1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Kiwee Toolbar

Discussion in 'Malware and Virus Removal Archive' started by joe645, 2010/02/09.

  1. 2010/02/09
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    [Resolved] Kiwee Toolbar

    I have been trying in vain to rid my system of this malicious program. I have used Unlocker, Remove Programs, Perfect Uninstaller, Spyware Doctor, Malwarebytes, as well as Regedit. Each time I reboot, it returns. I have even emailed AG (American Greetings) who seems to be the company behind this as far as I can tell. If I find out they are, I'll probably cancel my membership with them as well. Wildfire; I hope someone here can help.


    Code:
    DDS (Ver_09-12-01.01) - NTFSx86  
Run by Owner at 16:03:41.60 on Tue 02/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2559.1880 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\Webshots\315~2.76~\Webshots.scr
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://netscape.aol.com/
uInternet Settings,ProxyServer = 219.93.178.162:3128
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\3.1.5.7613\WSToolbar4IE.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] 
uRun: [swg]  "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SacReminder] c:\documents and settings\owner\application data\officeguardian\reminder\SacReminder.exe
mRun: [IMJPMIG8.1]  "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Lamp]  "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe "
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service]  "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched]  "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher]  "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM]  "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper]  "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes Anti-Malware (reboot)]  "c:\program files\malwarebytes' anti-malware\mL1fu61Tv.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware]  "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [WinampAgent]  "c:\program files\winamp\winampa.exe "
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [UnlockerAssistant]  "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [KiweeHook]  "c:\program files\kiwee toolbar\3.2\kwtbaim.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: MaxRecentDocs = 18 (0x12)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: &Webshots Photo Search - c:\program files\webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Trusted Zone: earthlink.net\www
Trusted Zone: intuit.com\ttlc
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: jejiyuta.dll c:\windows\system32\gusilaji.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nibumopus - {a5bb9185-646c-4b66-a380-cae1d9404d96} - No File
STS: {a5bb9185-646c-4b66-a380-cae1d9404d96} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli wusanire.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pjunwtcz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2351701&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={d21c8300-0157-11de-b6ec-00508de91418}&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pjunwtcz.default\extensions\{55e19115-8ef8-465c-90ac-deacc491b0cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pjunwtcz.default\extensions\{55e19115-8ef8-465c-90ac-deacc491b0cc}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-21 161800]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2009-2-21 116264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-8 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-8 285392]
R2 ISD;Intel(r) 82802 Firmware Hub Device (Intel(r) Security Driver);c:\windows\system32\drivers\ISECDRV.SYS [2009-3-31 32108]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-20 236368]
R3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [2009-3-16 10330]
R3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [2009-3-16 26730]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-20 19160]
S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-12-18 110128]
S2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10752\AGCoreService.exe [2010-2-4 20480]
S2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2009-2-22 10240]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2009-2-21 4224]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\drivers\libusb0.sys [2008-7-25 33792]
S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-23 80256]
S3 VPNET;SkyStar 1 CI Data;c:\windows\system32\drivers\DTVNet.sys [2009-3-31 17664]

=============== Created Last 30 ================

2010-02-09 19:50:43	0	d-----w-	c:\program files\Unlocker
2010-02-09 17:49:25	0	d-----w-	c:\docume~1\alluse~1\applic~1\Kiwee Toolbar
2010-02-09 17:49:12	0	d-----w-	c:\program files\UnifiedToolbar
2010-02-09 17:47:49	0	d-----w-	c:\windows\system32\xircom
2010-02-09 17:47:49	0	d-----w-	c:\windows\system32\wbem\snmp
2010-02-09 17:47:49	0	d-----w-	c:\windows\system32\oobe
2010-02-09 17:47:49	0	d-----w-	c:\program files\windows nt
2010-02-09 17:47:42	0	d-----w-	c:\windows\system32\inetsrv
2010-02-09 17:47:42	0	d-----w-	c:\program files\msn gaming zone
2010-02-03 02:58:56	0	d-----w-	c:\docume~1\owner\applic~1\StartMenuManager
2010-02-03 02:58:51	0	d-----w-	c:\program files\StartMenuManager
2010-02-03 02:58:43	66	----a-w-	C:\ioY.ini
2010-02-02 21:17:21	0	d-----w-	c:\docume~1\owner\applic~1\iWin
2010-02-02 21:16:02	0	d-----w-	c:\docume~1\owner\applic~1\SpinTop
2010-02-02 18:58:46	0	d-----w-	c:\docume~1\owner\applic~1\Intuit
2010-02-02 18:58:38	0	d-----w-	c:\program files\common files\AnswerWorks 5.0
2010-02-02 18:53:32	0	d-----w-	c:\program files\common files\Intuit
2010-02-02 18:53:09	0	d-----w-	c:\program files\TurboTax
2010-02-02 18:52:34	0	d-----w-	c:\docume~1\alluse~1\applic~1\Intuit
2010-02-01 01:31:12	0	d-----w-	c:\program files\Conduit
2010-02-01 01:24:48	0	d-----w-	c:\program files\Dailygames.com
2010-01-31 01:40:59	0	d-----w-	c:\program files\USPS
2010-01-27 00:34:34	930	----a-w-	c:\windows\wininit.ini
2010-01-20 23:04:21	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 23:04:18	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-01-20 23:04:18	0	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-20 06:49:36	1376	----a-w-	c:\windows\system32\drivers\kgpcpy.cfg
2010-01-20 05:37:56	0	d-----w-	c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-20 05:37:07	0	d-----w-	c:\program files\common files\iS3
2010-01-20 05:37:06	0	d-----w-	c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-20 05:16:48	8192	----a-w-	c:\windows\REGLOCS.OLD
2010-01-20 00:26:18	0	d-----w-	c:\docume~1\owner\applic~1\AskToolbar
2010-01-16 00:21:26	479232	----a-w-	c:\windows\ssndii.exe
2010-01-16 00:21:15	44544	----a-w-	c:\windows\system32\msxml4a.dll
2010-01-16 00:21:15	21776	----a-w-	c:\windows\system32\msxml2a.dll
2010-01-16 00:21:13	0	d-----w-	c:\windows\Samsung
2010-01-16 00:20:26	65536	----a-w-	c:\windows\system32\cl31cci.dll
2010-01-16 00:20:26	151552	----a-w-	c:\windows\system32\cl31cci.exe
2010-01-16 00:20:25	361	----a-w-	c:\windows\system32\cl31cl3.smt
2010-01-16 00:20:25	22723	----a-w-	c:\windows\system32\cl31cl3.dll
2010-01-16 00:19:41	11502	------w-	c:\windows\Dr. Printer Icon.ico
2010-01-16 00:18:40	0	d-----w-	c:\windows\system32\drivers\Samsung
2010-01-15 23:56:25	0	d-----w-	c:\program files\Samsung
2010-01-14 00:37:10	0	d-----w-	c:\docume~1\owner\applic~1\Desktopicon
2010-01-14 00:35:36	0	d-----w-	c:\program files\GustoSoft
2010-01-13 05:20:06	0	d-----w-	c:\temp\cheetah
2010-01-13 03:50:50	0	d-----w-	C:\Temp
2010-01-13 03:43:32	0	d-----w-	c:\program files\Cheetah Burner
2010-01-12 23:19:31	471552	------w-	c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:19:31	1206508	------w-	c:\windows\system32\dllcache\sysmain.sdb
2010-01-12 07:11:56	69	----a-w-	c:\windows\NeroDigital.ini
2010-01-12 06:55:15	0	d-----w-	c:\docume~1\alluse~1\applic~1\Nero
2010-01-12 06:51:55	0	d-----w-	c:\program files\Ask.com
2010-01-11 01:09:46	0	d-----w-	c:\program files\PokerStars

==================== Find3M  ====================

2010-02-09 17:11:35	347312	---ha-w-	c:\windows\system32\mlfcache.dat
2010-01-20 05:43:51	262144	----a-w-	c:\windows\system32\default_user_class.dat
2009-12-18 01:14:00	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-02-20 22:29:08	16409960	----a-w-	c:\program files\spybotsd162.exe
2009-02-10 23:58:01	23429976	----a-w-	c:\program files\stamps.exe

============= FINISH: 16:04:24.70 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2009 01:48:31
System Uptime: 2/9/2010 15:20:01 (1 hours ago)

Motherboard: http://www.abit.com.tw/ |  | IS7/IS7-G/IS7-E(Intel i865-ICH5)
Processor:               Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2405/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 113.341 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 232.187 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
I: is FIXED (NTFS) - 75 GiB total, 74.445 GiB free.

==== Disabled Device Manager Items =============

Class GUID: 
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7005&SUBSYS_10021102&REV_00\4&1F7DBC9F&0&21F0
Manufacturer: 
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7005&SUBSYS_10021102&REV_00\4&1F7DBC9F&0&21F0
Service: 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SkyStar 1 CI Data
Device ID: ROOT\NET\0000
Manufacturer: SkyStar Techonology Corp.
Name: SkyStar 1 CI Data
PNP Device ID: ROOT\NET\0000
Service: VPNET

==== System Restore Points ===================

RP74: 11/11/2009 18:48:10 - System Checkpoint
RP75: 11/12/2009 09:56:18 - Avg8 Update
RP76: 11/13/2009 10:31:51 - System Checkpoint
RP77: 11/14/2009 16:45:44 - System Checkpoint
RP78: 11/15/2009 17:35:20 - System Checkpoint
RP79: 11/16/2009 19:02:11 - System Checkpoint
RP80: 11/17/2009 19:19:52 - System Checkpoint
RP81: 11/19/2009 09:54:34 - Avg8 Update
RP82: 11/20/2009 14:41:20 - Avg8 Update
RP83: 11/20/2009 14:42:38 - Avg8 Update
RP84: 11/21/2009 15:39:27 - System Checkpoint
RP85: 11/23/2009 08:50:44 - System Checkpoint
RP86: 11/24/2009 20:42:23 - System Checkpoint
RP87: 11/24/2009 22:21:13 - Software Distribution Service 3.0
RP88: 11/26/2009 17:01:23 - System Checkpoint
RP89: 11/28/2009 14:09:04 - System Checkpoint
RP90: 11/29/2009 21:22:53 - System Checkpoint
RP91: 12/1/2009 13:46:59 - System Checkpoint
RP92: 12/2/2009 14:32:29 - System Checkpoint
RP93: 12/3/2009 15:11:25 - System Checkpoint
RP94: 12/4/2009 14:25:41 - Avg8 Update
RP95: 12/5/2009 15:14:43 - System Checkpoint
RP96: 12/6/2009 16:04:45 - System Checkpoint
RP97: 12/7/2009 17:33:02 - System Checkpoint
RP98: 12/8/2009 18:09:34 - System Checkpoint
RP99: 12/8/2009 20:45:42 - Software Distribution Service 3.0
RP100: 12/10/2009 11:29:55 - System Checkpoint
RP101: 12/10/2009 13:18:05 - Avg8 Update
RP102: 12/10/2009 13:19:39 - Avg8 Update
RP103: 12/10/2009 13:26:43 - Installed VideoImpression
RP104: 12/10/2009 13:29:14 - Installed MediaImpression
RP105: 12/10/2009 13:30:29 - Installed Connect Service
RP106: 12/10/2009 13:45:49 - Removed MediaImpression
RP107: 12/11/2009 15:09:03 - System Checkpoint
RP108: 12/12/2009 15:18:27 - System Checkpoint
RP109: 12/13/2009 15:26:30 - System Checkpoint
RP110: 12/14/2009 16:16:54 - System Checkpoint
RP111: 12/15/2009 16:40:47 - System Checkpoint
RP112: 12/16/2009 17:33:43 - System Checkpoint
RP113: 12/17/2009 18:05:35 - System Checkpoint
RP114: 12/18/2009 18:24:51 - System Checkpoint
RP115: 12/19/2009 18:46:43 - System Checkpoint
RP116: 12/21/2009 11:27:32 - System Checkpoint
RP117: 12/22/2009 09:08:01 - Avg8 Update
RP118: 12/23/2009 13:24:19 - System Checkpoint
RP119: 12/24/2009 13:43:38 - System Checkpoint
RP120: 12/25/2009 15:14:48 - System Checkpoint
RP121: 12/26/2009 15:17:02 - System Checkpoint
RP122: 12/27/2009 16:49:54 - System Checkpoint
RP123: 12/28/2009 17:38:32 - System Checkpoint
RP124: 12/29/2009 17:45:24 - System Checkpoint
RP125: 12/30/2009 17:52:20 - System Checkpoint
RP126: 12/30/2009 21:09:28 - Installed Windows Installer Clean Up
RP127: 12/30/2009 22:22:41 - Installed Safari
RP128: 12/31/2009 11:22:22 - Avg8 Update
RP129: 1/1/2010 12:24:58 - System Checkpoint
RP130: 1/1/2010 21:17:28 - Installed Safari
RP131: 1/3/2010 17:59:19 - System Checkpoint
RP132: 1/5/2010 11:17:53 - System Checkpoint
RP133: 1/6/2010 11:51:43 - System Checkpoint
RP134: 1/7/2010 11:55:40 - System Checkpoint
RP135: 1/8/2010 11:58:50 - System Checkpoint
RP136: 1/9/2010 12:38:40 - System Checkpoint
RP137: 1/10/2010 14:16:10 - System Checkpoint
RP138: 1/11/2010 14:44:25 - System Checkpoint
RP139: 1/11/2010 22:54:40 - Installed Nero 9 Trial 4.4.9.0
RP140: 1/12/2010 21:57:36 - Removed Nero 9 Trial 4.4.9.0
RP141: 1/13/2010 12:00:35 - Software Distribution Service 3.0
RP142: 1/14/2010 09:49:10 - Avg8 Update
RP143: 1/15/2010 12:36:13 - System Checkpoint
RP144: 1/15/2010 16:21:00 - Printer Driver Samsung CLP-310 Series Installed
RP145: 1/16/2010 17:41:39 - System Checkpoint
RP146: 1/17/2010 21:47:19 - System Checkpoint
RP147: 1/18/2010 22:11:49 - System Checkpoint
RP148: 1/19/2010 21:36:52 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP149: 1/19/2010 22:53:44 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP150: 1/19/2010 22:55:36 - Removed STOPzilla Toolbar
RP151: 1/21/2010 13:11:11 - System Checkpoint
RP152: 1/22/2010 16:13:35 - System Checkpoint
RP153: 1/23/2010 16:21:18 - System Checkpoint
RP154: 1/24/2010 16:25:42 - System Checkpoint
RP155: 1/25/2010 16:46:54 - System Checkpoint
RP156: 1/26/2010 17:31:15 - System Checkpoint
RP157: 1/27/2010 10:06:44 - Avg8 Update
RP158: 1/28/2010 10:41:42 - System Checkpoint
RP159: 1/28/2010 13:56:24 - Installed Java(TM) 6 Update 18
RP160: 1/29/2010 14:21:41 - System Checkpoint
RP161: 1/30/2010 15:04:47 - System Checkpoint
RP162: 1/30/2010 17:40:58 - Installed Shipping Assistant 3.6.
RP163: 2/1/2010 15:39:22 - System Checkpoint
RP164: 2/2/2010 10:54:04 - Installed TurboTax 2009 wrapper
RP165: 2/2/2010 10:54:39 - Installed TurboTax 2009 WinPerReleaseEngine
RP166: 2/2/2010 10:56:37 - Installed TurboTax 2009 WinPerFedFormset
RP167: 2/2/2010 10:58:01 - Installed TurboTax 2009 WinPerTaxSupport
RP168: 2/2/2010 10:58:35 - Installed iSEEK AnswerWorks English Runtime
RP169: 2/3/2010 13:46:26 - System Checkpoint
RP170: 2/4/2010 11:05:16 - Avg8 Update
RP171: 2/5/2010 13:21:05 - System Checkpoint
RP172: 2/6/2010 14:18:00 - System Checkpoint
RP173: 2/7/2010 17:45:23 - System Checkpoint
RP174: 2/8/2010 21:41:38 - System Checkpoint

==== Installed Programs ======================


µTorrent
32 Bit HP CIO Components Installer
360Share Pro(remove only)
50 FREE MP3s +1 Free Audiobook!
7-Zip 4.62
Ace DivX Player v2.1
Acrobat.com
Acronis*True*Image*Home
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt-Tab Task Switcher Powertoy for Windows XP
AmericanGreetings.com Toolbar for Firefox
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audioro PSP Converter 2
AVG 9.0
AviSynth 2.5
AVS Audio Converter version 6.1
AVS DVD Copy version 3.1
AVS Media Player 3.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Fish Games Client
Bonjour
BufferChm
CameraDrivers
CCleaner
Cheetah DVD Burner
Connect
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative EAX Settings
Creative Speaker Settings
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (remove only)
Dell Laser Printer 1100 Software Uninstall
Destinations
Device Control
DeviceManagementQFolder
DVD43 v4.4.0
eBay Icon
eSupportQFolder
Freeware PDF Unlocker
Google Updater
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
ImagXpress
Intel(R) Security Driver
iPhone Configuration Utility
iSEEK AnswerWorks English Runtime
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
kuler
Malwarebytes' Anti-Malware
Media Go
MGI PhotoSuite III (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nikon Message Center
Nikon Transfer
Open Command Prompt Shell Extension (x86-32)
OpenOffice.org 3.1
ParetoLogic DriverCure
PDF Settings CS4
Perfect Uninstaller v6.3.2.2
Photoshop Camera Raw
Picture Control Utility
PlayStation(R)Network Downloader
PlayStation(R)Store
PokerStars
PrintingPress
PS330
PSPrinters08
PSTAPlugin
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Safari
Samsung CLP-310 Series
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Serif PagePlus 8.0 PDF Edition
Shipping Assistant 3.6
Simon - Dailygames.com
SolutionCenter
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
Taz In The City - Dailygames.com
TotalAudioConverter
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Unload
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VideoLAN VLC media player 0.8.6f
ViewNX
WebFldrs XP
WebReg
Webshots Desktop
Webshots Toolbar for Firefox
Webshots Toolbar for IE
Winamp
Winamp Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Xilisoft Video Converter Ultimate

==== Event Viewer Messages From Past Week ========

2/9/2010 11:54:11, error: Service Control Manager [7034]  - The AG Core Services service terminated unexpectedly.  It has done this 1 time(s).
2/9/2010 11:31:39, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
2/6/2010 09:34:43, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
2/6/2010 09:34:13, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the AGWinService service.
2/2/2010 18:47:34, error: DCOM [10005]  - DCOM got error  "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/2/2010 17:40:25, error: Dhcp [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 00508DE91418 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/2/2010 10:34:44, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
2/2/2010 10:34:44, error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.

==== End Of File ===========================
     
    Last edited: 2010/02/09
    joe645,
    #1
  2. 2010/02/09
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Once you post the requested logs I'm sure they can.

    @Analyst this is a followup from this thread in General Security.
     
    wildfire,
    #2


  3. to hide this advert.

  4. 2010/02/09
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #3
  5. 2010/02/09
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Sorry guys, I'm not quite sure how I add the files to my post.
     
    joe645,
    #4
  6. 2010/02/09
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Sounds easy but no can do. I can copy but no paste function appears in my "edit of post" I can't even drag them there. I feel a little stupid.
     
    joe645,
    #5
  7. 2010/02/09
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    trial and error, I found out how. thk
     
    joe645,
    #6
  8. 2010/02/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
  9. 2010/02/10
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Kiwee Toolbar

    Here are the logs you have requested:
    Malwarebytes' Anti-Malware 1.44
    Database version: 3718
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/9/2010 21:27:57
    mbam-log-2010-02-09 (21-27-57).txt

    Scan type: Quick Scan
    Objects scanned: 123004
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-10 00:01:48
    Windows 5.1.2600 Service Pack 3
    Running: 3429c5qu.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgtdapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x93FE16D0]

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\DRIVERS\ISECDRV.SYS entry point in "init" section [0xB9EE5760]
    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB97E1900]
    ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[516] SHELL32.dll!SHFileOperationW 7CA70A18 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\WINDOWS\system32\SearchIndexer.exe[3188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c dvd43llh.sys (dvd43llh.sys/RIF)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:08:36, on 2/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
    C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
    R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
    O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe "
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mL1fu61Tv.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
    O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [SacReminder] C:\Documents and Settings\Owner\Application Data\OfficeGuardian\reminder\SacReminder.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.earthlink.net
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: jejiyuta.dll c:\windows\system32\gusilaji.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O21 - SSODL: nibumopus - {a5bb9185-646c-4b66-a380-cae1d9404d96} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {a5bb9185-646c-4b66-a380-cae1d9404d96} - (no file)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    --
    End of file - 12081 bytes
     
    joe645,
    #8
  10. 2010/02/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go to Add\Remove and uninstall following:
    Kiwee Chatbar
    Kiwee Toolbar for Firefox
    Kiwee Toolbar for Internet Explorer
    Let me know, if any of them refuses to uninstall.

    When done...

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #9
  11. 2010/02/10
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Kiwee Toolbar

    Thanks for all the help. Hope this works;
    I had to post twice as the files were too large;OTL Extras logfile created on: 2/10/2010 19:37:16 - Run 1
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 110.97 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 232.19 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 74.52 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

    Computer Name: LEFT
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Owner\My Documents\utorrent.exe" = C:\Documents and Settings\Owner\My Documents\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{10f2b367-5abb-3ee2-b7c0-4babb603dbc7}" = Webshots Toolbar for Firefox
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
    "{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{59C9A627-5F4A-47c4-94FD-9A886F5AC971}" = PS330
    "{5bb71940-9c82-486c-9fd2-12a631edcdba}" = AmericanGreetings.com Toolbar for Firefox
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6991CF80-F82C-11D4-BD19-00D0B702AEC0}" = Intel(R) Security Driver
    "{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
    "{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B434487B-A7F6-49EF-A87D-5540A0ACED77}" = PrintingPress
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
    "{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
    "{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0 PDF Edition
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{c17590d2-ecb4-4b15-8820-f58798dcc118}" = Webshots Toolbar for IE
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{c83b53b8-8da0-32ba-8ccc-6573e8a75a82}" = Webshots Desktop
    "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{fba28920-8485-3586-980c-54c863eb45e6}" = Webshots Toolbar for Firefox
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
    "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
    "360Share Pro" = 360Share Pro(remove only)
    "7-Zip" = 7-Zip 4.62
    "Ace DivX Player_is1" = Ace DivX Player v2.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Audioro PSP Converter" = Audioro PSP Converter 2
    "AVG9Uninstall" = AVG 9.0
    "AviSynth" = AviSynth 2.5
    "AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
    "AVS DVD Copy_is1" = AVS DVD Copy version 3.1
    "AVS Media Player_is1" = AVS Media Player 3.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BFGC" = Big Fish Games Client
    "CCleaner" = CCleaner
    "CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "Defraggler" = Defraggler (remove only)
    "Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
    "Device Control" = Device Control
    "DVD43_is1" = DVD43 v4.4.0
    "EAXSet" = Creative EAX Settings
    "eBay Icon" = eBay Icon
    "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
    "Google Updater" = Google Updater
    "HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MGI_PRISM_V3_0" = MGI PhotoSuite III (Remove Only)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Silverlight" = Microsoft Silverlight
    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.2.2
    "PokerStars" = PokerStars
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "Simon - Dailygames.com" = Simon - Dailygames.com
    "SPEAKER" = Creative Speaker Settings
    "Taz In The City - Dailygames.com" = Taz In The City - Dailygames.com
    "Total Audio Converter_is1" = TotalAudioConverter
    "TurboTax 2009" = TurboTax 2009
    "Unlocker" = Unlocker 1.8.8
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Winamp" = Winamp
    "Winamp Toolbar" = Winamp Toolbar
    "Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
    "Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
    "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/26/2010 17:04:24 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in
    the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 1/30/2010 21:44:11 | Computer Name = LEFT | Source = USPS Shipping Assistant | ID = 0
    Description = Timestamp: 1/31/2010 01:44:11 Message: No default user preference exists.
    Severity:
    Error Process Id: 1308 Win32 Thread Id: 3744 Extended Properties: Exception - System.NullReferenceException:
    No default user preferences exist. at USPS.SmartClient.DomainModel.Repositories.UserPreferenceRepository.GetDefaultUserPreference()

    at USPS.SmartClient.DomainModel.Repositories.UserPreferenceRepository.CreateNewUserPreference(AddressBookContact
    contact)

    Error - 2/4/2010 15:02:11 | Computer Name = LEFT | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 2/7/2010 18:00:35 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\TURBOTAX\~2009
    SCHAERER J FORM 1040 INDIVIDUAL TAX RETURN.TAX2009> in the hash map cannot be
    updated. Context: Application, SystemIndex Catalog Details: A device attached to the
    system is not functioning. (0x8007001f)

    Error - 2/7/2010 18:00:35 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\TURBOTAX\~2009
    SCHAERER J FORM 1040 INDIVIDUAL TAX RETURN.TAX2009> in the hash map cannot be
    updated. Context: Application, SystemIndex Catalog Details: A device attached to the
    system is not functioning. (0x8007001f)

    Error - 2/7/2010 20:07:21 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\TURBOTAX\2009
    SCHAERER J FORM 1040 INDIVIDUAL TAX RETURN.TAX2009> in the hash map cannot be
    updated. Context: Application, SystemIndex Catalog Details: A device attached to the
    system is not functioning. (0x8007001f)

    Error - 2/7/2010 20:07:21 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\TURBOTAX\2009
    SCHAERER J FORM 1040 INDIVIDUAL TAX RETURN.TAX2009> in the hash map cannot be
    updated. Context: Application, SystemIndex Catalog Details: A device attached to the
    system is not functioning. (0x8007001f)

    Error - 2/9/2010 13:45:35 | Computer Name = LEFT | Source = pctsSvc.exe | ID = 0
    Description =

    Error - 2/9/2010 16:09:38 | Computer Name = LEFT | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in
    the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 2/10/2010 04:04:01 | Computer Name = LEFT | Source = AGWinService | ID = 3
    Description = The instance's SvcRun() method failed File "C:\Program Files\AGI\common\win32\lib\win32serviceutil.py ",
    line 805, in SvcRun self.SvcDoRun() File "c:\pyagcore\pyagcore/agservice.py ",
    line 73, in SvcDoRun File "c:\pyagcore\pyagcore/search/iesearchprotection.py ",
    line 295, in Start File "c:\pyagcore\pyagcore/search/iesearchprotection.py ", line
    250, in StartProtection File "c:\pyagcore\pyagcore/search/iesearchprotection.py ",
    line 223, in StartURLSearchHooksMonitor File "c:\pyagcore\pyagcore/regutil.py ",
    line 37, in __init__ elif type(value)==types.IntType: <class 'pywintypes.error'>:
    (6, 'RegOpenKeyEx', 'The handle is invalid.')

    [ System Events ]
    Error - 2/10/2010 01:11:56 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%2

    Error - 2/10/2010 01:11:56 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The SSPORT service failed to start due to the following error: %%2

    Error - 2/10/2010 01:14:59 | Computer Name = LEFT | Source = Service Control Manager | ID = 7034
    Description = The AG Core Services service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/10/2010 01:35:10 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%2

    Error - 2/10/2010 01:35:10 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The SSPORT service failed to start due to the following error: %%2

    Error - 2/10/2010 04:04:46 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%2

    Error - 2/10/2010 04:04:46 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The SSPORT service failed to start due to the following error: %%2

    Error - 2/10/2010 14:50:11 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%2

    Error - 2/10/2010 14:50:11 | Computer Name = LEFT | Source = Service Control Manager | ID = 7000
    Description = The SSPORT service failed to start due to the following error: %%2

    Error - 2/10/2010 23:32:23 | Computer Name = LEFT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service wuauserv with
    arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


    < End of report >
     
    joe645,
    #10
  12. 2010/02/10
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Kiwee Toolbar

    2nd File
    OTL logfile created on: 2/10/2010 19:37:16 - Run 1
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 110.97 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 232.19 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 74.52 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

    Computer Name: LEFT
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/02/10 19:29:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/02/10 10:49:57 | 000,030,112 | ---- | M] (AG Interactive) -- C:\WINDOWS\Temp\AGI\Installer.exe
    PRC - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
    PRC - [2010/01/26 06:37:59 | 002,676,884 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\common\bootstrapper.exe
    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2009/12/22 09:07:55 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/12/10 13:19:16 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/10 13:19:16 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/12/08 12:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
    PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
    PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    PRC - [2009/11/08 12:29:26 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/08 12:29:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/11/08 12:29:24 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2009/11/08 12:29:24 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2009/11/08 12:29:23 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/10/25 23:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/07/01 08:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/03/31 15:04:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/01/20 22:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2009/01/20 22:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2009/01/20 22:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2008/12/18 06:16:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/11/17 17:50:14 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
    PRC - [2007/05/08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    PRC - [2005/04/27 05:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2004/03/22 12:10:00 | 000,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    PRC - [2002/03/19 08:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
    PRC - [2001/04/27 02:00:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/02/10 19:29:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2009/10/25 23:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    SRV - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
    SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2009/11/08 12:29:24 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/11/08 12:29:23 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/05/26 13:42:06 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - [2009/03/03 10:04:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/02/22 19:12:32 | 000,010,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
    SRV - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
    SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/04/27 05:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
    SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar "
    FF - prefs.js..browser.search.defaultthis.engineName: "DailyGames Customized Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2351701&SearchSource=3&q={searchTerms} "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.imgag.com/?appid=kwtb&c=GNKWO50020&sbs=7&sc=2&f=homepage&vernum=3.2&uid=&did={d21c8300-0157-11de-b6ec-00508de91418}&q= "
    FF - prefs.js..extensions.enabledItems: {55e19115-8ef8-465c-90ac-deacc491b0cc}:2.5.2.14
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.2.106
    FF - prefs.js..keyword.URL: "http://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={d21c8300-0157-11de-b6ec-00508de91418}&q= "

    FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@webshots.com: C:\Program Files\Webshots\3.1.5.7613\Firefox
    FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@ag.com: C:\Program Files\AG Toolbar\Firefox\1.0 [2009/10/13 14:31:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 13:20:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/30 09:43:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 16:40:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 14:15:53 | 000,000,000 | ---D | M]

    [2010/01/10 16:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/02/09 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions
    [2010/01/31 17:31:02 | 000,000,000 | ---D | M] (DailyGames Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions\{55e19115-8ef8-465c-90ac-deacc491b0cc}
    [2010/01/12 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions\toolbar@ask.com
    [2010/01/10 16:40:42 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\searchplugins\americangreetingscom-toolbar.xml
    [2009/12/23 19:10:54 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\searchplugins\conduit.xml
    [2010/02/09 16:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

    O1 HOSTS File: ([2010/01/19 21:40:03 | 000,297,070 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 10262 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
    O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
    O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mL1fu61Tv.exe File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [SacReminder] C:\Documents and Settings\Owner\Application Data\OfficeGuardian\reminder\SacReminder.exe (TODO: <Company name>)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnce: [UnifiedToolbar\Cleanup] C:\Documents and Settings\Owner\Local Settings\Temp\UnifiedToolbarCleanupScript.bat ()
    O4 - HKLM..\RunOnce: [UnifiedToolbarIEIE\Cleanup] C:\Documents and Settings\Owner\Local Settings\Temp\UnifiedToolbarIEIE_Win32MiscCleanup_DELETE_ME.bat ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: earthlink.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (jejiyuta.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\gusilaji.dll) - C:\WINDOWS\System32\gusilaji.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O21 - SSODL: nibumopus - {a5bb9185-646c-4b66-a380-cae1d9404d96} - CLSID or File not found.
    O22 - SharedTaskScheduler: {a5bb9185-646c-4b66-a380-cae1d9404d96} - gahurihor - Reg Error: Key error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/21 01:48:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell - " " = AutoRun
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell\AutoRun\command - " " = H:\StarterOfficeGuardian.exe -- File not found
    O33 - MountPoints2\H\Shell - " " = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - " " = H:\StarterOfficeGuardian.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/21 01:47:32 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17173366603513856)

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/02/10 19:29:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/10 00:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/02/10 00:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar
    [2010/02/09 12:01:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/02/09 11:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
    [2010/02/09 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
    [2010/02/09 09:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
    [2010/02/09 09:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010/02/06 17:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TurboTax
    [2010/02/06 16:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TurboTax
    [2010/02/06 16:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
    [2010/02/06 16:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Intuit
    [2010/02/04 11:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/02/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/02/02 18:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\StartMenuManager
    [2010/02/02 18:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\StartMenuManager
    [2010/02/02 13:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2010/02/02 13:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpinTop
    [2010/02/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Intuit
    [2010/02/02 10:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
    [2010/02/02 10:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
    [2010/02/02 10:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
    [2010/02/02 10:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
    [2010/02/02 10:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
    [2010/01/31 17:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
    [2010/01/31 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/01/31 17:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dailygames.com
    [2010/01/30 17:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\USPS
    [2010/01/30 17:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ShippingAssistant
    [2010/01/28 13:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2009/11/08 12:20:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/11/08 12:20:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/10/16 19:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/06/30 12:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2009/05/26 14:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/05/26 13:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2009/02/21 18:30:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2009/02/21 18:29:48 | 023,429,976 | ---- | C] (Stamps.com, Inc. ) -- C:\Program Files\stamps.exe
    [2009/02/21 01:48:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/02/21 01:48:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/02/10 19:33:44 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Owner\UnifiedToolbarCleanup.bat
    [2010/02/10 19:29:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/02/10 19:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/02/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
    [2010/02/10 16:08:44 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
    [2010/02/10 14:24:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/02/10 14:18:55 | 055,441,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/02/10 12:35:33 | 733,943,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\El.Dorado(1966)DvdRip (ENG).avi
    [2010/02/10 10:51:47 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
    [2010/02/10 10:50:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/10 10:48:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/10 10:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/10 10:48:51 | 2683,883,520 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/10 00:13:51 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/02/10 00:13:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/02/10 00:13:44 | 021,935,102 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/02/09 16:01:45 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/02/09 14:15:54 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/02/09 10:19:57 | 002,392,290 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\watersoftner.pdf
    [2010/02/09 09:11:35 | 000,347,312 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/02/09 08:56:12 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Webshots Desktop.lnk
    [2010/02/08 10:15:06 | 000,000,491 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/02/08 10:15:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/08 10:15:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2010/02/07 15:44:03 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/02/05 20:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/02/05 09:30:24 | 000,009,812 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\justthefax.odt
    [2010/02/04 15:48:56 | 000,409,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2008 Schaerer J Form 1040 Individual Tax Return.tax2008
    [2010/02/02 18:58:43 | 000,000,066 | ---- | M] () -- C:\ioY.ini
    [2010/02/02 18:49:01 | 000,435,008 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/02/02 17:41:11 | 003,557,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/01/30 17:42:50 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/30 17:41:02 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
    [2010/01/30 11:32:33 | 000,014,787 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cenlar.odt
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/02/10 19:33:44 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Owner\UnifiedToolbarCleanup.bat
    [2010/02/10 11:34:46 | 733,943,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\El.Dorado(1966)DvdRip (ENG).avi
    [2010/02/09 16:01:43 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/02/09 10:19:57 | 002,392,290 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\watersoftner.pdf
    [2010/02/08 21:26:21 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Webshots Desktop.lnk
    [2010/02/06 23:31:22 | 000,665,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/02/06 17:46:52 | 000,409,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2008 Schaerer J Form 1040 Individual Tax Return.tax2008
    [2010/02/05 09:30:24 | 000,009,812 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\justthefax.odt
    [2010/02/02 18:58:43 | 000,000,066 | ---- | C] () -- C:\ioY.ini
    [2010/02/02 10:56:06 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/01/30 17:42:50 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/30 17:41:02 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
    [2010/01/26 16:34:34 | 000,000,930 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/01/15 16:20:25 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
    [2010/01/12 19:43:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
    [2010/01/12 19:43:34 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
    [2010/01/12 19:43:34 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
    [2010/01/12 19:43:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/01/12 19:43:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
    [2010/01/12 19:43:34 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
    [2010/01/12 19:43:34 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
    [2010/01/12 19:43:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
    [2010/01/12 19:43:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
    [2010/01/11 23:11:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/31 21:10:26 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/08/31 21:10:26 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/08/31 21:10:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/08/31 21:10:26 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/08/20 15:06:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AVSMediaPlayer.m3u
    [2009/08/05 01:32:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
    [2009/07/02 13:17:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Animals
    [2009/07/02 13:17:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Analog Mono
    [2009/07/02 13:17:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    [2009/07/02 13:15:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
    [2009/07/02 13:15:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Ambience
    [2009/07/02 13:15:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2009/05/13 12:33:35 | 000,000,079 | ---- | C] () -- C:\WINDOWS\Serial.ini
    [2009/05/10 02:38:23 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
    [2009/05/10 02:38:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2009/04/16 11:40:39 | 000,061,025 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2009/04/16 11:40:39 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2009/04/16 11:35:24 | 000,045,030 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2009/04/16 11:35:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2009/04/14 15:04:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/04/14 14:56:32 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/04/14 13:23:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
    [2009/04/14 13:23:00 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
    [2009/04/14 13:23:00 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
    [2009/04/14 13:23:00 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
    [2009/04/14 13:23:00 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
    [2009/04/14 13:22:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
    [2009/04/14 13:22:39 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
    [2009/04/14 13:22:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2009/04/14 13:22:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2009/04/14 13:22:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
    [2009/04/14 13:22:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
    [2009/04/14 13:22:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2009/04/12 16:42:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
    [2009/04/03 15:28:07 | 000,000,994 | ---- | C] () -- C:\WINDOWS\disney.ini
    [2009/03/31 14:58:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
    [2009/03/08 22:58:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/08 14:17:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/03/08 14:17:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/02/27 16:35:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2009/02/22 19:12:24 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/22 19:12:24 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/02/22 06:00:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2009/02/22 05:07:46 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2009/02/22 05:07:46 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2009/02/22 04:48:02 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
    [2009/02/21 07:47:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2009/02/21 02:10:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2009/02/21 02:09:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2009/02/21 02:06:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2009/02/21 01:44:06 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
    [2009/02/21 01:44:05 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
    [2009/02/21 01:44:04 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2008/07/25 08:56:22 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2007/09/27 01:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 01:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 01:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2005/05/03 18:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

    ========== LOP Check ==========

    [2009/04/14 14:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/02/10 19:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
    [2009/11/09 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009/11/08 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/10/21 20:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2009/07/02 13:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electric Piano
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flange Saw
    [2009/07/02 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2009/03/31 13:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/01/19 21:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2010/01/19 22:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/02/09 10:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2009/03/13 03:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/09/09 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/02 16:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8AE45C14-3559-45A6-AF34-03CE304FA276}
    [2009/04/26 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/01/15 22:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
    [2010/02/10 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\agi
    [2010/01/19 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AskToolbar
    [2009/02/22 06:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/13 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2009/04/12 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
    [2009/03/31 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2009/12/13 21:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
    [2010/02/02 13:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2009/03/20 03:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2009/07/27 21:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
    [2010/01/28 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeGuardian
    [2009/09/15 08:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
    [2009/02/22 05:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2009/09/15 08:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
    [2009/02/25 05:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif
    [2009/09/14 19:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity
    [2009/08/31 08:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
    [2009/08/31 08:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Setup
    [2010/02/02 13:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
    [2009/11/16 08:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
    [2010/02/02 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StartMenuManager
    [2009/06/19 01:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
    [2010/02/10 12:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2009/06/30 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
    [2009/02/21 02:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
    [2009/03/17 19:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
    [2009/08/28 01:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation
    [2009/10/21 06:54:37 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
    [2010/02/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
    [2010/01/16 01:18:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
    [2010/02/10 19:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2009/02/25 07:07:23 | 000,007,016 | ---- | M] () -- C:\qvtgt.exe
    [1 C:\*.tmp files -> C:\*.tmp -> ]


    < MD5 for: AGP440.SYS >
    [2008/12/18 06:28:03 | 009,129,034 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/04/13 22:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
    [2008/04/13 14:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2008/12/18 06:28:03 | 009,129,034 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/13 15:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 03:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/12/18 06:17:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2008/04/14 03:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C947F6D9
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C77207
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48D30F15
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE2905A
    < End of report >
     
    joe645,
    #11
  13. 2010/02/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
FF - prefs.js..browser.search.defaultenginename:  "Kiwee Toolbar "
[2010/02/10 00:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #12
  14. 2010/02/11
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Log Entry

    Here is the Quick Scan Log, the second log is the one left after the FIX, FYI.
    OTL logfile created on: 2/11/2010 10:12:12 - Run 2
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop\Security
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 110.72 Gb Free Space | 47.55% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 232.19 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 74.52 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

    Computer Name: LEFT
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/02/10 19:29:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Security\OTL.exe
    PRC - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
    PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
    PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2009/12/22 09:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/12/22 09:07:55 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/12/10 13:19:16 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/12/10 13:19:16 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/12/08 12:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
    PRC - [2009/11/25 11:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
    PRC - [2009/11/08 12:29:26 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/08 12:29:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/11/08 12:29:24 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2009/11/08 12:29:24 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2009/11/08 12:29:23 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/10/25 23:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/07/01 08:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/05/11 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
    PRC - [2009/01/20 22:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2009/01/20 22:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2009/01/20 22:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2008/12/18 06:16:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/11/17 17:50:14 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
    PRC - [2007/05/08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    PRC - [2005/04/27 05:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2004/03/22 12:10:00 | 000,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    PRC - [2002/03/19 08:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
    PRC - [2001/04/27 02:00:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/02/10 19:29:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Security\OTL.exe
    MOD - [2009/10/25 23:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    SRV - [2010/01/26 15:48:24 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
    SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/11/08 12:29:24 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/11/08 12:29:23 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/05/26 13:42:06 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - [2009/03/03 10:04:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/02/22 19:12:32 | 000,010,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
    SRV - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
    SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/04/27 05:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
    SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar "
    FF - prefs.js..browser.search.defaultthis.engineName: "DailyGames Customized Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2351701&SearchSource=3&q={searchTerms} "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.imgag.com/?appid=kwtb&c=GNKWO50020&sbs=7&sc=2&f=homepage&vernum=3.2&uid=&did={d21c8300-0157-11de-b6ec-00508de91418}&q= "
    FF - prefs.js..extensions.enabledItems: {55e19115-8ef8-465c-90ac-deacc491b0cc}:2.5.2.14
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.2.106
    FF - prefs.js..extensions.enabledItems: unifiedtoolbar@aginteractive.com:3.0
    FF - prefs.js..keyword.URL: "http://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={d21c8300-0157-11de-b6ec-00508de91418}&q= "

    FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@webshots.com: C:\Program Files\Webshots\3.1.5.7613\Firefox
    FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@ag.com: C:\Program Files\AG Toolbar\Firefox\1.0 [2009/10/13 14:31:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 13:20:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/30 09:43:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox [2010/02/11 09:30:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 16:40:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 14:15:53 | 000,000,000 | ---D | M]

    [2010/01/10 16:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/02/11 09:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions
    [2010/01/31 17:31:02 | 000,000,000 | ---D | M] (DailyGames Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions\{55e19115-8ef8-465c-90ac-deacc491b0cc}
    [2010/01/12 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\extensions\toolbar@ask.com
    [2010/01/10 16:40:42 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\searchplugins\americangreetingscom-toolbar.xml
    [2009/12/23 19:10:54 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pjunwtcz.default\searchplugins\conduit.xml
    [2010/02/11 09:35:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

    O1 HOSTS File: ([2010/02/11 09:46:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
    O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
    O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mL1fu61Tv.exe File not found
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [SacReminder] C:\Documents and Settings\Owner\Application Data\OfficeGuardian\reminder\SacReminder.exe (TODO: <Company name>)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: earthlink.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (jejiyuta.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\gusilaji.dll) - C:\WINDOWS\System32\gusilaji.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O21 - SSODL: nibumopus - {a5bb9185-646c-4b66-a380-cae1d9404d96} - CLSID or File not found.
    O22 - SharedTaskScheduler: {a5bb9185-646c-4b66-a380-cae1d9404d96} - gahurihor - Reg Error: Key error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/21 01:48:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell - " " = AutoRun
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{3c47c54e-fbc7-11de-b1c6-00508de91418}\Shell\AutoRun\command - " " = H:\StarterOfficeGuardian.exe -- File not found
    O33 - MountPoints2\H\Shell - " " = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - " " = H:\StarterOfficeGuardian.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/02/11 09:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
    [2010/02/11 09:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/02/11 09:45:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/02/11 09:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/02/11 09:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kiwee Toolbar
    [2010/02/11 09:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
    [2010/02/11 09:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
    [2010/02/10 20:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/02/10 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2010/02/10 00:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/02/10 00:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar
    [2010/02/09 12:01:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/02/09 11:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
    [2010/02/09 09:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010/02/09 09:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/02/09 09:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010/02/06 17:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TurboTax
    [2010/02/06 16:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TurboTax
    [2010/02/06 16:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
    [2010/02/06 16:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Intuit
    [2010/02/04 11:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/02/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/02/02 18:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\StartMenuManager
    [2010/02/02 18:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\StartMenuManager
    [2010/02/02 13:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2010/02/02 13:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpinTop
    [2010/02/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Intuit
    [2010/02/02 10:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
    [2010/02/02 10:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
    [2010/02/02 10:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
    [2010/02/02 10:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
    [2010/02/02 10:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
    [2010/01/31 17:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
    [2010/01/31 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/01/31 17:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dailygames.com
    [2010/01/30 17:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\USPS
    [2010/01/30 17:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ShippingAssistant
    [2010/01/28 13:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2009/11/08 12:20:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/11/08 12:20:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/10/16 19:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/06/30 12:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2009/05/26 14:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/05/26 13:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2009/02/21 18:30:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2009/02/21 18:29:48 | 023,429,976 | ---- | C] (Stamps.com, Inc. ) -- C:\Program Files\stamps.exe
    [2009/02/21 01:48:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/02/21 01:48:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

    ========== Files - Modified Within 14 Days ==========

    [2010/02/11 10:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/02/11 10:00:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/11 09:59:57 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/02/11 09:59:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/11 09:59:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/11 09:59:27 | 2683,883,520 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/11 09:57:58 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/02/11 09:57:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/02/11 09:47:23 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/02/11 09:46:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/02/11 09:34:22 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
    [2010/02/11 09:33:20 | 055,460,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/02/10 21:19:25 | 022,468,954 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/02/10 20:26:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/02/10 20:26:59 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/02/10 19:33:44 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Owner\UnifiedToolbarCleanup.bat
    [2010/02/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
    [2010/02/10 16:08:44 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
    [2010/02/09 16:01:45 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/02/09 14:15:54 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/02/09 10:19:57 | 002,392,290 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\watersoftner.pdf
    [2010/02/09 09:11:35 | 000,347,312 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/02/09 08:56:12 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Webshots Desktop.lnk
    [2010/02/08 10:15:06 | 000,000,491 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/02/08 10:15:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/08 10:15:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2010/02/07 15:44:03 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/02/05 20:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/02/05 09:30:24 | 000,009,812 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\justthefax.odt
    [2010/02/04 15:48:56 | 000,409,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2008 Schaerer J Form 1040 Individual Tax Return.tax2008
    [2010/02/02 18:58:43 | 000,000,066 | ---- | M] () -- C:\ioY.ini
    [2010/02/02 18:49:01 | 000,435,008 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/02/02 17:41:11 | 003,557,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/01/30 17:42:50 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/30 17:41:02 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
    [2010/01/30 11:32:33 | 000,014,787 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cenlar.odt

    ========== Files Created - No Company Name ==========

    [2010/02/11 09:47:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/02/10 20:26:59 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/02/10 20:26:59 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/02/10 19:33:44 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Owner\UnifiedToolbarCleanup.bat
    [2010/02/09 16:01:43 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/02/09 10:19:57 | 002,392,290 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\watersoftner.pdf
    [2010/02/08 21:26:21 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Webshots Desktop.lnk
    [2010/02/06 23:31:22 | 000,665,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/02/06 17:46:52 | 000,409,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2008 Schaerer J Form 1040 Individual Tax Return.tax2008
    [2010/02/05 09:30:24 | 000,009,812 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\justthefax.odt
    [2010/02/02 18:58:43 | 000,000,066 | ---- | C] () -- C:\ioY.ini
    [2010/02/02 10:56:06 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/01/30 17:42:50 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/30 17:41:02 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
    [2010/01/26 16:34:34 | 000,000,930 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/01/15 16:20:25 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
    [2010/01/12 19:43:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
    [2010/01/12 19:43:34 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
    [2010/01/12 19:43:34 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
    [2010/01/12 19:43:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/01/12 19:43:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
    [2010/01/12 19:43:34 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
    [2010/01/12 19:43:34 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
    [2010/01/12 19:43:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
    [2010/01/12 19:43:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
    [2010/01/11 23:11:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/08/31 21:10:26 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/08/31 21:10:26 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/08/31 21:10:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/08/31 21:10:26 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/08/20 15:06:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AVSMediaPlayer.m3u
    [2009/08/05 01:32:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
    [2009/07/02 13:17:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Animals
    [2009/07/02 13:17:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Analog Mono
    [2009/07/02 13:17:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    [2009/07/02 13:15:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
    [2009/07/02 13:15:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Ambience
    [2009/07/02 13:15:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2009/05/13 12:33:35 | 000,000,079 | ---- | C] () -- C:\WINDOWS\Serial.ini
    [2009/05/10 02:38:23 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
    [2009/05/10 02:38:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2009/04/16 11:40:39 | 000,061,025 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2009/04/16 11:40:39 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2009/04/16 11:35:24 | 000,045,030 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2009/04/16 11:35:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2009/04/14 15:04:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/04/14 14:56:32 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/04/14 13:23:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
    [2009/04/14 13:23:00 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
    [2009/04/14 13:23:00 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
    [2009/04/14 13:23:00 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
    [2009/04/14 13:23:00 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
    [2009/04/14 13:22:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
    [2009/04/14 13:22:39 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
    [2009/04/14 13:22:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2009/04/14 13:22:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2009/04/14 13:22:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
    [2009/04/14 13:22:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
    [2009/04/14 13:22:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2009/04/12 16:42:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
    [2009/04/03 15:28:07 | 000,000,994 | ---- | C] () -- C:\WINDOWS\disney.ini
    [2009/03/31 14:58:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
    [2009/03/08 22:58:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/08 14:17:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/03/08 14:17:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/02/27 16:35:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2009/02/22 19:12:24 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2009/02/22 19:12:24 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2009/02/22 06:00:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2009/02/22 05:07:46 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2009/02/22 05:07:46 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2009/02/22 04:48:02 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
    [2009/02/21 07:47:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2009/02/21 02:10:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2009/02/21 02:09:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2009/02/21 02:06:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2009/02/21 01:44:06 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
    [2009/02/21 01:44:05 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
    [2009/02/21 01:44:04 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2008/07/25 08:56:22 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2007/09/27 01:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 01:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 01:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2005/05/03 18:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

    ========== LOP Check ==========

    [2009/04/14 14:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/02/11 09:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
    [2009/11/09 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2009/11/08 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/10/21 20:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2009/07/02 13:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electric Piano
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flange Saw
    [2010/02/11 09:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
    [2009/07/02 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2009/03/31 13:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/01/19 21:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2010/01/19 22:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/02/09 10:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/07/02 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2010/02/10 20:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/03/13 03:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/09/09 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/02 16:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8AE45C14-3559-45A6-AF34-03CE304FA276}
    [2009/04/26 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/01/15 22:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
    [2010/02/11 09:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\agi
    [2010/01/19 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AskToolbar
    [2009/02/22 06:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/13 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
    [2009/04/12 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
    [2009/03/31 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2009/12/13 21:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
    [2010/02/02 13:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2009/03/20 03:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2009/07/27 21:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
    [2010/01/28 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeGuardian
    [2009/09/15 08:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
    [2009/02/22 05:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2009/09/15 08:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
    [2009/02/25 05:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif
    [2009/09/14 19:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity
    [2009/08/31 08:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
    [2009/08/31 08:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Setup
    [2010/02/02 13:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
    [2009/11/16 08:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
    [2010/02/02 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StartMenuManager
    [2009/06/19 01:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
    [2010/02/10 20:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2009/06/30 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
    [2009/02/21 02:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
    [2009/03/17 19:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
    [2009/08/28 01:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation
    [2009/10/21 06:54:37 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
    [2010/02/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
    [2010/01/16 01:18:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
    [2010/02/11 10:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C947F6D9
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C77207
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48D30F15
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE2905A
    < End of report >

    All processes killed
    Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar "> in the current context!
    Error: Unable to interpret <[2010/02/10 00:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar> in the current context!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 224991 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 471504 bytes
    ->Temporary Internet Files folder emptied: 102431 bytes
    ->Apple Safari cache emptied: 1439333 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 5068712 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 509763 bytes

    User: Owner
    ->Temp folder emptied: 32823372 bytes
    ->Temporary Internet Files folder emptied: 100872928 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 98116078 bytes
    ->Apple Safari cache emptied: 39459451 bytes

    %systemdrive% .tmp files removed: 14648 bytes
    %systemroot% .tmp files removed: 2385509 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6759702 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9462730 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1146807 bytes
    RecycleBin emptied: 33006728 bytes

    Total Files Cleaned = 317.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.1.28.0 log created on 02112010_094548

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Owner\Local Settings\Temp\MSI9d132.LOG moved successfully.
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_1300.dat not found!

    Registry entries deleted on Reboot...
     
    joe645,
    #13
  15. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL log shows:
    Re-run OTL script from my reply #12.
    Make sure, you copy a whole script.
    It looks to me like you missed :OTL line, maybe.
     
    broni,
    #14
  16. 2010/02/11
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Kiwee Resolved???

    here is log; it seems that Kiwee is removed finally.
    All processes killed
    ========== OTL ==========
    Prefs.js: "Kiwee Toolbar" removed from browser.search.defaultenginename
    C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar\Logs folder moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Kiwee Toolbar folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 7984 bytes
    ->Temporary Internet Files folder emptied: 63378 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 66014396 bytes
    ->Apple Safari cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2590062 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 17434 bytes

    Total Files Cleaned = 66.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.1.28.0 log created on 02112010_160033

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    joe645,
    #15
  17. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There you go :)

    Any traces of Kiwee bothering you?
     
    broni,
    #16
    joe645 likes this.
  18. 2010/02/11
    joe645

    joe645 Well-Known Member Thread Starter

    Joined:
    2004/01/26
    Messages:
    435
    Likes Received:
    1
    Thanks...

    All traces of it seem to have been removed. I found even though I could use Unlocker and remove the directory, there were other files not in the Kiwee Directory which would activate the Toolbar when I went to my Firefox Browser. It would change my home page. I finallly discovered some modified files for that day which led me to delete some application files called Explorer but not connected to IE. In any case whatever worked and I'm very thankful for it. I also found that this Kiwee Toolbar is either directly or indirectly connected with American Greetings. The corp addresses are the same, yet they only will admit they own Kiwee but have no knowledge of how to remove it. I said that is hard to believe and canceled my membership with them. Once again, thanks.
     
    joe645,
    #17
  19. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...