTLIST2 log
• combofix log
• new HJT log taken last
  Thanks

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
File C:\WINDOWS*.tmp not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Aim6 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\osusoley.ini moved successfully.
C:\WINDOWS\System32\ovalejat.ini moved successfully.
C:\WINDOWS\System32\ewotevuz.ini moved successfully.
C:\WINDOWS\System32\ihuwulod.ini moved successfully.
C:\WINDOWS\System32\otekifol.ini moved successfully.
C:\WINDOWS\System32\omunajid.ini moved successfully.
C:\WINDOWS\System32\unihuvov.ini moved successfully.
C:\WINDOWS\System32\aredufak.ini moved successfully.
C:\WINDOWS\System32\ayuzilas.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nanehutu.dll
C:\WINDOWS\System32\nanehutu.dll NOT unregistered.
C:\WINDOWS\System32\nanehutu.dll moved successfully.
C:\WINDOWS\System32\osakohiv.ini moved successfully.
C:\WINDOWS\System32\elavasak.ini moved successfully.
C:\WINDOWS\System32\odetevej.ini moved successfully.
C:\WINDOWS\System32\apuwowek.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\System32\utobakoh.ini moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp~DF72BA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp~DFDB1C.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05092009_113736

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
File C:\WINDOWS*.tmp not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Aim6 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\osusoley.ini moved successfully.
C:\WINDOWS\System32\ovalejat.ini moved successfully.
C:\WINDOWS\System32\ewotevuz.ini moved successfully.
C:\WINDOWS\System32\ihuwulod.ini moved successfully.
C:\WINDOWS\System32\otekifol.ini moved successfully.
C:\WINDOWS\System32\omunajid.ini moved successfully.
C:\WINDOWS\System32\unihuvov.ini moved successfully.
C:\WINDOWS\System32\aredufak.ini moved successfully.
C:\WINDOWS\System32\ayuzilas.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nanehutu.dll
C:\WINDOWS\System32\nanehutu.dll NOT unregistered.
C:\WINDOWS\System32\nanehutu.dll moved successfully.
C:\WINDOWS\System32\osakohiv.ini moved successfully.
C:\WINDOWS\System32\elavasak.ini moved successfully.
C:\WINDOWS\System32\odetevej.ini moved successfully.
C:\WINDOWS\System32\apuwowek.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\System32\utobakoh.ini moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp~DF72BA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp~DFDB1C.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05092009_113736

Files moved on Reboot…
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp~DF72BA.tmp not found!
File C:\Documents and Settings\Owner\Local Settings\Temp~DFDB1C.tmp not found!
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_c4.dat not found!

Registry entries deleted on Reboot…

Hi Jamboy,

Do you have the other logs?

ComboFix 09-05-08.03 - Owner 05/09/2009 11:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.423 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090508-0] On-access scanning disabled (Updated)
FW: Online Armor Firewall enabled
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\abusalel.ini
c:\windows\system32\debahase.dll
c:\windows\system32\foyuroke.exe
c:\windows\system32\gebuhobo.exe
c:\windows\system32\hupetetu.dll
c:\windows\system32\husaleno.dll
c:\windows\system32\ikezigip.ini
c:\windows\system32\iyefunol.ini
c:\windows\system32\lelasuba.dll
c:\windows\system32\lonufeyi.dll
c:\windows\system32\lujisosa.dll
c:\windows\system32\mowufelu.exe
c:\windows\system32\pigizeki.dll
c:\windows\system32\puwenesu.dll
c:\windows\system32\rupetapa.exe
c:\windows\system32\sizulase.exe
c:\windows\system32\titodopu.exe
c:\windows\system32\wojifoge.exe
c:\windows\system32\zehifoze.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-08 00:15 . 2009-05-08 00:15 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-08 00:15 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 00:15 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 00:15 . 2009-05-08 00:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 00:15 . 2009-05-08 00:15 -------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2009-05-07 23:26 . 2009-05-07 23:26 -------- d-----w C:_OTListIt
2009-05-03 22:56 . 2009-05-03 22:56 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-01 17:19 . 2009-05-01 17:21 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 16:42 . 2009-05-01 16:45 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-01 16:42 . 2009-05-01 16:42 -------- d-----w c:\program files\NOS
2009-05-01 16:38 . 2009-05-01 16:38 -------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2009-04-27 19:23 . 2009-04-27 19:23 -------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-04-25 15:54 . 2009-04-25 15:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-25 15:53 . 2009-04-25 15:53 -------- d-----w c:\program files\Java
2009-04-25 04:42 . 2009-04-25 04:42 -------- d-----w c:\documents and settings\Owner\Application Data\Viewpoint
2009-04-22 17:26 . 2009-04-22 17:30 -------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-04-21 03:01 . 2009-05-09 16:31 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Application Data\OnlineArmor
2009-04-21 01:28 . 2009-05-09 16:47 -------- d-----w c:\documents and settings\Owner\Application Data\OnlineArmor
2009-04-21 01:28 . 2009-04-21 01:28 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-04-21 01:27 . 2008-12-13 07:26 30920 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-04-21 01:27 . 2008-12-13 07:26 28872 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-04-21 01:27 . 2008-12-13 07:26 178376 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-04-21 01:27 . 2009-04-21 01:27 -------- d-----w c:\program files\Tall Emu
2009-04-20 19:55 . 2009-04-20 19:55 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Ahead
2009-04-20 01:02 . 2009-04-20 01:02 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Application Data\InstallShield Installation Information
2009-04-20 01:01 . 2009-04-20 01:01 -------- d-----w c:\program files\ValuSoft
2009-04-20 01:00 . 2009-04-20 01:00 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Application Data\InstallShield
2009-04-15 19:39 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:39 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:39 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 19:39 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:39 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:39 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:39 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:39 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:39 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:37 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 19:37 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 23:38 . 2009-04-14 23:38 -------- d-----w c:\program files\Trend Micro
2009-04-12 23:31 . 2009-04-12 23:31 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Application Data\acccore
2009-04-12 23:30 . 2009-04-12 23:30 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Local Settings\Application Data\AOL OCP
2009-04-12 23:30 . 2009-04-12 23:30 -------- d-----w c:\documents and settings\home.YOUR-E33A47D287\Local Settings\Application Data\AOL
2009-04-11 23:38 . 2009-04-11 23:38 -------- d-----w c:\documents and settings\Owner\Application Data\acccore
2009-04-11 23:38 . 2009-04-11 23:38 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\AOL OCP
2009-04-11 23:38 . 2009-04-11 23:38 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\AOL
2009-04-11 23:35 . 2009-04-11 23:35 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-11 23:35 . 2009-04-11 23:39 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-11 22:51 . 2009-04-11 22:51 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-04-11 22:45 . 2009-04-11 23:38 -------- d-----w c:\program files\AIM6

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 08:59 . 2009-03-09 23:49 -------- d-----w c:\program files\Google
2009-04-25 01:01 . 2009-03-21 05:09 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-25 01:00 . 2009-03-21 04:00 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-11 23:36 . 2009-03-10 00:02 -------- d-----w c:\program files\Viewpoint
2009-04-11 23:35 . 2009-03-10 00:01 -------- d-----w c:\program files\Common Files\AOL
2009-04-11 22:50 . 2009-03-21 03:02 -------- d-----w c:\program files\Yahoo!
2009-04-11 16:25 . 2009-04-01 03:06 47752 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 03:47 . 2009-04-07 03:38 166 ----a-w c:\documents and settings\home.YOUR-E33A47D287\Application Data\wklnhst.dat
2009-04-01 11:44 . 2009-03-22 15:33 47752 ----a-w c:\documents and settings\home.YOUR-E33A47D287\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 04:00 . 2009-04-01 03:53 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-01 03:18 . 2009-04-01 03:18 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-01 03:06 . 2009-04-01 03:06 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-03-22 15:32 . 2009-03-22 15:32 143 ----a-w c:\documents and settings\home.YOUR-E33A47D287\Local Settings\Application Data\fusioncache.dat
2009-03-22 15:30 . 2009-03-22 14:24 104352 ----a-w c:\windows\hpoins04.dat
2009-03-22 15:23 . 2009-03-22 12:12 -------- d-----w c:\program files\HP
2009-03-22 14:59 . 2009-03-22 14:59 -------- d-----w c:\program files\Common Files\HP
2009-03-22 14:57 . 2009-03-22 14:57 -------- d-----w c:\program files\Hewlett-Packard
2009-03-22 14:56 . 2009-03-22 14:56 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-22 14:43 . 2009-03-22 14:43 -------- d-----w c:\program files\VideoLAN
2009-03-22 12:30 . 2004-08-26 18:03 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-22 10:09 . 2009-03-10 00:08 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-22 10:02 . 2009-03-22 09:35 -------- d-----w c:\program files\Ahead
2009-03-22 09:56 . 2009-03-22 09:35 -------- d-----w c:\program files\Common Files\Ahead
2009-03-21 16:46 . 2009-03-21 16:46 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-21 16:46 . 2009-03-21 16:46 -------- d-----w c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster
2009-03-21 05:03 . 2009-03-21 05:03 -------- d-----w c:\program files\MSXML 4.0
2009-03-21 03:59 . 2009-03-21 03:59 -------- d-----w c:\program files\Lavasoft
2009-03-21 03:33 . 2009-03-10 00:02 -------- d-----w c:\program files\Pure Networks
2009-03-21 03:06 . 2009-03-21 03:06 -------- d-----w c:\program files\Alwil Software
2009-03-21 02:48 . 2009-03-10 00:05 -------- d-----w c:\program files\AvRack
2009-03-21 02:47 . 2009-03-10 00:02 -------- d-----w c:\program files\AOL Toolbar
2009-03-15 03:53 . 2009-03-09 23:47 -------- d–h–w c:\program files\InstallShield Installation Information
2009-03-10 00:03 . 2009-03-10 00:03 8552 ----a-w c:\windows\system32\drivers\asctrm.sys
2009-03-10 00:01 . 2009-03-10 00:01 335 ----a-w c:\windows\nsreg.dat
2009-03-09 23:23 . 2009-03-09 23:23 60 ----a-w c:\windows\system32\SYSDRV.DAT
2009-03-06 14:22 . 2006-02-23 00:55 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-02-23 00:57 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-02-23 00:52 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2006-02-23 00:53 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-23 00:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2006-02-23 00:55 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-23 00:49 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2006-02-23 00:57 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-25 17:19 . 2009-01-25 17:19 68608 --sha-w c:\windows\system32\fubatuzo.dll.tmp
2009-01-25 17:19 . 2009-01-25 17:19 68608 --sha-w c:\windows\system32\jozoyona.dll.tmp
2009-01-25 17:19 . 2009-01-25 17:19 68608 --sha-w c:\windows\system32\perowimi.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
“Search Protection”=“c:\program files\Yahoo!\Search Protection\SearchProtection.exe” [2008-10-07 111856]
“YSearchProtection”=“c:\program files\Yahoo!\Search Protection\SearchProtection.exe” [2008-10-07 111856]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“PhotoShow Deluxe Media Manager”=“c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe” [2004-11-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunKistEM”=“c:\program files\Digital Media Reader\shwiconem.exe” [2004-11-15 135168]
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-03 32768]
“Recguard”=“c:\windows\SMINST\RECGUARD.EXE” [2002-09-14 212992]
“Reminder”=“c:\windows\Creator\Remind_XP.exe” [2005-03-15 966656]
“YSearchProtection”=“c:\program files\Yahoo!\Search Protection\SearchProtection.exe” [2008-10-07 111856]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe” [2009-04-25 516440]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2004-02-12 49152]
“HP Component Manager”=“c:\program files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 241664]
“@OnlineArmor GUI”=“c:\program files\Tall Emu\Online Armor\oaui.exe” [2008-12-13 6223048]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-03-10 98304]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-25 148888]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“VTTimer”=“VTTimer.exe” - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
“VTTrayp”=“VTtrayp.exe” - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
“SoundMan”=“SOUNDMAN.EXE” - c:\windows\soundman.exe [2005-04-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2009-3-9 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Common Files\AOL\Loader\aolload.exe”=
“c:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”=
“c:\Program Files\AIM6\aim6.exe”=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/20/2009 11:00 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/20/2009 10:07 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/20/2009 8:27 PM 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/20/2009 8:27 PM 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/20/2009 8:27 PM 28872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/20/2009 10:07 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/20/2009 8:27 PM 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/11/2009 6:36 PM 24652]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [3/21/2009 11:46 AM 53307]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 953168]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/20/2009 8:27 PM 3321032]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/1/2009 11:42 AM 33176]
.
Contents of the ‘Scheduled Tasks’ folder

2009-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

• c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:00]
  .
  .
  ------- Supplementary Scan -------
  .
  uStart Page = hxxp://www.google.com/
  uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
  uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
  uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  FF - ProfilePath -
  .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 11:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2009-05-09 12:00
ComboFix-quarantined-files.txt 2009-05-09 17:00

Pre-Run: 142,087,163,904 bytes free
Post-Run: 142,600,314,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

224 — E O F — 2009-04-29 20:01

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:17 PM, on 5/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [@OnlineArmor GUI] “C:\Program Files\Tall Emu\Online Armor\oaui.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555312500
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file - 9268 bytes

Hey Oldman sorry about the name mix up i posted all the log please let me know, and as always thanks for all the help.