Jump to content


Photo
- - - - -

System is running too slow ... viruses are not detected


  • This topic is locked This topic is locked
4 replies to this topic

#1 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 01 July 2013 - 09:21 AM

here is log file of Hijack this
 
****************************************************************************************************************************
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:47 PM, on 7/1/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\EVDO BROADBAND PTCL\bin\App.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe"  /MINIMIZED
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12C7F3A-70CB-48D6-939A-FA365C28C208}: NameServer = 119.159.255.36 182.176.32.29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe
 
--
End of file - 4261 bytes
 

  • swinainkida, hanson200, Addepttaulp and 3 others like this

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 01 July 2013 - 08:31 PM

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.


 


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 02 July 2013 - 04:41 AM

OTL Extras logfile created on: 7/2/2013 2:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free
2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32
Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
 
Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- (Tonec Inc.)
"C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Disabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"6AF27CD11B617BED2F81E26729D33AF8338D453C" = Windows Driver Package - Hewlett-Packard hp scanjet 3600 series (04/26/2007 9.0.0.0)
"Adobe AIR" = Adobe AIR
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver
"ZTEWireless-101_is1" = EVDO BROADBAND PTCL
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/29/2013 3:04:08 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20
Description =
 
Error - 6/29/2013 3:08:01 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
Error - 6/29/2013 3:08:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
 ID.  The Win32 status returned by the call is the first DWORD in Data section.
 
Error - 6/29/2013 3:11:33 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20
Description =
 
Error - 6/29/2013 5:07:03 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20
Description =
 
Error - 6/29/2013 5:10:43 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
Error - 6/29/2013 5:10:46 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
 ID.  The Win32 status returned by the call is the first DWORD in Data section.
 
Error - 6/29/2013 5:11:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
Error - 6/29/2013 5:11:07 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
 ID.  The Win32 status returned by the call is the first DWORD in Data section.
 
Error - 6/29/2013 7:03:32 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 7/1/2013 9:06:37 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034
Description = The McAfee Validation Trust Protection Service service terminated
unexpectedly.  It has done this 1 time(s).
 
Error - 7/1/2013 9:08:10 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 7/1/2013 9:15:54 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
Error - 7/1/2013 9:19:14 AM | Computer Name = HP-AC60887941E4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.114 for the Network Card with network
 address 0015604FC4CD has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/1/2013 9:20:04 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034
Description = The McAfee Framework Service service terminated unexpectedly.  It
has done this 1 time(s).
 
Error - 7/1/2013 9:23:26 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 7/1/2013 9:26:44 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034
Description = The StarWind iSCSI Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 7/1/2013 9:32:56 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034
Description = The UDisk Monitor service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 7/1/2013 11:38:49 AM | Computer Name = HP-AC60887941E4 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
 handle notifications on device \\?\usbstor#cdrom&ven_zte&prod_usb_storage_fff1&rev_2.31#000000000002&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
 Win32 Error: 2.
 
Error - 7/1/2013 2:02:50 PM | Computer Name = HP-AC60887941E4 | Source = PSched | ID = 14107
Description = QoS [Adapter NDISWANIP]:  The Packet Scheduler could not initialize
the virtual miniport with NDIS.
 
 
< End of report >
 

 

*******************************************************************************************************************************************************

OTL logfile created on: 7/2/2013 2:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free
2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32
Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
 
Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/06/17 09:41:20 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
PRC - [2013/05/10 07:53:34 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/14 14:41:16 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe
MOD - [2004/01/22 18:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/02/13 14:26:02 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2013/01/14 14:41:12 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/01/14 14:41:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/01/14 14:41:12 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/01/14 14:41:12 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2012/04/23 04:26:26 | 000,108,448 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2009/07/21 16:04:16 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2008/12/09 21:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2013/05/10 07:49:06 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03E48A69-FD25-4691-9BDC-99CDA7FFF656}: DhcpNameServer = 192.168.100.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/03/18 07:27:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{05c568a4-8f9b-11e2-9fba-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{05c568a4-8f9b-11e2-9fba-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{05c568a4-8f9b-11e2-9fba-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2095/07/22 18:41:56 | 000,000,000 | -HSD | C] -- C:\FOUND.014
[2033/09/30 21:36:46 | 000,000,000 | -HSD | C] -- C:\FOUND.018
[2013/07/02 14:07:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/07/02 12:16:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/07/02 12:05:06 | 000,000,000 | -HSD | C] -- C:\FOUND.028
[2013/07/01 23:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/07/01 23:02:00 | 000,586,584 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/07/01 23:02:00 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/07/01 22:56:14 | 000,000,000 | -HSD | C] -- C:\FOUND.027
[2013/07/01 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2013/07/01 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2013/07/01 18:53:20 | 000,000,000 | -HSD | C] -- C:\FOUND.026
[2013/07/01 18:28:57 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/07/01 18:20:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/07/01 16:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/07/01 16:42:16 | 000,000,000 | ---D | C] -- C:\KAV
[2013/07/01 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/07/01 16:18:13 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2013/07/01 16:06:14 | 000,000,000 | -HSD | C] -- C:\FOUND.025
[2013/06/30 11:09:54 | 000,000,000 | -HSD | C] -- C:\FOUND.024
[2013/06/29 14:06:18 | 000,000,000 | -HSD | C] -- C:\FOUND.023
[2013/06/28 20:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe Mini Bridge CS5
[2013/06/28 20:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/06/28 06:49:28 | 000,000,000 | -HSD | C] -- C:\FOUND.022
[2013/06/27 18:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2013/06/27 18:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/06/27 18:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2013/06/27 18:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/06/27 10:44:39 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2013/06/27 10:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2013/06/27 10:07:04 | 000,000,000 | -HSD | C] -- C:\FOUND.021
[2013/06/24 23:00:58 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2013/06/23 18:52:32 | 000,000,000 | -HSD | C] -- C:\FOUND.019
[2013/06/22 11:14:10 | 000,000,000 | -HSD | C] -- C:\FOUND.017
[2013/06/22 06:27:38 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2013/06/17 10:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/06/17 10:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Hotspot Shield
[2013/06/17 09:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/06/17 08:28:24 | 000,000,000 | -HSD | C] -- C:\FOUND.015
[2013/06/16 12:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2013/06/16 11:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies
[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2013/06/16 11:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2013/06/13 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/06/09 04:03:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013
[2013/06/08 06:19:14 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/02 14:04:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/02 14:04:00 | 1064,747,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/07/02 00:21:08 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Four Star.lnk
[2013/07/02 00:17:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/07/01 23:42:00 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2013/07/01 23:02:58 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:01:26 | 000,002,251 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2013/07/01 20:51:48 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-776561741-725345543-708340629-500Core.job
[2013/07/01 18:14:18 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/01 16:41:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/01 00:02:06 | 000,389,376 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg
[2013/06/30 09:17:34 | 000,093,367 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\d.jpg
[2013/06/30 02:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job
[2013/06/29 05:14:20 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2013/06/28 07:23:30 | 000,017,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\c.jpg
[2013/06/27 21:19:08 | 003,568,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/22 19:36:52 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/21 09:21:50 | 000,049,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Brasil.jpg
[2013/06/16 01:25:02 | 000,035,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b.jpg
[2013/06/15 23:34:16 | 003,933,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3
[2013/06/15 23:27:34 | 005,286,589 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3
[2013/06/15 05:20:00 | 004,847,451 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[Songs.PK] 02 - Rani Tu Mein Raja.mp3
[2013/06/15 04:38:30 | 014,930,814 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv
[2013/06/13 09:03:20 | 000,007,287 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\shez.JPG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/02 00:57:34 | 1064,747,008 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/02 00:21:06 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Four Star.lnk
[2013/07/01 23:03:12 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 20:18:36 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2013/07/01 16:13:23 | 000,033,585 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\ofbdgevejc..vbs
[2013/07/01 00:02:07 | 000,389,376 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg
[2013/06/30 09:17:40 | 000,093,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\d.jpg
[2013/06/28 20:14:30 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job
[2013/06/28 07:23:36 | 000,017,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c.jpg
[2013/06/27 18:48:32 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/06/27 18:47:36 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/06/27 18:47:08 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/06/27 18:44:49 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/06/27 18:44:37 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/06/27 18:43:33 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2013/06/21 09:22:03 | 000,049,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Brasil.jpg
[2013/06/16 11:41:36 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Nitro PDF Professional.lnk
[2013/06/16 01:25:06 | 000,035,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b.jpg
[2013/06/15 23:33:12 | 003,933,337 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3
[2013/06/15 23:26:12 | 005,286,589 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3
[2013/06/15 05:11:43 | 004,847,451 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[Songs.PK] 02 - Rani Tu Mein Raja.mp3
[2013/06/15 04:18:49 | 014,930,814 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv
[2013/06/13 09:03:18 | 000,007,287 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\shez.JPG
[2013/05/17 12:50:53 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/05/17 12:50:49 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/17 12:50:48 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/17 12:50:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/17 12:50:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2013/05/17 12:50:44 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/10 05:33:25 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/18 08:30:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/03/18 07:38:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2013/03/18 07:30:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/03/18 07:24:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/03/18 07:18:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/03/18 07:17:23 | 003,568,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/04 00:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/03 16:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/03 16:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 July 2013 - 08:46 PM

Exactly what problems are you having?

And you have things disabled with msconfig

 

Can you do the following:

Go to START>>RUN>>type in msconfig

 

Select NORMAL STARTUP

reboot then run OTL.exe again with Run Scan... When the scan is done, post the new OTL.txt log that opens


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 21 July 2013 - 07:18 PM

Topic locked as the original poster has not returned


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here