Inactive Another Kiwee Toolbar Problem

flannery · 2010/02/12

[Inactive] Another Kiwee Toolbar Problem

Yup, I too have been infected with the dratted Kiwee Toolbar! I've tried Unblocker to no avail, I've been running MalwareBytes but got this anyway. A scan shows no problems - Ha! I tried moveonboot, nothing removed~

I will download the programs you direct and will wait to hear from someone about what info to post from logs.

Any help will be most appreciated, thank you!

flannery · 2010/02/12

Logs posted, hope I did it right! I also had tried doing a restore twice and of course Kiwee is still there. I deleted Kiwee file in Safe Mode and restarted it and of course Kiwee file was back

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 17:48:57.70 on Fri 02/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.48 [GMT -8:00]

AV: Protector Plus Anti-virus Software *On-access scanning enabled* (Updated) {2BA05D34-0674-49A3-8DDA-DC7C8007484B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROTEC~1\PPTbc.EXE
C:\PROTEC~1\PPInupdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Protector Plus\POPSCAN.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Protector Plus\PPAVMon.exe
C:\Protector Plus\PPServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Protector Plus Taskbar Control] c:\protec~1\PPTbc.EXE
mRun: [Protector Plus InstaUpdate] c:\protec~1\PPInupdt.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [KiweeHook] "c:\program files\kiwee toolbar\3.2\kwtbaim.exe "
IE: Dogpile Search - file://c:\documents and settings\owner\application data\dogpiletbar\SelectedContextSearch_Dogpile Search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212780651515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2d9kbk7f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={6af0f100-bf5a-11dd-a09c-00167635e9ca}&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10752\AGCoreService.exe [2010-2-10 20480]
R2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service;c:\protector plus\PPAVMON.EXE [2008-6-6 62128]
R2 ProtectorPlusService;Protector Plus Service;c:\protector plus\PPSERV.EXE [2008-6-6 78512]
R3 PPDrv;Protector Plus Driver;c:\protector plus\PPDRV.SYS [2008-6-6 703792]
R3 PPEMSCAN;Protector Plus Email Scan Driver;c:\protector plus\PPEMSCAN.SYS [2008-6-6 19272]
S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
S2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-11-30 10240]

=============== Created Last 30 ================

2010-02-13 01:26:27 0 d-----w- c:\program files\Kiwee Toolbar
2010-02-13 01:26:17 0 d-----w- c:\program files\UnifiedToolbar
2010-02-12 15:17:22 0 d-----w- c:\program files\trend micro
2010-02-12 04:38:08 0 d-----w- c:\docume~1\owner\applic~1\EMCO
2010-02-12 04:37:12 0 d-----w- c:\program files\EMCO
2010-02-12 04:17:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Kiwee Toolbar
2010-02-12 01:51:54 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-02-12 00:30:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 00:30:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-11 23:20:22 0 d-----w- c:\docume~1\owner\applic~1\Desktopicon
2010-02-11 21:47:29 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-11 21:43:51 0 d-----w- c:\windows\LastGood(2)
2010-02-11 19:03:54 124400 ------w- c:\windows\HPHins12.dat.temp
2010-02-11 19:03:53 14916 ------w- c:\windows\hphmdl12.dat.temp
2010-02-11 17:22:42 0 d-----w- c:\windows\pss
2010-02-11 16:49:25 0 d-----w- c:\program files\Unlocker
2010-02-11 16:21:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Kiwee Toolbar(2)
2010-02-06 19:58:10 0 d-----w- c:\docume~1\owner\applic~1\Easy Thumbnails
2010-02-06 19:57:47 0 d-----w- c:\program files\Easy Thumbnails
2010-02-03 20:51:26 14916 ------w- c:\windows\hphmdl12.dat
2010-02-03 20:51:26 124323 ----a-w- c:\windows\HPHins12.dat
2010-01-26 23:26:32 23085 ----a-w- c:\windows\hpqins15.dat
2010-01-26 22:59:07 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate

==================== Find3M ====================

2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-06-08 01:21:07 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060720080608\index.dat

============= FINISH: 17:49:52.37 ===============

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2008 11:53:22 AM
System Uptime: 2/12/2010 5:43:48 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2528/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 66.414 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP122: 11/6/2009 3:10:16 PM - Installed Java(TM) 6 Update 17
RP123: 11/8/2009 11:40:46 AM - RegCure Backup
RP124: 11/11/2009 4:33:59 PM - Software Distribution Service 3.0
RP125: 11/14/2009 8:34:37 AM - RegCure Backup
RP126: 11/18/2009 9:13:28 AM - System Checkpoint
RP127: 11/19/2009 2:27:37 PM - System Checkpoint
RP128: 11/24/2009 4:50:47 PM - System Checkpoint
RP129: 11/25/2009 8:22:32 AM - Software Distribution Service 3.0
RP130: 12/9/2009 9:02:12 AM - Software Distribution Service 3.0
RP131: 12/26/2009 11:15:26 AM - RegCure Backup
RP132: 1/7/2010 1:19:22 PM - System Checkpoint
RP133: 1/13/2010 8:33:35 AM - Software Distribution Service 3.0
RP134: 1/15/2010 9:07:41 PM - System Checkpoint
RP135: 1/22/2010 8:34:44 AM - Software Distribution Service 3.0
RP136: 1/24/2010 1:31:16 PM - Removed HP Smart Web Printing
RP137: 1/24/2010 1:32:40 PM - Removed HPSU306Stub
RP138: 1/24/2010 1:32:45 PM - Removed HP Update
RP139: 1/24/2010 1:33:08 PM - Removed HPSSupply
RP140: 1/24/2010 1:41:23 PM - Installed HPSU306Stub
RP141: 1/26/2010 2:59:22 PM - Removed HPSU306Stub
RP142: 1/27/2010 3:15:38 PM - Installed Java(TM) 6 Update 18
RP143: 2/3/2010 12:24:09 PM - Removed HP Update.
RP144: 2/3/2010 12:24:40 PM - Removed HPSSupply
RP145: 2/3/2010 1:03:14 PM - Installed HPSU306Stub
RP146: 2/4/2010 3:24:59 PM - Removed HPSU306Stub
RP147: 2/10/2010 7:57:02 AM - Software Distribution Service 3.0
RP148: 2/11/2010 8:36:33 AM - RegCure Backup
RP149: 2/11/2010 9:25:53 AM - Restore Operation
RP150: 2/11/2010 1:38:38 PM - Restore Operation
RP151: 2/11/2010 1:51:13 PM - Software Distribution Service 3.0
RP152: 2/11/2010 3:08:11 PM - Removed HPSSupply
RP153: 2/11/2010 3:09:14 PM - Removed HPSU306Stub
RP154: 2/11/2010 3:09:19 PM - Removed HP Update
RP155: 2/11/2010 3:10:16 PM - Removed HP Smart Web Printing
RP156: 2/11/2010 3:17:27 PM - RegCure Backup
RP157: 2/11/2010 4:05:59 PM - Software Distribution Service 3.0
RP158: 2/11/2010 8:37:11 PM - Installed EMCO MoveOnBoot v2.1
RP159: 2/12/2010 7:01:36 AM - RegCure Backup

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIO_Scan
Bookworm Deluxe
BufferChm
Conexant D850 56K V.9x DFVc Modem
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
eBay Icon
eGames GameButler
EMCO MoveOnBoot v2.1
eSupportQFolder
F4100
F4100_doccd
F4100_Help
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HPProductAssistant
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
Mahjongg Master 4
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Protector Plus for Windows
PSSWCORE
Real Alternative 1.8.2
RegCure
Scan
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SolutionCenter
SoundMAX
Status
Toolbox
TrayApp
UnloadSupport
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Webshots Desktop
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/12/2010 5:15:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/12/2010 5:15:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/12/2010 5:14:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/12/2010 5:14:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/2010 5:14:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/2010 5:14:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/2010 5:14:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/2010 5:13:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/12/2010 5:13:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/11/2010 9:21:22 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
2/11/2010 9:21:22 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL. Reference error message: The operation completed successfully. .
2/11/2010 9:21:22 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
2/11/2010 9:02:53 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Kiwee Toolbar\3.2\MFC80U.DLL. Reference error message: The operation completed successfully. .
2/11/2010 8:31:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AG Core Services service to connect.
2/11/2010 8:31:29 AM, error: Service Control Manager [7000] - The AG Core Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2010 7:17:52 PM, error: Service Control Manager [7034] - The AG Core Services service terminated unexpectedly. It has done this 1 time(s).
2/11/2010 3:08:24 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
2/11/2010 2:54:51 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Incorrect function.
2/11/2010 12:04:07 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
2/11/2010 1:24:08 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AGWinService service.
2/11/2010 1:15:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
2/11/2010 1:15:26 PM, error: Service Control Manager [7000] - The Protector Plus Driver service failed to start due to the following error: Insufficient system resources exist to complete the requested service.

==== End Of File ===========================

broni · 2010/02/12

Start with going to Add\Remove and uninstalling these three items:
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
Post fresh DDS log afterwards.

flannery · 2010/02/12

LOL, oh yea! I tried that first, and it would be removed and the next time I sign on it is back, all three of those. Now, my system is so messed up the add/remove won't remove anything!

broni · 2010/02/12

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

flannery · 2010/02/13

OTL logfile created on: 2/13/2010 6:57:29 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 39.00% Memory free
625.00 Mb Paging File | 433.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 66.40 Gb Free Space | 89.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/13 06:51:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
PRC - [2009/11/25 11:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
PRC - [2009/10/25 23:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/01 17:36:15 | 000,062,128 | ---- | M] (Proland Software) -- C:\Protector Plus\PPAVMON.EXE
PRC - [2009/05/01 17:36:14 | 001,159,856 | ---- | M] (Proland Software) -- C:\Protector Plus\PPINUPDT.EXE
PRC - [2009/05/01 17:36:14 | 000,774,832 | ---- | M] (Proland Software ) -- C:\Protector Plus\POPSCAN.EXE
PRC - [2009/05/01 17:36:13 | 001,278,640 | ---- | M] (Proland Software ) -- C:\Protector Plus\PPTBC.EXE
PRC - [2009/05/01 17:36:13 | 000,078,512 | ---- | M] (Proland Software) -- C:\Protector Plus\PPSERV.EXE
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/05 14:23:14 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/04/05 14:19:18 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

========== Modules (SafeList) ==========

MOD - [2010/02/13 06:51:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2009/10/25 23:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/01 17:36:15 | 000,062,128 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPAVMon.exe -- (ProtectorPlusAVMonitor)
SRV - [2009/05/01 17:36:13 | 000,078,512 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPServ.exe -- (ProtectorPlusService)
SRV - [2009/03/03 13:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/11/30 19:44:28 | 000,010,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
SRV - [2007/06/04 21:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 21:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={6af0f100-bf5a-11dd-a09c-00167635e9ca}&q= "

FF - HKLM\software\mozilla\Firefox\extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox [2010/02/12 17:26:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 21:32:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 16:20:48 | 000,000,000 | ---D | M]

[2008/08/27 05:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/11 21:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\extensions
[2009/01/15 13:29:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/07 14:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\extensions\2008-07-31
[2009/06/14 12:17:57 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\searchplugins\bing.xml
[2010/02/10 10:53:16 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\searchplugins\kiwee-toolbar.xml
[2010/02/11 21:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober459718.gif
[2009/11/30 13:30:56 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober459718.src

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dogpile Toolbar) - {A057A204-BACC-4D26-889E-3DB98DE17499} - C:\Program Files\dogpiletbar\dogpiletbar.dll (InfoSpace, Inc. All Rights Reserved )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {A057A204-BACC-4D26-889E-3DB98DE17499} - C:\Program Files\dogpiletbar\dogpiletbar.dll (InfoSpace, Inc. All Rights Reserved )
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {A057A204-BACC-4D26-889E-3DB98DE17499} - C:\Program Files\dogpiletbar\dogpiletbar.dll (InfoSpace, Inc. All Rights Reserved )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Protector Plus InstaUpdate] C:\Protector Plus\PPINUPDT.EXE (Proland Software)
O4 - HKLM..\Run: [Protector Plus Taskbar Control] C:\Protector Plus\PPTBC.EXE (Proland Software )
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Dogpile Search - C:\Documents and Settings\Owner\Application Data\DOGPILETBAR\SelectedContextSearch_Dogpile Search.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212780651515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 11:10:34 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/12 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Kiwee Toolbar
[2010/02/12 17:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
[2010/02/12 07:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/12 07:17:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/11 21:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2010/02/11 20:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EMCO
[2010/02/11 20:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\EMCO
[2010/02/11 20:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/02/11 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/11 16:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/11 15:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2010/02/11 13:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/02/11 13:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/02/11 13:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2010/02/11 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\HP
[2010/02/11 09:22:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/11 08:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/02/11 08:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2)
[2010/02/10 10:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar
[2010/02/10 07:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/10 07:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/06 12:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2010/02/06 11:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Easy Thumbnails
[2010/02/06 11:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Thumbnails
[2010/02/03 15:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/02/03 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/02/03 13:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/11/30 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2008/07/23 19:25:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/06/06 12:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/06 10:54:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/06 10:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/13 06:45:11 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/02/13 06:45:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 06:45:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/12 21:27:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/12 21:27:10 | 003,010,560 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/12 21:26:56 | 001,575,220 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/12 21:26:45 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/02/12 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/02/11 20:37:54 | 000,013,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/11 20:37:24 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EMCO MoveOnBoot v2.lnk
[2010/02/11 16:08:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 15:20:25 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2010/02/11 13:48:39 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 13:01:43 | 000,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/11 13:01:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/11 11:25:26 | 000,124,323 | ---- | M] () -- C:\WINDOWS\HPHins12.dat
[2010/02/11 09:31:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 08:40:32 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/02/03 15:12:15 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/02/03 13:08:23 | 000,124,400 | ---- | M] () -- C:\WINDOWS\HPHins12.dat.temp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/11 20:37:24 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EMCO MoveOnBoot v2.lnk
[2010/02/11 15:20:25 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2010/02/11 11:03:54 | 000,124,400 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2010/02/11 11:03:53 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2010/02/11 08:40:30 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/02/03 15:12:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/02/03 12:51:26 | 000,124,323 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2010/02/03 12:51:26 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/05/22 06:42:51 | 000,021,380 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/30 19:43:48 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/11/30 19:43:48 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/06/25 18:57:53 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2008/06/07 15:51:45 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/06/06 10:59:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/11 21:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/02/11 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/02/11 13:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2)
[2009/11/30 13:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/07/05 13:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/02/12 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/11 21:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\agi
[2010/02/11 15:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2008/12/05 07:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dogpiletbar
[2010/02/11 13:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Easy Thumbnails
[2010/02/11 20:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EMCO
[2009/03/03 09:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryDefense
[2008/11/30 19:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
[2010/02/12 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/02/13 06:45:11 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/02/11 08:40:32 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/06 11:52:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/06 11:52:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/06 11:52:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/06 11:52:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 07:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 14:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 14:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/06 03:39:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/06 03:39:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/06 03:39:13 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

flannery · 2010/02/13

OTL Extras logfile created on: 2/13/2010 6:57:29 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 39.00% Memory free
625.00 Mb Paging File | 433.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 66.40 Gb Free Space | 89.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43}" = Kiwee Chatbar
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = Kiwee Toolbar for Internet Explorer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4A19DAA-6F5E-4F96-BAE1-84E34E726AE1}" = EMCO MoveOnBoot v2.1
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"eBay Icon" = eBay Icon
"eGames GameButler" = eGames GameButler
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Mahjongg Master 4" = Mahjongg Master 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Protector Plus" = Protector Plus for Windows
"RealAlt_is1" = Real Alternative 1.8.2
"RegCure" = RegCure
"Unlocker" = Unlocker 1.8.8
"Webshots Desktop_is1" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 12:10:07 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 12:10:17 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 12:10:19 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 12:10:20 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 12:10:39 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 5:23:54 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 5:24:04 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 5:24:06 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 5:24:09 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 1/24/2010 5:24:39 PM | Computer Name = TERRY | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

[ System Events ]
Error - 2/12/2010 11:53:06 PM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/12/2010 11:53:06 PM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/12/2010 11:53:06 PM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/12/2010 11:53:06 PM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/12/2010 11:53:27 PM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/13/2010 10:45:34 AM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/13/2010 10:45:34 AM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/13/2010 10:45:34 AM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/13/2010 10:45:34 AM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 2/13/2010 10:45:51 AM | Computer Name = TERRY | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

< End of report >

broni · 2010/02/13

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2009/11/25 11:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
FF - prefs.js..browser.search.defaultenginename:  "Kiwee Toolbar "
[2010/02/10 10:53:16 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\searchplugins\kiwee-toolbar.xml
O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
[2010/02/12 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Kiwee Toolbar
[2010/02/11 20:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2010/02/11 08:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2)
[2010/02/10 10:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{10deb052-db5d-32a6-9ff2-200e810d1a7b}" =-
 "{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43}" =-
 "{8aade841-03c5-486a-b048-bb112cc0cac5}" =-


:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

flannery · 2010/02/13

All processes killed
========== OTL ==========
No active process named kwtbaim.exe was found!
Prefs.js: "Kiwee Toolbar" removed from browser.search.defaultenginename
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2d9kbk7f.default\searchplugins\kiwee-toolbar.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiweeHook deleted successfully.
C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe moved successfully.
C:\Program Files\Kiwee Toolbar\3.2 folder moved successfully.
C:\Program Files\Kiwee Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar\images folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar\config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2)\images(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2)\config(2) folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar(2) folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar\Logs folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{10deb052-db5d-32a6-9ff2-200e810d1a7b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10deb052-db5d-32a6-9ff2-200e810d1a7b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{8aade841-03c5-486a-b048-bb112cc0cac5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aade841-03c5-486a-b048-bb112cc0cac5}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bungard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213847 bytes

User: Owner
->Temp folder emptied: 80044487 bytes
->Temporary Internet Files folder emptied: 13432984 bytes
->Java cache emptied: 51177071 bytes
->FireFox cache emptied: 142130961 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181852 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44536774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23968624 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 732538 bytes
RecycleBin emptied: 744742 bytes

Total Files Cleaned = 343.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.28.0 log created on 02132010_095639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/02/13

Very good
Any signs of Kiwee?

flannery · 2010/02/13

After running last OTL scan my search of files and folders for Kiwee showed 38 files associated with it.

One other thing I've found is that when I click on webshots to remove it from my programs, up pops a file that unzips and installs kiwee. I believe I got the bug when a pop up that kept appearing saying Webshots Desktop Update and says there is an update available to click yes or no, and I finally clicked yes to get rid of it, is when the kiwee was downloaded.

I was able to delete Webshots by going to program files and deleting it, but it is still in the add/remove list and again, when you click on it up comes the installation of kiwee again.

flannery · 2010/02/13

Sorry, no, everytime I check search I find it has added yet another kiwee file. After I ran the fix and rebooted I checked search and found 37 files, another check just now has it at 38.

broni · 2010/02/13

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
kiwee
webshots
:regfind
kiwee
webshots
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

flannery · 2010/02/13

UNCLE! Thanks for the help, but nothing works, I've started reformatting the computer. I just bet the buggers that come up with things like kiwee come on forums like this to find new ways of getting around the ways to clean it.

I KNOW that ya'll haven't heard the last of kiwee and to anyone who says that it is harmless, I wish them many many downloads of it

broni · 2010/02/13

Alrighty then...
Good luck

Log in or Sign up

Inactive Another Kiwee Toolbar Problem

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Another Kiwee Toolbar Problem

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

flannery Inactive Thread Starter

broni Moderator Malware Analyst

flannery Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches