Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

keepgetting redirected when i search with google, my log for otl scan


  • This topic is locked This topic is locked

#1
agz666

agz666

    New Member

  • Member
  • Pip
  • 2 posts
OTL logfile created on: 7/24/2011 1:21:15 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 106.05 Mb Available Physical Memory | 20.74% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 4.57 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 128.71 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

Computer Name: AGGZ | User Name: AGzZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 01:20:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\system32\nddenb3232.exe
PRC - [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\system32\ativvaxx32.exe
PRC - [2009/08/22 03:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 01:20:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/08/22 03:28:14 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nddenb3232.exe -- (stisvc32) Windows Image Acquisition (WIA)
SRV - [2009/08/22 03:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/10/21 01:00:56 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2003/10/21 01:00:14 | 000,925,696 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/10/21 01:00:08 | 000,503,897 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/07/28 21:31:14 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/06/25 02:50:26 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110722.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/06/20 03:38:40 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110723.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/20 03:38:40 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/20 03:38:40 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110723.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/05 03:07:16 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/27 19:10:25 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 03:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:28:17 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 03:28:17 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/21 09:11:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 15:11:17 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 15:11:17 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2003/11/16 01:40:34 | 000,621,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 15:20:54 | 000,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 14:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EE 5B A1 01 89 6E A0 44 8F 29 9C B5 7A 40 3A CF [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 15:28:04 | 000,000,000 | ---D | M]

[2010/04/29 19:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGzZ\Application Data\Mozilla\Extensions
[2010/04/29 19:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGzZ\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01A15BEE-6E89-44A0-8F29-9CB57A403ACf} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Symantec NetDriver Warning] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\AGzZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AGzZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/01 21:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 02:12:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/22 13:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGzZ\Application Data\Malwarebytes
[2011/07/22 13:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/19 23:20:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AGzZ\IECompatCache
[2011/07/07 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGzZ\Application Data\Sony Corporation
[2011/06/30 00:04:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AGzZ\PrivacIE
[2011/06/30 00:03:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AGzZ\IETldCache
[2011/06/29 23:49:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/29 23:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGzZ\Local Settings\Application Data\Yahoo
[2011/06/29 23:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/06/29 23:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGzZ\Application Data\Yahoo!
[2011/06/29 23:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/29 23:40:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\AGzZ\Desktop\*.tmp files -> C:\Documents and Settings\AGzZ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\AGzZ\*.tmp files -> C:\Documents and Settings\AGzZ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 15:03:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 14:04:16 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\AGzZ\Desktop\Shortcut to TDSSKiller.lnk
[2011/07/23 13:54:42 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 13:54:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 13:54:02 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/21 13:25:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\1040578208
[2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\System32\nddenb3232.exe
[2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/07/21 13:25:36 | 000,357,376 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/07/19 01:01:12 | 000,006,332 | ---- | M] () -- C:\Documents and Settings\AGzZ\Application Data\875A.28D
[2011/07/14 09:34:22 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 22:39:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/07 16:33:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/30 00:03:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\AGzZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\AGzZ\Desktop\*.tmp files -> C:\Documents and Settings\AGzZ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\AGzZ\*.tmp files -> C:\Documents and Settings\AGzZ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 14:04:16 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\AGzZ\Desktop\Shortcut to TDSSKiller.lnk
[2011/07/21 13:25:42 | 000,568,320 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/07/21 13:25:41 | 000,568,320 | ---- | C] () -- C:\WINDOWS\System32\nddenb3232.exe
[2011/07/21 13:25:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\1040578208
[2011/07/21 13:25:36 | 000,357,376 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/07/18 15:00:01 | 000,006,332 | ---- | C] () -- C:\Documents and Settings\AGzZ\Application Data\875A.28D
[2011/07/07 19:24:50 | 000,043,851 | ---- | C] () -- C:\Documents and Settings\AGzZ\My Documents\018.JPG
[2010/10/27 17:08:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\AGzZ\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/27 17:03:19 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/08 13:10:50 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\AGzZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/22 19:50:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/07/20 05:40:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/20 05:37:37 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2003/12/02 16:44:25 | 000,000,890 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/02 16:41:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/12/02 16:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/02 16:39:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/12/02 16:38:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/12/02 16:37:24 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/02 16:03:45 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/02 16:01:48 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/02 16:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 15:49:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2003/12/01 21:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/01 21:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/01 21:37:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/01 21:34:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/01 20:28:56 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/01 20:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/01 20:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/01 20:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/01 20:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/12/01 20:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/01 20:28:21 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/01 20:28:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/01 20:28:21 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/01 20:28:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/01 20:28:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/01 20:28:20 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/01 20:28:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/01 20:28:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/01 20:28:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/01 20:28:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/01 20:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/01 13:32:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/01 13:31:42 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/23 12:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2002/11/14 16:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 16:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 16:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 16:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 16:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/08/06 15:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 21:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

========== LOP Check ==========

[2011/04/08 03:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGzZ\Application Data\FrostWire
[2009/08/04 22:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGzZ\Application Data\InterVideo
[2010/12/27 17:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGzZ\Application Data\PriceGong
[2010/11/01 17:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\21D4
[2010/04/27 15:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/04 08:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

< End of report >
  • 0

Advertisements


#2
agz666

agz666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
this was in extra log

OTL Extras logfile created on: 7/24/2011 1:21:15 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 106.05 Mb Available Physical Memory | 20.74% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 4.57 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 128.71 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

Computer Name: AGGZ | User Name: AGzZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module -- (Support.com, Inc.)
"D:\LimeWire\LimeWire.exe" = D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"D:\uTorrent.exe" = D:\uTorrent.exe:*:Enabled:µTorrent
"D:\FrostWire\FrostWire.exe" = D:\FrostWire\FrostWire.exe:*:Enabled:FrostWire


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"MoodLogic" = MoodLogic
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealOne Player
"VAIO Support" = VAIO Support
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2011 12:47:52 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2011 12:47:52 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3922

Error - 1/24/2011 12:47:52 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3922

Error - 1/24/2011 12:47:56 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2011 12:47:56 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7719

Error - 1/24/2011 12:47:56 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7719

Error - 1/24/2011 4:15:03 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2011 4:15:03 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 552453

Error - 1/24/2011 4:15:03 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 552453

Error - 1/28/2011 12:54:09 PM | Computer Name = AGGZ | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:21 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 2:17:22 AM | Computer Name = AGGZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, on completion of this run can you let me know if the redirects are still apparent

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nddenb3232.exe -- (stisvc32) Windows Image Acquisition (WIA)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EE 5B A1 01 89 6E A0 44 8F 29 9C B5 7A 40 3A CF [binary data]
    O2 - BHO: (no name) - {01A15BEE-6E89-44A0-8F29-9CB57A403ACf} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2011/07/21 13:25:42 | 000,000,066 | ---- | M] () -- C:\WINDOWS\System32\1040578208
    [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\System32\nddenb3232.exe
    [2011/07/21 13:25:36 | 000,568,320 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.exe
    [2011/07/21 13:25:36 | 000,357,376 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.dll
    [2011/07/19 01:01:12 | 000,006,332 | ---- | M] () -- C:\Documents and Settings\AGzZ\Application Data\875A.28D

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP