Hijackthis Problems

I downloaded the Hijackthis log as recommended as a new user. I was able to use it as instructed as well. Now, this program randomly pops up EVERY FEW MINUTES. I close it and it does it again. What should I do? Is this a result of the virus on my computer?

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

I followed the instructions to ComboFix and when I attempted to run the program two things happened.
1) I got this message:

C:\32788R22FWJFW\iexplore.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item.

I have administrative access on this computer, so I right-clicked and selected Run as an Administrator.
2) Next message:

incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.

I have Windows Vista. Also earlier in the day when I attempted to access Calculator and Notepad I could not get into either and I got the first message above. Though now when I tried again, I did not have an issue.

Please advise. Thanks

RKill by Grinler
Link #1
Link #2
Link #3

• Download Link #1.
  
• Save it to your Desktop.
  
• Double click the RKill desktop icon.
  If you are using Vista please right click and run as Admin!
  
• A black screen will briefly flash indicating a successful run.
  
• If this does not occur please delete that application and download Link #2.
  
• Continue process until the tool runs.
  
• If the tool does not run from any of the links tell me about it.
  

=====================

Please download A-Squared HiJackFree from here and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.

Logfile of HiJackFree v3.0
Scan saved at 3:24:43 PM, on 3/18/2010
Platform: Windows Vista64 (Windows NT 6.0.6002)
MSIE: Internet Explorer v 8.0 (8.0.6001.18882)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\mHotkey.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\splwow64.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\dllhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: - {AE7CD045-E861-484f-8273-0445EE161910} -
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKLM\..\Run: [cdloader] "C:\Users\Broadcast\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O7 - Regedit - Enabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra "Tools" menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFBAR.ICO
O14 - IERESET.INF: SearchAssistant=http://www.gateway.com/g/sidepanel.html?Ch=&SubCH=HSN&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4640-UBC01A
O14 - IERESET.INF: CustomizeSearch=
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/beje2/popcaploader.cab
O21 - ShellServiceObjectDelayLoad: WebCheck -
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe
O23 - Service: AG Windows Service - C:\Program Files (x86)\AGI\common\win32\PythonService.exe
O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe
O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: AVG Free8 WatchDog - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Base Filtering Engine - C:\Windows\system32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe
O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe
O23 - Service: DFSR - C:\Windows\system32\DFSR.exe
O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe
O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe
O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
O23 - Service: Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
O23 - Service: Windows Media Center Service Launcher - C:\Windows\\system32\svchost.exe
O23 - Service: ReadyBoost Service - C:\Windows\system32\svchost.exe
O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe
O23 - Service: EventSystem - C:\Windows\system32\svchost.exe
O23 - Service: WS Discovery Service - C:\Windows\system32\svchost.exe
O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Windows Font Cache Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Windows Live Family Safety - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
O23 - Service: GameConsoleService - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca85fba6ca78c8) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HID Service - C:\Windows\system32\svchost.exe
O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: PIXMA Extended Survey Program - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IKE extension - C:\Windows\system32\svchost.exe
O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe
O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe
O23 - Service: KeyIso - C:\Windows\system32\lsass.exe
O23 - Service: KtmRm - C:\Windows\System32\svchost.exe
O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe
O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe
O23 - Service: McAfee Security Scan Component Host Service - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Media Center Resources - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe
O23 - Service: MSCamSvc - C:\Program Files\Microsoft LifeCam\MSCamS64.exe
O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe
O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe
O23 - Service: Windows Installer International Messages - C:\Windows\system32\msiexec
O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe
O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe
O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Network Profile Management UI - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe
O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service: Office Source Engine - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe
O23 - Service: x86 Performance Counter Host - C:\Windows\SysWow64\perfhost.exe
O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe
O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe
O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe
O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe
O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe
O23 - Service: Remote Access AutoDial Manager - C:\Windows\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\Windows\system32\svchost.exe
O23 - Service: Dynamic Interface Manager - C:\Windows\system32\svchost.exe
O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe
O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe
O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe
O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Windows Backup Service - C:\Windows\system32\svchost.exe
O23 - Service: SeaPort - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe
O23 - Service: Terminal Services Configuration service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe
O23 - Service: Software Licensing UI Notification Service - C:\Windows\system32\svchost.exe
O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe
O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN). - C:\Windows\system32\svchost.exe
O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe
O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Windows(TM) Telephony Server - C:\Windows\System32\svchost.exe
O23 - Service: TBS Service - C:\Windows\System32\svchost.exe
O23 - Service: Terminal Server Remote Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe
O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe
O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe
O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe
O23 - Service: Microsoft Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe
O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe
O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe
O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe
O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe
O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Defender - C:\Windows\System32\svchost.exe
O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe
O23 - Service: WMI - C:\Windows\system32\svchost.exe
O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: WMPNetworkSvc - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe
O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe
O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe
O23 - Service: XAudioService - C:\Windows\system32\DRIVERS\xaudio64.exe
O23 - Service: Yahoo! Updater - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

Hmm.. could not find it there. If this program does not start, try RKill again, then run the program.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.44
Database version: 3885
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/19/2010 2:16:37 PM
mbam-log-2010-03-19 (14-16-37).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Objects scanned: 854656
Time elapsed: 2 hour(s), 36 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jay D\Downloads\Dragon NaturallySpeaking 10.1 Preffered (1 dvd)\CRACK\Nuance_KeyMaker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jay D\Downloads\Xara Xtreme Pro 5.1.0.8917 DL [By Black Knight]\Patch1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\Adobe Visual Communicator 3.0.3129.0\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Broadcast\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Broadcast\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Broadcast\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.




After I restart, my computer is giving me this message.

Windows Defender
Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.

I got this message once before this and I just got it when I had to restart after this scan. I did see the Windows Defender folder in my start menu under programs, and I do not recall ever seeing it there before. I have seen that name as a virus as well over the net, so I have not opened it at all. Please advise. Thank you.

Running from: C:\Users\Broadcast\Desktop\Win32kDiag.exe

Log file at : C:\Users\Broadcast\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-03-19 14:18:56 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()





Finished!

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

=======================================

Please download V-Tool, and save to your Desktop.

• Double-click on vtool.zip, and extract the file to your Desktop.
  
• Double-click on vtool.cmd to start.
  
• !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
  
• It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
  
• Post the contents of it in your next reply along with the Stealth MBR Log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

V-Tool by DragonMaster Jay

Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3838.1677 [GMT -4:00]

Username: Broadcast - Date: 03/20/2010 - Time: 12:29:14 - Number of processors: 2 - Arch.: AMD64 SF:


((((( Security Software information )))))

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

((((( System File Verify )))))

c:\windows\system32\eventlog.dll is missing! (If XP or lower)
c:\windows\system32\drivers\beep.sys is missing!

((((( System File Enumeration )))))

Volume in drive C is Partition_1
Volume Serial Number is 3CBD-EA70

Directory of C:\WINDOWS\System32

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 967,680 bytes

Directory of C:\WINDOWS\System32\drivers

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2

atapi.sys
1 File(s) 22,584 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79

atapi.sys
1 File(s) 20,072 bytes

Directory of C:\WINDOWS\SysWOW64

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 781,824 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c

cngaudit.dll
1 File(s) 14,848 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048

scecli.dll
1 File(s) 235,520 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94

scecli.dll
1 File(s) 235,520 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d

netlogon.dll
1 File(s) 716,800 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9

netlogon.dll
1 File(s) 717,312 bytes

Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2

atapi.sys
1 File(s) 22,584 bytes

Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88

netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4

netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

cngaudit.dll
1 File(s) 11,776 bytes

Total Files Listed:
22 File(s) 5,348,960 bytes
0 Dir(s) 283,042,242,560 bytes free

-----------------------------

+++ End-of-file +++

Sorry. Please re-run the Stealth MBR Rootkit Detector, but to do it, please right-click on it and click Run as Administrator.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3894
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/21/2010 4:29:59 PM
mbam-log-2010-03-21 (16-29-59).txt

Scan type: Quick Scan
Objects scanned: 121729
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I know that my problem in this post was with my hijackthis, but I was noticing that I saw less and less popups and was getting better functionality as we went through this process. Is my actual virus being removed as well?

I had another post called Vista Defender and it had the log from hijackthis in there, but no one responded to it and I could not bump it because it was locked. Now it's in the Trash Incinerator. I had a post about that too, but nothing happened. lol What should I do?

Wait till you get this computer fixed, then re-run HijackThis on that computer again and post a new topic.

Most of the infection is removed by now.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  explorer.exe
  svchost.exe
  userinit.exe
  qmgr.dll
  ws2_32.dll
  proquota.exe
  imm32.dll
  kernel32.dll
  ndis.sys
  autochk.exe
  spoolsv.exe
  xmlprov.dll
  ntmssvc.dll
  mswsock.dll
  Beep.SYS
  ntfs.sys
  termsrv.dll
  sfcfiles.dll
  st3shark.sys
  ahcix86.sys
  srsvc.dll
  nvrd32.sys
  /md5stop
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

I think I made a mistake! When I double-clicked to open OTL on my desktop, since it didn't start doing anything immediately and seemed to be waiting on me, I pasted in the custom scan information and clicked Quick Scan.
I realized that I was supposed to "Run Scan" (i.e. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.)

Should I ignore or erase what has taken place and start over at the point that I "Run Scan" ?

I stopped the scan via the Task Manager. I am going to start over now and run it properly.

Once again I did it wrong; plus I left out two lines in the copy/paste of info for Custom Scan.

I am now about to open OTL (with all windows/applications closed, including this one) paste the correct info in the custom scan area and hit Quick Scan. After that I will Edit/Copy, Edit/Paste the OTL.txt. and Extras notepads that will be produced as a result of this.

If any of what I just said is incorrect, please let me know. Thank you

Looks fine. Just post when it's finished.

Upon pasting the message into this post, it says that the message posted was too big. Using the Edit/Select All method, there is no way to paste it by portion. How would you like me to place it here now?

Try to upload the text file to http://www.rapidshare.com

then post the download link here, please.

There is an upload tutorial on the site, in case you are lost.

To get the download link do I send it to myself?

Nevermind, this question is no longer valid.

Last edited by Kirbie on 22nd March 2010, 7:12 pm; edited 1 time in total (Reason for editing : No longer valid)

http://rapidshare.com/files/366818959/OTL.Txt.html
MD5: ADBBAB6D14FF6AF3D88B54EA1F120D44

http://rapidshare.com/files/366818962/Extras.Txt.html
MD5: B3DED0561F012182EEC805B7FE23D35D

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

• Kiwee Toolbar

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Users\Broadcast\AppData\Local\23755159.dll
  
  :folders
  C:\Users\Broadcast\AppData\Local\QJyrk5wvCU1
  C:\ProgramData\QJyrk5wvCU1
  
  :commands
  [purity]
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

I don't have Add/ Remove in my Control Panel so I chose "Programs" and then Programs and Features which gave me a list of programs on my pc that I could change or uninstall.

In that listing, I did not see Kiwee Toolbar but I am pretty sure it's on here because I see the window pop out of the bottom right corner and I can see the toolbar in my webpage at this very moment.

I see Kiwee Toolbar checked when I click View, then Toolbars in my web browser.

After doing the above fix, do this fix, please.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :otl
  FF - prefs.js..browser.search.selectedEngine: "Kiwee Live Search"
  FF - prefs.js..extensions.enabledItems: toolbar@kiwee.com:1.0
  FF - prefs.js..keyword.URL: "http://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q="
  FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.9.201\firefox [2009/07/07 12:55:45 | 000,000,000 | ---D | M]
  O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)
  O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)
  O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)
  
  :files
  C:\Users\Broadcast\AppData\Roaming\Mozilla\FireFox\Profiles\07vm14rp.default\searchplugins\kiwee-live-search.xml
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

The 1st fix that I was running said that a problem cause OTL to close and it had to stop the program. After it closed, I clicked to open it again and the notepad that popped up basically said to reboot. There were two sentences there about problems and errors I think that would fix upon reboot. So that is what I did. I'm not sure if that was the notepad that I should have pasted here or not, because the program did stop running and it did not create itself like it usually does after a scan is complete. Please advise. Upon reboot, I am still getting this window everytime about Windows Defender(is that a virus?).

If OTL will not work, then please go to Control Panel > Programs and Features and uninstall Kiwee Toolbar. It is spyware/adware.

For Windows Defender error, let's do this.

Please open Notepad and enter in the following:

@echo off
echo Now doing DLL cleanup. If you do not want this, exit now...
pause
echo DLL Cleanup > dllcleanup.txt
regsvr32 /u wuapi.dll >> dllcleanup.txt
regsvr32 /u wuaueng.dll >> dllcleanup.txt
regsvr32 /u wucltui.dll >> dllcleanup.txt
regsvr32 /u wups.dll >> dllcleanup.txt
regsvr32 /u wuweb.dll >> dllcleanup.txt
regsvr32 /u atl.dll >> dllcleanup.txt
regsvr32 /u softpub.dll >> dllcleanup.txt
regsvr32 /u wintrust.dll >> dllcleanup.txt
regsvr32 /u initpki.dll >> dllcleanup.txt
regsvr32 /u mssip32.dll >> dllcleanup.txt
pause
regsvr32 /s wuapi.dll >> dllcleanup.txt
regsvr32 /s wuaueng.dll >> dllcleanup.txt
regsvr32 /s wucltui.dll >> dllcleanup.txt
regsvr32 /s wups.dll >> dllcleanup.txt
regsvr32 /s wuweb.dll >> dllcleanup.txt
regsvr32 /s atl.dll >> dllcleanup.txt
regsvr32 /s softpub.dll >> dllcleanup.txt
regsvr32 /s wintrust.dll >> dllcleanup.txt
regsvr32 /s initpki.dll >> dllcleanup.txt
regsvr32 /s mssip32.dll >> dllcleanup.txt
echo (((((( EOF )))))) >> dllcleanup.txt
start dllcleanup.txt
pause
delete dllcleanup.bat

Then, click File > Save as...
Save as dllcleanup.bat to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on dllcleanup.bat, and it will finish quickly and launch a log.

Please post that in your next reply.

Last edited by DragonMaster Jay on 25th March 2010, 7:07 pm; edited 1 time in total

I do not have "Programs and Features" in my control panel, nor do I have "Add/Remove" Programs. So I typically go to control panel and choose "Programs".


Unfortunately, Kiwee does not show up in that list no matter how many times I view it. I went to their website using the toolbar above and found their uninstall instructions, which are basically what you told me to do, but using Add/Remove. There is a second option that they provided in event that the first doesn't work. I have pasted that below. Do you suggest I go that route?

Kiwee Toolbar : Updating / Removing the Kiwee Toolbar
How do I uninstall the Toolbar?
To uninstall the Kiwee Toolbar simply follow these steps:

1. Open the Windows Control Panel
2. Select "Add / Remove Programs" (Vista/Win 7-Programs, and then Programs and Features)
3. Select the Kiwee Toolbar from the list of installed applications
4. Click on the "Remove" button
5. Once the Kiwee Toolbar Uninstaller launches, follow the on screen prompts


If that doesn't work, here's Plan B:

1. close your Internet Explorer and Mozilla Firefox sessions and your messenger applications; hit CTRL+SHIFT+ESC to open Task Manager, highlight the kwtbaim.exe process and click "end process". Then close the task manager.
2. check your Control Panel for any Kiwee entries and delete all the ones you find
3. go to C:\Program Files and delete the AGI folder
4. go to C:\Documents and Settings\All Users\Application Data\agi (it may be located under C:\Users\(your PC name)and make sure that no folders exist for Kiwee; if one does, delete it. If you don't see an entry for Application Data, you will need to do the following go to Tools -> Folder Options-> View tab and make sure that the first 7 options under Files and Folders are checked. Then go to the Hidden Files and Folders menu and make sure that the radio button for "Show Hidden Files and Folders" is clicked and that the Hide extensions for known file types and Hide protected operating system files (Recommended) are not checked.

Once you follow these steps, you should be able to see all Application Folders.

5. go to C:\Documents and Settings\Guest\Application Data\AGI (it may be located under C:\Users\(your PC name) and make sure that no folder exists for Kiwee; if one does, delete it.

For Windows Vista and Windows 7 you need to make sure you're logged in as Admin and click continue when the system asks for permissions to proceed. Only as Admin you have rights to access and modify files and folders on drive C.

This will remove Kiwee toolbar completely from your computer. The toolbar we provide is both spyware and malware free and there is no virus associated with it, so it's perfectly safe to use on a computer that meets the minimal system requirements. We hope you'll join us again in the future.

You can try it if you like.

DLL Cleanup gave me these responses in this order.







Then it produced a notepad called DLL cleanup which only said : "DLL Cleanup" and another document titled dllcleanup.txtv

Please download Fix Windows Update by Ramesh Kumar and save to your Desktop.

• Extract it to your Desktop.
  
• Then, double-click on the program and click the Fix Windows Update button.
  
• Reboot your computer and see if it will work now.

Did that and I went the same thing as last time, but when I clicked "ok" through all the errors that kept popping up like before, the end result was a notepad document with this:

DLL Cleanup
(((((( EOF ))))))

Now, test to see if it will update.

Excuse me if I seem a little slow, but I have gotten confused in the midst of all of my issues popping up. What exactly am I checking now?

Whether Windows Defender will update or not?

Same windows defender message upon start-up The uninstall for Kiwee couldn't be done because that process was not found in the task manager either.

Would you like to use a different anti-spyware program?

I don't care at all. I didn't install anything on this computer in the beginning. Those things are typically done by my husband or step-son, however neither of them are in town, so whatever you tell me to do that is going to make this thing virus free and safe is what is going to happen. And there will be no complaints from anyone! This is my means of work and communication; even my phone is attached to my computer, so PLEASE fire away! If it works, let's do it.

Try to download and install Ad-Aware: http://www.lavasoft.com/products/ad_aware_free.php

The Ad-Aware Plus that is on their site seems like it may be good. Both the Ad-Aware Free and Plus require me to complete some form of financial offer on their site to get the software for free. Since that is the case, is the Plus a better candidate to do the financial offer for or is the regular one better for my computer?

Just the free version will work well.

But, that is up to you.

My confusion lies in the fact that BOTH are "free", but according to the site, I must make a purchase by completing an offer first.

The gray download button is for the "real" free version.

The Ad-Aware Plus is on a "Trial-Pay" marketing technique. It is quite weird.

Here is a better download link for only the free version:
http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

All done!

Good.

Anything I'm supposed to do now?