Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

windows explorer hijack?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: windows explorer hijack?

Unread postby miguelvillafana » February 17th, 2009, 5:03 pm

sorry for the harried state of my messages.

The injured pc in question belongs to my family. They're not the most internet-saavy type folks, and in addition have a lot of family vids/pics stored there.

If it seems like I'm dumping on you, I really apologize. My folks are doing worse to me!

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm
Advertisement
Register to Remove

Re: windows explorer hijack?

Unread postby miguelvillafana » February 17th, 2009, 5:29 pm

Hi Carolyn,

I was able to download and run rooter... Btw, under normal mode, am I supposed to have internet access, or not?

Miguel V.

ps--You asked me earlier if there were anything else fishy w/the infected machine. The desktop is very, very slow, but I suspect that might have something to do with the fact it is now nearly 5 years old... I'll need to run a disk cleanup as soon as soon as the desktop's fixed...

**********

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Award Medallion BIOS v6.0
USER : BELLA ( Administrator )
BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:16 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:57 Go)

02/17/09|16:18

----------------------\\ Search..

No infections found !


1 - "C:\Rooter$\Rooter_1.txt" - 02/17/09|16:20

----------------------\\ Scan completed at 16:20
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby Carolyn » February 17th, 2009, 6:27 pm

You're not dumping on me at all. I am here to help you sort these computer issues out. ;)

Btw, under normal mode, am I supposed to have internet access, or not?


Yes, you should be able to access the internet in normal mode. Are you not able to do so, and if not are you using Safe Mode to access the Internet or are you using another computer?

Have you tried anything on your own to fix the problem like System Restore or booting the computer using Last Known Good Configuration?

Do you know what the program Support Actions WinXP is? I am unable to find anything about it.

If needed, do you have access to the Windows XP CD?

=================

Registry Cleaners

I notice the presence of Uniblue RegistryBooster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html


Using Task Manager, please run appwiz.cpl to open Add/Remove Programs.

In Add/Remove Programs, please uninstall the following:
  • USB Disk Win98 Driver
  • Uniblue RegistryBooster 2

Close Add/Remove Programs and reboot your computer.

=================

  1. Please download OTViewIt and save it to your desktop.
  2. Using Task Manager, run OTViewIt.exe.
  3. Click on the Run Scan button at the top left hand corner.
  4. OTViewIt will start running. When done, 2 Notepad files will open. Please post the contents of these 2 files in your next reply. 1 log per reply please.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: windows explorer hijack?

Unread postby miguelvillafana » February 19th, 2009, 11:48 am

Hi Carolyn,

Sorry for taking so long to respond. I have two jobs, as well as juggling a lot of responsibilities here at home. I'm doing this computer repair thing using two machines. I'm corresponding via my laptop (which is just fine thank you very much:):) as well as working on the actual sick pc...

I'll be right back,

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby miguelvillafana » February 19th, 2009, 11:51 am

I thought about the system restore thing, but I haven't seen the xp cd in ages. In addition, I thought about the booting back to the last known good configuration, but don't know how that'll work and/or if the last known config goes back before this bug, or afterward...

I hope this works, and we can go from there--

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby Carolyn » February 19th, 2009, 12:06 pm

Real life comes first Miguel. Thank you for keeping me updated :thumbup:
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: windows explorer hijack?

Unread postby miguelvillafana » February 19th, 2009, 12:56 pm

Ok, extras.txt

**********

OTViewIt Extras logfile created on: 02/19/09 11:53:29 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\BELLA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

479.53 Mb Total Physical Memory | 168.02 Mb Available Physical Memory | 35.04% Memory free
1.83 Gb Paging File | 1.51 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;D:\pagefile.sys 750 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 0.70 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive D: | 58.56 Gb Total Space | 57.71 Gb Free Space | 98.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-CB7D4C82
Current User Name: BELLA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=0
"AntiVirusDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
[2009/02/12 08:12:21 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox
[2003/05/30 16:13:08 | 04,218,880 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable
[2008/09/14 03:20:48 | 00,094,208 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
[2008/10/04 19:22:53 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007/01/19 12:49:28 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/01/08 18:42:32 | 00,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\BELLA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2009/01/12 19:17:50 | 03,782,128 | ---- | M] (Google) -- C:\Documents and Settings\BELLA\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/01/12 18:10:32 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\BELLA\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/01/30 12:41:44 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/01/30 12:38:12 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2009/01/30 12:42:05 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/11/07 14:31:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}"=Zune Language Pack (FR)
"{0125AA92-F44D-4DB3-8B98-2F14A7B9ACB1}"=Experience Vaio
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}"=Scan
"{0ED47137-C071-46CC-A243-E5E33271E10E}"=Windows Live Sign-in Assistant
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}"=OpenMG Secure Module 3.1
"{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}"=ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}"=HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}"=Fax
"{197A2B90-A998-4603-9B25-2B7D7CC0060E}"=Screenblast Sound Forge 1.0b
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}"=InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}"=Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}"=VAIO Media 2.0
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}"=TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{21CF3E6E-1659-433E-B6CE-165D793560DA}"=VAIO Grid Wallpaper
"{272EC8BA-5A08-4ea1-A189-684466A06B02}"=cp_dwShrek2Albums1
"{27C5164D-ED0E-4D64-B788-93305BD62100}"=PictureGear Studio 1.0
"{29F61465-428A-11D4-B646-00C04F790F76}"=DVgate
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}"=Unload
"{30642CE1-217B-40C0-92E2-6BF849599D9E}"=Network Smart Capture
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}"=HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}"=CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}"=ProductContext
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}"=Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}"=VAIO Action Setup
"{3E908702-AF35-4611-9518-955DA24B7E07}"=Microsoft XML Parser and SDK
"{442BE28B-782B-4DC0-B490-E70A403B1C69}"=Readme
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}"=Support Actions WinXP
"{500CE39A-DC17-44EE-8EAD-E0416B16F0BC}"=ImageStation Tour
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{57E86046-AED3-4846-A177-E1BF064F75A2}"=Microsoft Tool Web Package:INUSE.EXE
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5E8D588F-307C-4250-B622-26969027319A}"=PanoStandAlone
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}"=VAIO Help & Support
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}"=CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}"=PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}"=AiO_Scan
"{662E1348-3D8D-4BCE-B345-BF7EB40308FD}"=Screenblast ACID 2.0a
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}"=Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}"=Sony DV Shared Library
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}"=BufferChm
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}"=VAIO Media Installer 2.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}"=SonicStage 1.5.00
"{72275927-4241-46A7-A9C4-B86C6B256EB6}"=ImageStation Demo
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}"=cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{761C9026-14F0-4352-8658-934558272404}"=VAIO Edit Components LE
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}"=HPSystemDiagnostics
"{802EF464-4992-42B3-8434-45151AD3C933}"=VAIO Serenus Wallpaper
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}"=SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}"=AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}"=DocProc
"{8C5FAD77-F678-4758-A296-C12F08D179E0}"=Microsoft IntelliPoint 6.2
"{8E1A8479-D871-4573-AA8C-90BF0338B242}"=VAIO Media Photo Server 2.0
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{92271486-E286-4CF1-AE6D-F889F83CBF84}"=Opera 9.61
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{937B232D-9776-471E-92BD-D424E514EF14}"=Logitech QuickCam
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}"=Mavis Beacon Teaches Typing 15
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}"=CP_AtenaShokunin1Config
"{AA14D661-8B7A-4A8F-B093-405C160178AF}"=VAIO Registration
"{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B}"=DV Network Software
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}"=VAIO Brezza Wallpaper
"{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}"=Google Talk Plugin
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B911B811-BA3E-46D4-90F8-6F3338359651}"=Director
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}"=WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}"=DocumentViewer
"{D0448678-1203-4158-A58F-B3D0B616BF9E}"=Sony Certificate PCH
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}"=LP_Flash
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}"=MovieShaker 3.3
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}"=VAIO Media Platform 2.0
"{DF733005-0F40-11D6-9254-0000F460E7A9}"=VAIO Media Music Server 2.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}"=Zune Language Pack (ES)
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}"=CreativeProjectsTemplates
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}"=Zune
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0"=Adobe Photoshop Elements
"AVG8Uninstall"=AVG Free 8.0
"BellSouth"=BellSouth FastAccess DSL Help Center
"BellSouth Application Management"=BellSouth Application Management
"FLV Player"=FLV Player 2.0, build 24
"FLV Player_is1"=FLV Player 2.2.4
"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00
"GOM Player"=GOM Player
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.7
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"InstallShield_{AA14D661-8B7A-4A8F-B093-405C160178AF}"=VAIO Registration
"InstallShield_{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B}"=DV Network Software
"Lucent Technologies Soft Modem"=Lucent Technologies Soft Modem AMR
"lvdrivers_11.90"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Motion JPEG Software Decoder"=Motion JPEG Software Decoder
"Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"RealPlayer 6.0"=RealPlayer
"SiS Compatible VGA V2.09a"=SiS Compatible VGA V2.09a
"SystemRequirementsLab"=System Requirements Lab
"VAIO Support"=VAIO Support
"VLC media player"=VLC media player 0.9.2
"Wdf01007"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Zune"=Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"GoToMeeting"=GoToMeeting/GoToWebinar 3.0.0.198
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/27/09 11:09:42 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 01/28/09 5:11:02 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 01/30/09 7:00:35 AM | Computer Name = VALUED-CB7D4C82 | Source = Application Hang | ID = 1002
Description = Hanging application opera.exe, version 9.61.10463.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/30/09 12:35:55 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/17/09 12:58:40 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/17/09 1:59:00 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/17/09 2:58:36 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/17/09 5:51:52 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/19/09 11:28:43 AM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

Error - 02/19/09 12:41:06 PM | Computer Name = VALUED-CB7D4C82 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 02/17/09 5:18:04 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Cdrom DMICall Fips Imapi intelppm IPSec mchInjDrv MRxSmb NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 02/17/09 5:21:26 PM | Computer Name = VALUED-CB7D4C82 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 02/17/09 5:23:07 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi

Error - 02/19/09 12:13:14 PM | Computer Name = VALUED-CB7D4C82 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi


< End of report >
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby miguelvillafana » February 19th, 2009, 12:58 pm

otviewit.txt report...

Back later today!

Miguel V.

**********OTViewIt logfile created on: 02/19/09 11:53:29 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\BELLA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

479.53 Mb Total Physical Memory | 168.02 Mb Available Physical Memory | 35.04% Memory free
1.83 Gb Paging File | 1.51 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;D:\pagefile.sys 750 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 0.70 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive D: | 58.56 Gb Total Space | 57.71 Gb Free Space | 98.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-CB7D4C82
Current User Name: BELLA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/01/30 12:41:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/12 09:10:55 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
[2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2007/12/24 16:50:22 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2002/07/24 14:21:04 | 00,372,806 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
[2009/01/30 12:42:27 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/01/30 12:42:23 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2002/07/17 22:02:44 | 00,462,848 | ---- | M] () -- C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
[2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
[2009/01/30 12:41:44 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
[2002/07/24 21:55:16 | 00,581,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
[2002/07/24 21:55:16 | 00,581,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
[2009/01/30 12:42:25 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2008/09/02 21:48:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\BELLA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/12/14 12:06:52 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2009/02/19 11:53:07 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLA\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/01/30 12:41:44 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2009/01/30 12:41:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/12 09:10:55 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2002/07/16 07:16:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/12/24 16:50:22 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2002/07/23 07:45:12 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2002/07/24 14:21:04 | 00,372,806 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer [Auto | Running])
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP [Auto | Running])
[2002/07/24 21:55:16 | 00,581,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP [Auto | Running])
[2002/07/17 22:02:44 | 00,462,848 | ---- | M] () -- C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer [Auto | Running])
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP [Auto | Running])
[2002/07/24 21:55:16 | 00,581,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
[2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
[2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services ==========

[1999/09/10 06:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
[2008/12/26 23:45:02 | 00,006,656 | ---- | M] () -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2008/12/26 23:43:48 | 00,006,656 | ---- | M] () -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2009/01/30 12:42:26 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/01/30 12:42:26 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/01/30 12:42:09 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [System | Running])
[2008/12/17 01:02:06 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2007/01/19 11:46:10 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2007/01/19 11:46:10 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2007/01/19 11:46:12 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2002/07/20 11:22:30 | 00,815,819 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem [On_Demand | Running])
[2008/12/16 21:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/12/17 01:00:12 | 00,768,024 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS [On_Demand | Stopped])
[2008/12/17 01:01:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2008/12/17 01:01:42 | 06,364,440 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2008/01/06 11:13:28 | 00,002,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\mchInjDrv.sys -- (mchInjDrv [System | Running])
[2002/07/16 07:16:00 | 00,981,466 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2007/02/03 10:27:56 | 00,490,784 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2007/08/21 00:13:00 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2002/04/18 04:02:00 | 00,016,288 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/02/25 11:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2002/06/13 14:37:16 | 00,045,568 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Stopped])
[2002/07/24 20:56:18 | 00,205,696 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Running])
[2002/05/22 18:11:08 | 00,027,392 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2002/04/03 20:51:34 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp [System | Running])
[2002/08/02 13:56:00 | 00,590,464 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\soma.sys -- (soma [On_Demand | Stopped])
[2002/07/03 19:50:36 | 00,031,586 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS [On_Demand | Running])
[2004/05/18 10:23:04 | 00,025,749 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/09 17:26:02 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv [On_Demand | Stopped])
[2008/03/27 16:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2002/07/19 15:25:58 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Running])
[2008/01/24 14:08:54 | 00,019,336 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2008/01/24 14:09:04 | 00,028,168 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2008/01/24 14:09:24 | 00,014,728 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2008/01/24 14:09:34 | 00,048,904 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (222407 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
7806 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} (HKLM) -- C:\Program Files\blstoolbar\blstoolbar.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}" (HKLM) -- C:\Program Files\blstoolbar\blstoolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}" (HKLM) -- C:\Program Files\blstoolbar\blstoolbar.dll ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"LTSMMSG"=LTSMMSG.exe (Lucent Technologies)
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SiS Tray"= File not found
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper (BellSouth)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\BELLA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"123"=C:\WINDOWS\DelToolbox.bat ()

========== (O4) Startup Folders ==========

[2000/10/11 18:08:00 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/11/04 19:50:52 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2002/07/02 23:28:24 | 00,040,960 | ---- | M] (Sony Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
[2008/11/07 14:56:10 | 00,517,384 | ---- | M] (Leader Technologies/Logitech) -- C:\Documents and Settings\BELLA\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Yahoo! Search: File not found
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/08/01 19:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
compuserve.com: * is out of zone range (5)
compuserve.com\objects: * is out of zone range (0)
kaspersky.com\www: http in My Computer
microsoft.com\*.update: http in My Computer
microsoft.com\*.update: https in Local intranet
microsoft.com\update: http in My Computer
microsoft.com\windowsupdate: http in My Computer
microsoft.com\www.update: http in My Computer
windowsupdate.com\download: http in My Computer
35 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02CF1781-EA91-4FA5-A200-646E8241987C}: http://esupport.sony.com/VaioInfo.CAB -- VaioInfo.CMClass
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/house ... hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/ ... mv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftup ... 2459300968 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
Yahoo! Pool 2: http://download2.games.yahoo.com/games/ ... poti_x.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{09A6116E-5382-4919-942D-8B7393CE205C} (Servers: | Description: )
{1064845E-C9AD-41D2-9159-26BFC68B0347} (Servers: | Description: 1394 Net Adapter)
{C0B22912-36BB-4A5F-AFBD-35A0691AB843} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
klogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
explorer.exe:"Debugger" = C:\Program Files\Microsoft Common\svchost.exe File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/08/03 10:18:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34a7b89b-d1b8-11db-b822-00038a000011}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34a7b89b-d1b8-11db-b822-00038a000011}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34a7b89b-d1b8-11db-b822-00038a000011}\Shell\Explore\command]
""=H:\system.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34a7b89b-d1b8-11db-b822-00038a000011}\Shell\Open\command]
""=H:\system.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66eab789-bccb-11dc-b84b-00e018b9eabc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66eab789-bccb-11dc-b84b-00e018b9eabc}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66eab789-bccb-11dc-b84b-00e018b9eabc}\Shell\Explore\command]
""=I:\system.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66eab789-bccb-11dc-b84b-00e018b9eabc}\Shell\Open\command]
""=I:\system.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/19 11:52:49 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BELLA\Desktop\OTViewIt.exe
[2009/02/19 11:08:05 | 00,000,053 | ---- | C] () -- C:\WINDOWS\DelToolbox.bat
[2009/02/17 16:22:20 | 50,289,4592 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/17 16:18:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/02/17 16:13:51 | 00,268,052 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\Rooter.exe
[2009/02/17 13:39:03 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\BELLA\My Documents\gmer.zip
[2009/02/17 13:37:21 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\gmer.zip
[2009/02/17 13:33:52 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\dds.scr
[2009/02/11 19:15:43 | 00,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\BELLA\Desktop\StartUpLite.exe
[2009/02/11 19:04:14 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\HijackThis.lnk
[2009/02/11 19:02:31 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\BELLA\Desktop\HJTInstall.exe
[2009/02/11 19:02:01 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\HiJackThis.zip
[2009/01/30 12:58:08 | 00,000,114 | ---- | C] () -- C:\Documents and Settings\BELLA\My Documents\shellfix.reg
[2009/01/30 11:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\USB Disk Win98 Driver
[2009/01/30 11:41:28 | 01,486,973 | ---- | C] () -- C:\Documents and Settings\BELLA\Desktop\Windows 98SE-ME Drivers for MW3847.zip
[2009/01/30 08:36:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/01/29 18:03:39 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/01/29 18:03:38 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/01/29 18:03:37 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/01/29 18:03:30 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/01/29 18:03:27 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/01/29 18:03:15 | 33,229,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/29 18:03:15 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/01/29 18:03:15 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/01/29 18:03:15 | 00,108,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/29 18:03:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/01/24 09:44:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/01/23 23:41:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLA\Application Data\OpenOffice.org
[2009/01/23 23:28:06 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/01/23 23:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/01/23 20:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLA\Local Settings\Application Data\Deployment

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/02/19 11:53:07 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLA\Desktop\OTViewIt.exe
[2009/02/19 11:17:07 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8726A76-E3AC-4D6F-8C87-A4358E07678D}.job
[2009/02/19 11:15:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/19 11:12:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/19 11:12:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/19 11:12:36 | 50,289,4592 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/19 11:08:05 | 00,000,053 | ---- | M] () -- C:\WINDOWS\DelToolbox.bat
[2009/02/17 16:13:51 | 00,268,052 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\Rooter.exe
[2009/02/17 16:09:29 | 33,229,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/17 13:39:03 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\BELLA\My Documents\gmer.zip
[2009/02/17 13:37:49 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\gmer.zip
[2009/02/17 13:34:12 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\dds.scr
[2009/02/16 15:19:05 | 00,108,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/12 18:29:12 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/11 21:03:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 19:15:43 | 00,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\BELLA\Desktop\StartUpLite.exe
[2009/02/11 19:04:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\HijackThis.lnk
[2009/02/11 19:02:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\BELLA\Desktop\HJTInstall.exe
[2009/02/11 19:02:07 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\HiJackThis.zip
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/30 17:28:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/01/30 17:28:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/01/30 12:58:32 | 00,000,114 | ---- | M] () -- C:\Documents and Settings\BELLA\My Documents\shellfix.reg
[2009/01/30 12:42:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/01/30 12:42:26 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/01/30 12:42:26 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/01/30 12:42:09 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/01/30 11:59:07 | 00,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/30 11:41:45 | 01,486,973 | ---- | M] () -- C:\Documents and Settings\BELLA\Desktop\Windows 98SE-ME Drivers for MW3847.zip
[2009/01/29 18:19:49 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/01/29 18:03:39 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/01/29 18:03:15 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/01/29 08:17:38 | 00,032,840 | ---- | M] () -- C:\Documents and Settings\BELLA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/26 09:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2009/01/25 20:40:19 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\BELLA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 22:49:16 | 00,477,186 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/23 22:49:16 | 00,406,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/23 22:49:16 | 00,063,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/21 20:26:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/21 20:26:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/21 14:34:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/21 14:34:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/21 10:02:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/21 10:02:29 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
< End of report >
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby Carolyn » February 19th, 2009, 6:45 pm

Hi Miguel,

Your system drive is dangerously low on free space.

Drive C: | 16.00 Gb Total Space | 0.70 Gb Free Space | 4.40% Space Free | Partition Type: NTFS


The partition with the system needs at least 15% Free Space, or the computer will bog down and run very slowly - even crash.

This may be the reason the computer is unable to load the desktop.

=====================================================

This link will show you how to create a Ubuntu boot cd and use it to move files off that system drive

http://www.howtogeek.com/howto/windows- ... -computer/

Nows the time to move those family photos, etc, off the C: drive. There is 57.71 Gb free on the D: drive, you can transfer the files there or you can move the files to CD's or Flash Drives.

=====================================================

After you free up at least 15% free space on the C: drive, please do the following:

----------------------------------------------------------
Download and Install CCleaner

* Download CCleaner from here
* Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
* Click OK
* Click Next
* Click I agree
* Click Next
* Click Install
* Once the installation has finished, click Finish

-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
* Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
* Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Check Only delete files in Windows Temp folders older than 48 hours.
* Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run Ccleaner when computer starts.

-----------------------------------------------------------

Please post a fresh OTViewIt log and let me know how the computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: windows explorer hijack?

Unread postby miguelvillafana » February 20th, 2009, 1:02 am

Hi Carolyn,

I never considered the fact that a nearly-full hd might cause explorer.exe and/or other programs to not load... Is that possible, though? I specifically clicked on it from within the taskbar manager, and a message about it not being able to run came up... Could that be somehow tied to memory availability? Or is there still the possibility of a virus/worm in the system?

I'll try to migrate files from drive c: to d: over the next few hours or so. I really, really am not excited about the ubuntu thingy, but if you think that'll help then so be it...

Good night!

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby Carolyn » February 20th, 2009, 7:36 am

miguelvillafana wrote:Hi Carolyn,

I never considered the fact that a nearly-full hd might cause explorer.exe and/or other programs to not load... Is that possible, though? I specifically clicked on it from within the taskbar manager, and a message about it not being able to run came up... Could that be somehow tied to memory availability? Or is there still the possibility of a virus/worm in the system?

I'll try to migrate files from drive c: to d: over the next few hours or so. I really, really am not excited about the ubuntu thingy, but if you think that'll help then so be it...

Good night!

Miguel V.



It is still possible that the computer is infected, and we should certainly run additional scans to determine if that is the case - but first you need to clean up that system drive so that there is adequate free space available.

While using the Ubunto Boot CD sounds like strange territory, it is perfectly safe to use, the tutorial on that link is very easy to follow, and it will make transferring those files a breeze - without explorer, backing up files is going to be a real drag. Give Ubunto a try - I think when you are finished transferring the files you'll be thinking, Wow - that was cool.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: windows explorer hijack?

Unread postby miguelvillafana » February 22nd, 2009, 12:02 am

Hi Carolyn,

I'm still working on freeing up space on the desktop pc. It's almost 5 years old, and has a LOT of files/programs that I didn't even know existed. I'm going to try to free up at least 20% of the memory on this system, and then get back to you. I'm a bit intimidated about the ubuntu thing, but will do that after I free up more memory...

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby miguelvillafana » February 22nd, 2009, 12:59 am

By the way, is there a command line prompt (a la appwiz.cpl) to run the disk defragmenter program? I don't think this pc's ever been defragmented, and I think that might help things a bit--

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: windows explorer hijack?

Unread postby Carolyn » February 22nd, 2009, 7:49 am

I don't think you should defrag the drive at this time.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: windows explorer hijack?

Unread postby miguelvillafana » February 22nd, 2009, 8:01 pm

Hi Carolyn,

I've cleared up about 22% of C: drive. I'll clear much more after restoring the desktop, but in any case--

I have just downloaded ccleaner. Per your instructions, I've unchecked all the checked boxes in the registry button... More in just a bit!

Miguel V.

ps--I think I know the answer to the question but just in case, should I leave any of the "registry integrity" boxes checked?
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware