1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Kiwee Toolbar removal problems.

Discussion in 'Malware and Virus Removal Archive' started by coldwaterjohn, 2010/02/14.

Page 6 of 7
  1. 2010/02/17
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Do not worry about the print screen now as you have already confirmed what I thought regarding the location of those files.
    The Kiwee entries that are not in the quarantined folders should be able to be deleted manually.
    Can you have a go at deleting them. If you have problems, post back the exact file path and we will use a tool to deal with them.
    As I said before, I do not use FireFox and am unfamiliar with where the entries are. I will take a stab and say that it is in the prefs.js file. Where that is located is the key.
    You are on the right track though, I believe.

    Here we go; http://kb.mozillazine.org/Prefs.js_file

    You should be able to delete the unifiedtoolbar line inside the .js file.
     
    crunchie,
    #101
  2. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    Crunchie - I typed About:config in the http line in my firefox. It came up with a list included in which were these two entries:

    agcore.default.extid;unifiedtoolbar@aginteractive.com and
    agcore.default.appid;utb

    Within this section I can't see any way to delete them, but I will see if I can track the prefs.js files - I found a whole bunch by doing a search. What text editor can I use to open them?
     
    coldwaterjohn,
    #102


  3. to hide this advert.

  4. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    I managed to open the prefs.js files in notepad, searched for Unified, and UTB, and deleted references to them.
     
    coldwaterjohn,
    #103
  5. 2010/02/17
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Just got a reply from Broni and this is the way to do it;

    ==

    Now, a scan with OTL should show if the entries are really gone. Reboot your PC before running the scan.
     
    crunchie,
    #104
  6. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    The Firefox actions done! Here is the OTL text from a QUICK SCAN.
    OTL logfile created on: 18/02/2010 02:11:11 - Run 7
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 67.46 Gb Free Space | 45.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 111.79 Gb Total Space | 55.72 Gb Free Space | 49.85% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    Drive G: | 698.64 Gb Total Space | 116.38 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: REBUILD-D13FF10
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/02/15 13:13:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/01/16 03:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2009/12/12 18:12:23 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/12 18:12:23 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/11/25 13:12:16 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/25 13:12:14 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/11/25 13:12:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/10/31 13:48:40 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    PRC - [2009/10/26 07:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/12/14 10:14:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2009/10/26 07:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/02/15 13:13:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/01/28 18:18:47 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
    SRV - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
    SRV - [2009/12/17 11:15:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/25 13:12:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/11/22 03:45:48 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/03/24 03:16:36 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - [2009/01/15 10:55:28 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c976ffca94367e) Google Update Service (gupdate1c976ffca94367e)
    SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
    SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: " "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.order.1: "Web Search "
    FF - prefs.js..browser.search.order.2: "Google "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial "
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "[url http://www.google.com/search?ie=UTF-...ient&gfns=1&q=[/url] "
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/10/29 01:49:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 18:13:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/25 13:12:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/27 08:49:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/02/14 12:54:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 13:36:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 21:44:02 | 000,000,000 | ---D | M]

    [2009/04/04 08:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2009/04/04 08:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\uploadr@flickr.com
    [2010/02/17 23:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions
    [2009/06/24 11:39:06 | 000,000,000 | ---D | M] (Google Enhancer - True Knowledge) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{7738069b-91db-41a0-91d2-7b06ca79d2e1}
    [2009/06/22 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
    [2009/12/14 14:28:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/07/02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\isreaditlater@ideashower(2).com
    [2010/02/17 23:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
    [2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
    [2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/02/17 22:46:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/13 12:13:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/09/01 13:54:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/02/16 22:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2010/02/16 10:56:10 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/02/16 01:16:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/02/15 22:22:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/02/15 22:20:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/02/15 22:20:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/02/15 22:20:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/02/15 22:20:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/02/15 22:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/02/15 22:05:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/02/15 12:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/02/15 12:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2010/02/15 08:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2010/02/15 08:57:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/15 08:57:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/14 22:58:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/14 22:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
    [2010/02/14 20:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
    [2010/02/14 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/02/14 14:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
    [2010/02/14 13:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/02/14 10:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/02/14 10:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/02/11 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/02/08 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
    [2009/12/17 08:57:35 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEPHSPCS4_LS1.exe
    [2009/11/25 13:05:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/11/25 13:05:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/11/25 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/02/12 08:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/02/11 10:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/02/10 12:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/02/05 17:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/02/18 01:53:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/02/18 01:25:00 | 000,411,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kiwee Search Result_Part_One.jpg
    [2010/02/18 01:24:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2010/02/18 00:57:21 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
    [2010/02/18 00:45:03 | 000,008,397 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_0045
    [2010/02/18 00:44:02 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2010/02/18 00:41:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/02/18 00:41:15 | 000,191,207 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/02/18 00:41:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/02/18 00:41:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/18 00:41:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/18 00:38:09 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
    [2010/02/18 00:04:11 | 000,008,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_00.04
    [2010/02/17 22:46:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/02/17 22:44:04 | 000,008,835 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis17022010_2244
    [2010/02/17 17:46:24 | 000,391,130 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jtmmroad 26 10 2004.gdb
    [2010/02/17 17:44:42 | 000,030,696 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/02/17 17:21:08 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\find.bat
    [2010/02/17 17:08:23 | 002,040,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/02/17 16:00:47 | 002,720,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADDRESSES 08 01 03.OR3
    [2010/02/17 16:00:47 | 000,001,334 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADDRESSES 08 01 03.GCF
    [2010/02/17 12:51:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/02/17 10:32:51 | 055,761,015 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/02/16 16:20:54 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Mail -.URL
    [2010/02/16 16:04:57 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HDR PhotoStudio 2.lnk
    [2010/02/16 13:20:44 | 000,005,703 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ligo Invoice for Siemens SL 785 phones_17052931.pdf
    [2010/02/16 09:30:58 | 000,453,695 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Silent Runners.vbs
    [2010/02/16 01:36:18 | 000,109,884 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Silent Runners.zip
    [2010/02/16 01:00:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\cscript.exe
    [2010/02/16 00:45:41 | 001,735,036 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Siemens Gigaset SL785 Manual.pdf
    [2010/02/16 00:05:54 | 000,008,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_23.59GMT
    [2010/02/15 23:53:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/15 23:37:09 | 000,008,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log 23.36GMT_15_02_2010
    [2010/02/15 22:44:53 | 000,008,572 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log
    [2010/02/15 22:25:55 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/02/15 22:25:55 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2010/02/15 22:10:53 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/02/15 22:07:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/02/15 21:40:52 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/02/15 12:24:31 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/02/15 12:23:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/02/15 08:57:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/14 18:44:42 | 000,000,053 | ---- | M] () -- C:\biosinfo
    [2010/02/14 18:32:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/02/14 18:09:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/14 13:13:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/02/14 13:10:57 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2010/02/14 12:05:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/02/14 10:38:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/11 12:53:55 | 000,207,864 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rum chocolate mousse recipe.jpg
    [2010/02/07 12:59:28 | 001,206,199 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fa_win_ug_en.pdf
    [2010/02/05 23:37:24 | 000,017,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\n627563390_9071.jpg
    [2010/02/04 18:59:30 | 004,443,656 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QDF
    [2010/02/04 18:59:30 | 002,332,194 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QSD
    [2010/02/04 18:47:14 | 000,000,132 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~QW~LINK.QDT
    [2010/02/04 15:45:37 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Legal and Geneal Details of investment.doc
    [2010/02/04 12:32:03 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QEL
    [2010/02/04 12:32:02 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Q3.DIR
    [2010/02/04 11:25:44 | 001,880,115 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scan011.jpg
    [2010/02/04 11:14:47 | 001,530,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scan010.jpg
    [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/02/18 01:24:57 | 000,411,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kiwee Search Result_Part_One.jpg
    [2010/02/18 00:45:03 | 000,008,397 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_0045
    [2010/02/18 00:38:09 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
    [2010/02/18 00:04:11 | 000,008,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_00.04
    [2010/02/17 22:44:04 | 000,008,835 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis17022010_2244
    [2010/02/17 17:22:17 | 000,001,793 | ---- | C] () -- C:\Program Files\ProgramFiles.txt
    [2010/02/17 17:21:08 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\find.bat
    [2010/02/16 16:20:54 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Mail -.URL
    [2010/02/16 13:20:44 | 000,005,703 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ligo Invoice for Siemens SL 785 phones_17052931.pdf
    [2010/02/16 01:44:18 | 000,109,884 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Silent Runners.zip
    [2010/02/16 01:39:08 | 000,453,695 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Silent Runners.vbs
    [2010/02/16 01:00:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\cscript.exe
    [2010/02/16 00:45:41 | 001,735,036 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Siemens Gigaset SL785 Manual.pdf
    [2010/02/16 00:05:54 | 000,008,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_23.59GMT
    [2010/02/15 23:37:09 | 000,008,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log 23.36GMT_15_02_2010
    [2010/02/15 22:44:53 | 000,008,572 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log
    [2010/02/15 22:22:18 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/02/15 22:22:15 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/02/15 22:20:48 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/02/15 22:20:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/02/15 22:20:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/02/15 22:20:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/02/15 22:20:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/02/15 21:39:58 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/02/15 12:24:31 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/02/15 12:03:04 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2010/02/15 08:57:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/14 18:09:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/14 12:05:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/02/11 12:53:55 | 000,207,864 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Rum chocolate mousse recipe.jpg
    [2010/02/07 12:59:17 | 001,206,199 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fa_win_ug_en.pdf
    [2010/02/05 23:37:23 | 000,017,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\n627563390_9071.jpg
    [2010/02/04 15:39:05 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Legal and Geneal Details of investment.doc
    [2010/02/04 11:25:43 | 001,880,115 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scan011.jpg
    [2010/02/04 11:14:45 | 001,530,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scan010.jpg
    [2010/01/16 03:06:18 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
    [2009/12/20 11:28:22 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
    [2009/12/17 08:57:35 | 853,860,607 | ---- | C] () -- C:\Program Files\ADBEPHSPCS4_LS1.7z
    [2009/12/07 20:35:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2009/12/06 17:36:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
    [2009/05/21 00:21:20 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mm-device-08.ini
    [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2009/01/29 14:26:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2009/01/10 16:36:55 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QHI.INI
    [2008/12/23 00:50:14 | 000,004,096 | -HS- | C] () -- C:\Program Files\Thumbs.db
    [2008/12/21 10:24:11 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
    [2008/12/15 18:25:37 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2008/12/15 18:25:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2008/12/14 13:26:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
    [2008/12/14 13:26:38 | 000,001,704 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2008/12/14 04:03:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/12/14 02:29:55 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/14 01:09:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/12/13 19:19:57 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2008/12/13 19:19:57 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
    [2008/12/13 19:19:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4870EFGD.ini
    [2008/12/13 19:01:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
    [2008/12/13 13:14:01 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2008/12/13 12:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
    [2008/12/13 12:41:10 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
    [2008/12/13 12:41:08 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
    [2008/12/13 12:41:08 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
    [2008/12/13 12:41:08 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
    [2008/12/13 12:41:07 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
    [2008/12/13 12:41:07 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
    [2008/12/13 12:29:31 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\C6501rm.dll
    [2008/12/13 12:29:31 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl
    [2008/12/13 12:28:36 | 000,004,571 | R--- | C] () -- C:\WINDOWS\C6501.ini.cfg
    [2008/12/13 12:28:30 | 000,000,326 | R--- | C] () -- C:\WINDOWS\c6501.ini
    [2008/12/13 12:27:57 | 000,012,377 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/12/13 12:24:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2008/12/13 12:24:17 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/11/26 03:03:47 | 048,668,560 | ---- | C] () -- C:\Program Files\MapSource_6123.exe
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/04/14 12:00:00 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
    [2007/08/15 06:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
    [2006/06/01 09:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/06/01 09:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1996/02/22 02:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
    [1996/01/17 02:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
    [1996/01/15 02:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll

    ========== LOP Check ==========

    [2008/12/22 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2009/12/17 18:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/02/14 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/12/14 12:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2009/12/27 08:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009/06/03 22:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
    [2009/02/10 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009/12/28 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2009/02/10 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/12/16 13:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
    [2009/10/24 23:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/13 19:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/11/25 10:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2009/09/25 06:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/27 09:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/08/31 21:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2009/02/27 16:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
    [2008/12/24 01:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/12/21 10:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deskPDF
    [2010/02/16 22:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2009/01/06 01:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
    [2009/03/02 01:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2009/04/04 08:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flickr
    [2009/08/06 03:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
    [2009/03/20 00:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HDRsoft
    [2008/12/13 13:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
    [2009/03/21 11:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lucis
    [2010/01/29 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
    [2010/01/29 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia Ovi Suite
    [2009/03/21 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
    [2009/02/10 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
    [2009/06/09 13:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\mskb928080.exe:SummaryInformation
    < End of report >
     
    coldwaterjohn,
    #105
  7. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    Ignore previous log - done without having rebooted p.c. Here's one post rebooting:
    OTL logfile created on: 18/02/2010 02:17:56 - Run 8
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 67.46 Gb Free Space | 45.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 111.79 Gb Total Space | 55.72 Gb Free Space | 49.85% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    Drive G: | 698.64 Gb Total Space | 116.38 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: REBUILD-D13FF10
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/02/15 13:13:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    PRC - [2009/12/12 18:12:23 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/12 18:12:23 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/11/25 13:12:16 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/25 13:12:14 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/11/25 13:12:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/10/31 13:48:40 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    PRC - [2009/10/26 07:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/03/24 03:16:36 | 000,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    PRC - [2008/12/14 10:14:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2009/10/26 07:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/02/15 13:13:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/01/28 18:18:47 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
    SRV - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
    SRV - [2009/12/17 11:15:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/25 13:12:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/11/22 03:45:48 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/03/24 03:16:36 | 000,183,280 | ---- | M] (Google) [Auto | Running] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - [2009/01/15 10:55:28 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c976ffca94367e) Google Update Service (gupdate1c976ffca94367e)
    SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
    SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: " "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.order.1: "Web Search "
    FF - prefs.js..browser.search.order.2: "Google "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial "
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "[url http://www.google.com/search?ie=UTF-...ient&gfns=1&q=[/url] "
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/10/29 01:49:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 18:13:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/25 13:12:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/27 08:49:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/02/14 12:54:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 13:36:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 21:44:02 | 000,000,000 | ---D | M]

    [2009/04/04 08:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2009/04/04 08:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\uploadr@flickr.com
    [2010/02/17 23:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions
    [2009/06/24 11:39:06 | 000,000,000 | ---D | M] (Google Enhancer - True Knowledge) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{7738069b-91db-41a0-91d2-7b06ca79d2e1}
    [2009/06/22 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
    [2009/12/14 14:28:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/07/02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\isreaditlater@ideashower(2).com
    [2010/02/17 23:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
    [2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
    [2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/02/17 22:46:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/13 12:13:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/09/01 13:54:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/02/16 22:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2010/02/16 10:56:10 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/02/16 01:16:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/02/15 22:22:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/02/15 22:20:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/02/15 22:20:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/02/15 22:20:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/02/15 22:20:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/02/15 22:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/02/15 22:05:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/02/15 12:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/02/15 12:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2010/02/15 08:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2010/02/15 08:57:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/15 08:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/15 08:57:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/15 08:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/14 22:58:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/14 22:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
    [2010/02/14 20:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
    [2010/02/14 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/02/14 14:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
    [2010/02/14 13:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/02/14 10:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/02/14 10:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/02/11 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/02/08 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
    [2009/12/17 08:57:35 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEPHSPCS4_LS1.exe
    [2009/11/25 13:05:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/11/25 13:05:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/11/25 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/02/12 08:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/02/11 10:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/02/10 12:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/02/05 17:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/02/18 02:17:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/02/18 02:16:59 | 000,191,207 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/02/18 02:16:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/02/18 02:16:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/18 02:16:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/18 02:15:41 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
    [2010/02/18 01:53:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/02/18 01:25:00 | 000,411,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kiwee Search Result_Part_One.jpg
    [2010/02/18 01:24:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2010/02/18 00:45:03 | 000,008,397 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_0045
    [2010/02/18 00:44:02 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2010/02/18 00:38:09 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
    [2010/02/18 00:04:11 | 000,008,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_00.04
    [2010/02/17 22:46:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/02/17 22:44:04 | 000,008,835 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis17022010_2244
    [2010/02/17 17:46:24 | 000,391,130 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jtmmroad 26 10 2004.gdb
    [2010/02/17 17:44:42 | 000,030,696 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/02/17 17:21:08 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\find.bat
    [2010/02/17 17:08:23 | 002,040,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/02/17 16:00:47 | 002,720,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADDRESSES 08 01 03.OR3
    [2010/02/17 16:00:47 | 000,001,334 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADDRESSES 08 01 03.GCF
    [2010/02/17 12:51:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/02/17 10:32:51 | 055,761,015 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/02/16 16:20:54 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Mail -.URL
    [2010/02/16 16:04:57 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HDR PhotoStudio 2.lnk
    [2010/02/16 13:20:44 | 000,005,703 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ligo Invoice for Siemens SL 785 phones_17052931.pdf
    [2010/02/16 09:30:58 | 000,453,695 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Silent Runners.vbs
    [2010/02/16 01:36:18 | 000,109,884 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Silent Runners.zip
    [2010/02/16 01:00:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\cscript.exe
    [2010/02/16 00:45:41 | 001,735,036 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Siemens Gigaset SL785 Manual.pdf
    [2010/02/16 00:05:54 | 000,008,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_23.59GMT
    [2010/02/15 23:53:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/15 23:37:09 | 000,008,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log 23.36GMT_15_02_2010
    [2010/02/15 22:44:53 | 000,008,572 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log
    [2010/02/15 22:25:55 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/02/15 22:25:55 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2010/02/15 22:10:53 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/02/15 22:07:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/02/15 21:40:52 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/02/15 12:24:31 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/02/15 12:23:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/02/15 08:57:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/14 22:58:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/14 18:44:42 | 000,000,053 | ---- | M] () -- C:\biosinfo
    [2010/02/14 18:32:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/02/14 18:09:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/14 13:13:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/02/14 13:10:57 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2010/02/14 12:05:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/02/14 10:38:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/11 12:53:55 | 000,207,864 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rum chocolate mousse recipe.jpg
    [2010/02/07 12:59:28 | 001,206,199 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fa_win_ug_en.pdf
    [2010/02/05 23:37:24 | 000,017,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\n627563390_9071.jpg
    [2010/02/04 18:59:30 | 004,443,656 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QDF
    [2010/02/04 18:59:30 | 002,332,194 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QSD
    [2010/02/04 18:47:14 | 000,000,132 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~QW~LINK.QDT
    [2010/02/04 15:45:37 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Legal and Geneal Details of investment.doc
    [2010/02/04 12:32:03 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nov96.QEL
    [2010/02/04 12:32:02 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Q3.DIR
    [2010/02/04 11:25:44 | 001,880,115 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scan011.jpg
    [2010/02/04 11:14:47 | 001,530,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scan010.jpg
    [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/02/18 01:24:57 | 000,411,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kiwee Search Result_Part_One.jpg
    [2010/02/18 00:45:03 | 000,008,397 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_0045
    [2010/02/18 00:38:09 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
    [2010/02/18 00:04:11 | 000,008,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_18022010_00.04
    [2010/02/17 22:44:04 | 000,008,835 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis17022010_2244
    [2010/02/17 17:22:17 | 000,001,793 | ---- | C] () -- C:\Program Files\ProgramFiles.txt
    [2010/02/17 17:21:08 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\find.bat
    [2010/02/16 16:20:54 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Mail -.URL
    [2010/02/16 13:20:44 | 000,005,703 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ligo Invoice for Siemens SL 785 phones_17052931.pdf
    [2010/02/16 01:44:18 | 000,109,884 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Silent Runners.zip
    [2010/02/16 01:39:08 | 000,453,695 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Silent Runners.vbs
    [2010/02/16 01:00:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\cscript.exe
    [2010/02/16 00:45:41 | 001,735,036 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Siemens Gigaset SL785 Manual.pdf
    [2010/02/16 00:05:54 | 000,008,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_23.59GMT
    [2010/02/15 23:37:09 | 000,008,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log 23.36GMT_15_02_2010
    [2010/02/15 22:44:53 | 000,008,572 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis_Log
    [2010/02/15 22:22:18 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/02/15 22:22:15 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/02/15 22:20:48 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/02/15 22:20:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/02/15 22:20:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/02/15 22:20:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/02/15 22:20:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/02/15 21:39:58 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/02/15 12:24:31 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/02/15 12:03:04 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2010/02/15 08:57:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/14 18:09:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/14 12:05:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/02/11 12:53:55 | 000,207,864 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Rum chocolate mousse recipe.jpg
    [2010/02/07 12:59:17 | 001,206,199 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fa_win_ug_en.pdf
    [2010/02/05 23:37:23 | 000,017,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\n627563390_9071.jpg
    [2010/02/04 15:39:05 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Legal and Geneal Details of investment.doc
    [2010/02/04 11:25:43 | 001,880,115 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scan011.jpg
    [2010/02/04 11:14:45 | 001,530,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scan010.jpg
    [2010/01/16 03:06:18 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
    [2009/12/20 11:28:22 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
    [2009/12/17 08:57:35 | 853,860,607 | ---- | C] () -- C:\Program Files\ADBEPHSPCS4_LS1.7z
    [2009/12/07 20:35:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2009/12/06 17:36:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
    [2009/05/21 00:21:20 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mm-device-08.ini
    [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2009/01/29 14:26:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2009/01/10 16:36:55 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QHI.INI
    [2008/12/23 00:50:14 | 000,004,096 | -HS- | C] () -- C:\Program Files\Thumbs.db
    [2008/12/21 10:24:11 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
    [2008/12/15 18:25:37 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2008/12/15 18:25:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2008/12/14 13:26:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
    [2008/12/14 13:26:38 | 000,001,704 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2008/12/14 04:03:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/12/14 02:29:55 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/14 01:09:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/12/13 19:19:57 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2008/12/13 19:19:57 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
    [2008/12/13 19:19:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4870EFGD.ini
    [2008/12/13 19:01:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
    [2008/12/13 13:14:01 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2008/12/13 12:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
    [2008/12/13 12:41:10 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
    [2008/12/13 12:41:08 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
    [2008/12/13 12:41:08 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
    [2008/12/13 12:41:08 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
    [2008/12/13 12:41:07 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
    [2008/12/13 12:41:07 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
    [2008/12/13 12:29:31 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\C6501rm.dll
    [2008/12/13 12:29:31 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl
    [2008/12/13 12:28:36 | 000,004,571 | R--- | C] () -- C:\WINDOWS\C6501.ini.cfg
    [2008/12/13 12:28:30 | 000,000,326 | R--- | C] () -- C:\WINDOWS\c6501.ini
    [2008/12/13 12:27:57 | 000,012,377 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/12/13 12:24:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2008/12/13 12:24:17 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/11/26 03:03:47 | 048,668,560 | ---- | C] () -- C:\Program Files\MapSource_6123.exe
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/04/14 12:00:00 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
    [2007/08/15 06:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
    [2006/06/01 09:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/06/01 09:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1996/02/22 02:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
    [1996/01/17 02:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
    [1996/01/15 02:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll

    ========== LOP Check ==========

    [2008/12/22 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2009/12/17 18:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/02/14 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/12/14 12:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2009/12/27 08:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009/06/03 22:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
    [2009/02/10 12:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009/12/28 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2009/02/10 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/12/16 13:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
    [2009/10/24 23:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/13 19:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/11/25 10:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
    [2009/09/25 06:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/27 09:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/08/31 21:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2009/02/27 16:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
    [2008/12/24 01:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/12/21 10:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deskPDF
    [2010/02/16 22:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2009/01/06 01:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
    [2009/03/02 01:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2009/04/04 08:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flickr
    [2009/08/06 03:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
    [2009/03/20 00:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HDRsoft
    [2008/12/13 13:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
    [2009/03/21 11:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lucis
    [2010/01/29 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
    [2010/01/29 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia Ovi Suite
    [2009/03/21 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
    [2009/02/10 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
    [2009/06/09 13:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\mskb928080.exe:SummaryInformation
    < End of report >
     
    coldwaterjohn,
    #106
  8. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    At some stage in this, should I be creating a System Restore point once you are satisfied we are all clear of this junk - and make sure I don't go backwards in time before it, if I need to resotre in future for any reason?
     
    coldwaterjohn,
    #107
  9. 2010/02/17
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    My advice would be to delete all restore points and go from there. I am not seeing anything there now that should no be there.
    Have a play around for a little bit, then let me know how things are.
    We can then go about cleaning up some of the tools we have used.
     
    crunchie,
    #108
  10. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    I have just done another Start/search for kiwee.

    The usual bunch of stuff either quaranteed in qoobox, or OTL\Moved Files folders, but there still seems to be:
    Visit Kiwee.com in c:\documents and settings\all users\start menu\programs\kiwee toolbar
    Kiwee Toolbar in c:\windows\system32\config\systemprofile\local settings\application data
    Kiwee toolbar in c:\documents and settings\all users\start menu\programs and
    Kiwee hook in c:\windows\system32\config\systemprofile\local settings\application data\kiwee toolbar\logs

    I have no idea if this is sign of continuing infection or not, but thought I should draw it to your attention.
     
    coldwaterjohn,
    #109
  11. 2010/02/17
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I am assuming that those Kiwee entries you found are folders, not files. The following fix reflects that assumption.
    Let me know if I am wrong and I will amend the fix.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad.exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:
    Code:
    KillAll::

Folder::
c:\documents and settings\all users\start menu\programs\kiwee toolbar
c:\windows\system32\config\systemprofile\local settings\application data\kiwee toolbar
c:\documents and settings\all users\start menu\programs\kiwee toolbar
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Physically disconnect from the internet.

    5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

    7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
    • Combofix.txt
    Please take note:

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
    crunchie,
    #110
  12. 2010/02/17
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    Here's the CF Log:
    ComboFix 10-02-12.01 - Owner 18/02/2010 3:00.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1358 [GMT 0:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\all users\start menu\programs\kiwee toolbar
    c:\documents and settings\all users\start menu\programs\kiwee toolbar\FAQ.url
    c:\documents and settings\all users\start menu\programs\kiwee toolbar\Privacy Policy.url
    c:\documents and settings\all users\start menu\programs\kiwee toolbar\Read License Agreement.url
    c:\documents and settings\all users\start menu\programs\kiwee toolbar\Send Us Feedback.url
    c:\documents and settings\all users\start menu\programs\kiwee toolbar\Visit Kiwee.com.url
    c:\documents and settings\Owner\Application Data\Desktopicon
    c:\documents and settings\Owner\Application Data\Desktopicon\eBay.ico
    c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
    c:\documents and settings\Owner\cscript.exe
    c:\windows\system32\config\systemprofile\local settings\application data\kiwee toolbar
    c:\windows\system32\config\systemprofile\local settings\application data\kiwee toolbar\Logs\KiweeHook.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
    .

    2010-02-16 10:56 . 2010-02-16 10:56 -------- d-----w- C:\_OTL
    2010-02-15 12:24 . 2010-02-15 12:24 -------- d-----w- c:\program files\Common Files\xing shared
    2010-02-15 12:03 . 2010-02-15 12:03 -------- d-----w- c:\program files\TrendMicro
    2010-02-15 08:57 . 2010-02-15 08:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-02-15 08:57 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-15 08:57 . 2010-02-15 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-15 08:57 . 2010-02-15 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-15 08:57 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 22:00 . 2010-02-16 22:17 -------- d-----w- c:\program files\Unlocker
    2010-02-14 20:07 . 2010-02-14 20:07 -------- d-----w- c:\program files\Windows Installer Clean Up
    2010-02-14 14:56 . 2010-02-14 14:56 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-02-14 14:47 . 2010-02-14 14:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NokiaAccount
    2010-02-14 13:06 . 2010-02-14 13:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-02-14 10:05 . 2010-02-14 10:05 -------- d-----w- c:\program files\Common Files\Java
    2010-02-11 08:57 . 2010-02-11 08:57 -------- d-----w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-02-08 14:01 . 2010-02-08 14:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Citrix
    2010-01-29 20:02 . 2010-01-29 20:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia Ovi Suite
    2010-01-29 18:42 . 2010-01-29 18:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nokia
    2010-01-29 18:29 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-01-29 18:29 . 2010-02-14 14:46 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-01-29 18:28 . 2009-10-06 11:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
    2010-01-29 18:28 . 2009-10-06 11:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
    2010-01-29 18:28 . 2009-10-06 11:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
    2010-01-29 18:28 . 2009-10-06 11:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
    2010-01-29 18:28 . 2009-10-06 11:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-01-29 18:28 . 2009-10-06 11:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
    2010-01-22 14:41 . 2010-02-14 18:32 664 ----a-w- c:\windows\system32\d3d9caps.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-18 03:05 . 2009-12-17 08:56 -------- d-----w- c:\program files\Common Files\Akamai
    2010-02-18 01:24 . 2009-12-07 20:35 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
    2010-02-17 17:44 . 2008-12-13 12:42 30696 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-17 17:22 . 2010-02-17 17:22 1793 ----a-w- c:\program files\ProgramFiles.txt
    2010-02-17 16:52 . 2008-12-14 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
    2010-02-17 14:31 . 2008-12-14 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-02-17 12:51 . 2008-12-14 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
    2010-02-16 16:16 . 2009-10-07 10:49 -------- d-----w- c:\program files\Flickr Uploadr
    2010-02-15 13:13 . 2008-12-29 11:57 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-15 12:29 . 2008-12-14 02:02 -------- d-----r- c:\program files\Skype
    2010-02-15 12:24 . 2009-01-29 10:49 -------- d-----w- c:\program files\Common Files\Real
    2010-02-15 12:23 . 2008-12-16 12:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-02-15 12:23 . 2008-12-13 12:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-02-15 12:03 . 2010-02-15 12:03 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-14 21:55 . 2008-12-29 12:02 -------- d-----w- c:\program files\Java
    2010-02-14 20:07 . 2010-02-14 20:07 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2010-02-14 20:05 . 2009-03-22 20:43 -------- d-----w- c:\program files\MSECache
    2010-02-14 19:48 . 2009-11-25 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-02-14 14:52 . 2008-12-14 00:52 -------- d-----w- c:\program files\Google
    2010-02-14 14:51 . 2009-10-07 07:37 -------- d-----w- c:\program files\UCT
    2010-02-14 14:44 . 2009-09-23 15:45 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-02-14 14:42 . 2010-01-13 00:20 -------- d-----w- c:\program files\WinUndelete
    2010-02-14 14:42 . 2010-01-12 15:41 -------- d-----w- c:\program files\Evening Help Guide
    2010-02-14 14:31 . 2008-12-22 12:12 -------- d-----w- c:\program files\Weather
    2010-02-12 11:11 . 2008-12-13 13:05 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
    2010-01-29 20:02 . 2009-02-10 12:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
    2010-01-29 18:30 . 2009-02-10 12:46 -------- d-----w- c:\program files\Common Files\Nokia
    2010-01-29 18:29 . 2009-02-10 12:45 -------- d-----w- c:\program files\Nokia
    2010-01-29 18:27 . 2010-01-29 18:27 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
    2010-01-29 18:27 . 2010-01-29 18:27 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
    2010-01-29 18:27 . 2010-01-29 18:27 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
    2010-01-29 18:27 . 2010-01-29 18:27 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
    2010-01-29 18:27 . 2010-01-29 18:27 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
    2010-01-29 18:27 . 2010-01-29 18:27 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
    2010-01-29 17:45 . 2010-01-29 17:45 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
    2010-01-20 12:09 . 2008-12-13 13:18 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-12 16:08 . 2009-12-17 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-01-12 04:03 . 2009-12-17 13:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-12 04:03 . 2009-12-17 13:00 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-12 04:03 . 2009-12-17 13:00 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-12 04:03 . 2009-12-17 13:00 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-12 04:03 . 2009-12-17 13:00 2283526 ----a-w- c:\windows\system32\nvdata.bin
    2010-01-12 04:03 . 2008-10-07 13:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-12 04:03 . 2006-06-01 09:22 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-01-12 04:03 . 2006-06-01 09:22 182888 ----a-w- c:\windows\system32\nvcodins.dll
    2010-01-12 04:03 . 2006-06-01 09:22 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-01-12 04:03 . 2006-06-01 09:22 1081344 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 04:03 . 2006-06-01 09:22 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-29 23:39 . 2009-01-28 17:11 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-28 00:15 . 2009-12-28 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
    2009-12-27 23:53 . 2009-12-28 00:15 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
    2009-12-27 08:49 . 2009-12-27 08:49 -------- d-----w- c:\program files\Common Files\PCSuite
    2009-12-27 08:46 . 2009-12-27 08:46 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-12-27 08:46 . 2009-12-27 08:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
    2009-12-27 08:46 . 2009-12-27 08:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-12-27 08:46 . 2009-12-27 08:46 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
    2009-12-27 08:33 . 2009-02-10 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2009-12-27 08:33 . 2009-12-27 08:46 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
    2009-12-26 13:40 . 2009-03-20 00:17 -------- d-----w- c:\program files\PhotomatixPro3
    2009-12-26 10:29 . 2008-12-14 14:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-24 16:22 . 2009-01-28 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
    2009-12-24 10:57 . 2009-12-24 10:56 -------- d-----w- c:\program files\QuickTime
    2009-12-21 22:24 . 2009-01-28 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-21 19:14 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-20 11:25 . 2008-08-14 07:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
    2009-12-17 10:57 . 2009-12-17 08:57 1228240 ----a-w- c:\program files\ADBEPHSPCS4_LS1.exe
    2009-12-17 10:57 . 2009-12-17 08:57 853860607 ----a-w- c:\program files\ADBEPHSPCS4_LS1.7z
    2009-12-16 18:43 . 2008-12-13 12:09 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2008-04-14 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 09:23 . 2008-04-14 12:00 474112 ----a-w- c:\windows\system32\shlwapi(2)(3).dll
    2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2008-04-14 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 16:07 . 2008-04-14 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2008-04-14 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-25 13:12 . 2008-12-13 12:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-25 13:12 . 2008-12-13 12:45 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-25 13:12 . 2008-12-13 12:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-25 13:12 . 2008-12-13 12:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-21 02:34 . 2008-12-13 12:41 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2009-11-21 02:34 . 2006-06-01 09:22 182888 ----a-w- c:\windows\system32\nvcod.dll
    2008-12-23 00:50 . 2008-12-23 00:50 4096 --sha-w- c:\program files\Thumbs.db
    2007-04-14 00:39 . 2008-11-26 03:03 48668560 ----a-w- c:\program files\MapSource_6123.exe
    2004-10-01 15:00 . 2008-12-13 13:14 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2009-11-22 03:45 . 2008-12-14 10:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-02-15_22.36.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-02-18 03:05 . 2010-02-18 03:05 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
    + 2010-02-18 03:05 . 2010-02-18 03:05 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
    + 2010-02-18 03:05 . 2010-02-18 03:05 16384 c:\windows\Temp\Perflib_Perfdata_594.dat
    - 2008-12-13 11:59 . 2009-12-17 13:08 2040808 c:\windows\system32\FNTCACHE.DAT
    + 2008-12-13 11:59 . 2010-02-17 17:08 2040808 c:\windows\system32\FNTCACHE.DAT
    - 2008-12-14 01:28 . 2009-08-04 19:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-12-14 01:28 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-12-14 01:28 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-12-14 01:28 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-12-14 01:28 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-12-14 01:28 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-12-14 01:28 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-12-14 01:28 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2010-02-17 12:50 . 2010-02-17 12:50 5527040 c:\windows\Installer\8828f0.msp
    + 2009-10-27 20:34 . 2009-10-27 20:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
    + 2008-12-14 01:28 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2008-12-14 01:28 . 2009-08-04 19:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-12-14 01:28 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-12-14 01:28 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-12-14 01:28 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-12-14 01:28 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2008-12-14 01:28 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-12-14 01:28 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-14 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-15 198160]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
    backup=c:\windows\pss\Billminder.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
    backup=c:\windows\pss\Webshots.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
    2003-09-11 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-11-22 03:45 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2008-12-14 18:35 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2004-06-08 12:31 29696 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
    2009-12-10 15:05 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-01-11 22:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-01-11 22:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-12-08 17:35 32768 ------w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 16:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
    2006-09-07 10:13 208896 ----a-r- c:\windows\system32\sw20.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
    2006-09-07 10:14 69632 ----a-r- c:\windows\system32\sw24.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "e:\\Program Files\\Microsoft Flight Simulator X\\fsx.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Google\\Picasa3\\Picasa3.exe "=
    "c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP "= 5353:TCP:Adobe CSI CS4

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/12/2008 12:45 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/12/2008 12:45 360584]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 12:00 14336]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/11/2009 13:12 285392]
    R2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [13/02/2007 18:57 2655848]
    R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [13/12/2008 12:28 1310720]
    S2 gupdate1c976ffca94367e;Google Update Service (gupdate1c976ffca94367e);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2009 10:55 133104]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/12/2008 10:18 30192]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 03:16]

    2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-15 10:55]

    2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-15 10:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.register.epson-europe.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - prefs.js: keyword.URL - [url hxxp://www.google.com/search?ie=UTF-...ient&gfns=1&q=[/url]
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\n8c4g92b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-eBay Icon - c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
    AddRemove-Webshots Desktop_is1 - c:\program files\AGI\common\bootstrapper.exe
    AddRemove-{10deb052-db5d-32a6-9ff2-200e810d1a7b} - c:\program files\AGI\core\4.2.0.10752\InstallerGUI.exe
    AddRemove-{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43} - c:\program files\AGI\core\4.2.0.10752\InstallerGUI.exe
    AddRemove-{8aade841-03c5-486a-b048-bb112cc0cac5} - c:\program files\AGI\core\4.2.0.10752\InstallerGUI.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-18 03:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(648)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(2264)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-02-18 03:12:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-18 03:12
    ComboFix2.txt 2010-02-15 23:58
    ComboFix3.txt 2010-02-15 23:27
    ComboFix4.txt 2010-02-15 22:41

    Pre-Run: 72,411,697,152 bytes free
    Post-Run: 72,487,628,800 bytes free

    - - End Of File - - CD4603CDF1E9E48980267871CB2A3A87
     
    coldwaterjohn,
    #111
  13. 2010/02/17
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Did you add some lines to the fix?

    How we looking now regarding the kiwee entries? Try another search please.
     
    crunchie,
    #112
  14. 2010/02/18
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    No, I didn't add any lines to the fix.
    I checked that the Kiwee entries were folders and were not containing exe files - your assumption on them was correct.
    The only signs of Kiwee now are either in qoobox\quarantine or in otl\moved files.
     
    coldwaterjohn,
    #113
  15. 2010/02/18
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Please do an online scan with Kaspersky WebScanner

    It's best to disable real time protection applications as they sometimes interfere with the scan.

    Check this link for any applicable programs you may have (check under How to Temporarily Disable your Anti-virus).

    Click on Accept If your pop –up blocker blocks any windows from opening.

    Click Run on the window that opens.

    Windows Vista users you must open the web browser using the Run as Administrator command - accessible from the right-click menu from the browser shortcut.

    • The program will launch and then begin downloading the latest definition files.
    • When completed, under Scan on the left side, click on My Computer.
    • This will start the scan of your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click Report on the left side.
      • Click the Save Report button, and in the Save dialog box, type a name for the scan report file that you want to create and select its type as Text file. Click OK to save the file.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Let me know how the pc is please.
     
    crunchie,
    #114
  16. 2010/02/18
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    P.C. seems fine now. I am running the Kapersky program, but it could take some hours. I will get back to you with the results, later in the day. Thanks for your continuing assistance.
     
    coldwaterjohn,
    #115
  17. 2010/02/18
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    No worries. Good news finally :). Just post up the Kaspersky log when done and we will take it from there. Hopefully it comes back clean.
     
    crunchie,
    #116
  18. 2010/02/18
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    thanks Crunchie - it's taking forever 90 minutes and its checked 7%, but I will be back to you this evening. I set it to check "My Computer" - maybe I should have selected "Critical Areas," but I figured I should go the whole hog...
     
    coldwaterjohn,
    #117
  19. 2010/02/18
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    No probs. I'm off to bed now anyway, so it has another 8 hours of grace :).
     
    crunchie,
    #118
    coldwaterjohn likes this.
  20. 2010/02/18
    coldwaterjohn Lifetime Subscription

    coldwaterjohn Inactive Thread Starter

    Joined:
    2010/02/14
    Messages:
    101
    Likes Received:
    0
    Crunchie
    Kaspersky scanned 117699 items in the Critical areas, over 1hr:42min and found precisely nothing, so I think you have done the trick.
    I am most grateful to you for the time and effort you have taken to walk me through all this, and sort out what was a complete nightmare. Many thanks.
    Do you have anyadvice in terms of what I should be leaving on, of those programs I downloaded, and what you would recommend to prevent a repetition?
    CWJ
     
    coldwaterjohn,
    #119
  21. 2010/02/18
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I don't suppose you have the Kaspersky log?

    I would be keeping MBA-M on the pc and update it before running it regularly.
    Silentrunners can just be deleted, along with the text file it created.
    To avoid things like this is sometimes quite hard, but doing simple things like keeping Windows updated, not visiting untrusted sites, keep your AV and anti-malware programs up-to-date etc. are must do's.
    Use a more secure browser such as Opera. I have used it for about 8 years now and never been compromised through it.

    Uninstall Combofix now that we are finished with it.
    • Click START then RUN
    • Now copy/paste the following bolded text into the Run box and click OK:

      ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    • CF_cleanup.png

    ==

    Please run OTL one more time and hit Cleanup.
     
    crunchie,
    #120
Page 6 of 7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...