TheTechGuide Forum

General Category => Tech Clinic => Topic started by: faraz on July 01, 2013, 10:21:09 AM

Title: System is running too slow ... viruses are not detected
Post by: faraz on July 01, 2013, 10:21:09 AM

here is log file of Hijack this

 

****************************************************************************************************************************

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:18:47 PM, on 7/1/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\\WINDOWS\\System32\\smss.exe

C:\\WINDOWS\\system32\\winlogon.exe

C:\\WINDOWS\\system32\\services.exe

C:\\WINDOWS\\system32\\lsass.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\WINDOWS\\system32\\spoolsv.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

C:\\WINDOWS\\Explorer.EXE

C:\\Program Files\\USB Disk Security\\USBGuard.exe

C:\\Program Files\\Internet Download Manager\\IDMan.exe

C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe

C:\\Program Files\\Internet Download Manager\\IEMonitor.exe

C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\App.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\msiexec.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

 

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL

O4 - HKLM\\..\\Run: [USB Security] C:\\Program Files\\USB Disk Security\\USBGuard.exe

O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto

O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot

O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe\"  /MINIMIZED

O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B12C7F3A-70CB-48D6-939A-FA365C28C208}: NameServer = 119.159.255.36 182.176.32.29

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~2\\Office12\\GR99D3~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll

O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\\Program Files\\Common Files\\BCL Technologies\\easyPDF 5\\bepldr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe

O23 - Service: UDisk Monitor - Unknown owner - C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

 

--

End of file - 4261 bytes

 

Title: System is running too slow ... viruses are not detected
Post by: guestolo on July 01, 2013, 09:31:50 PM

Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and double click on OTL.exe to run it
  
  
• Click Run Scan and let the program run uninterrupted.
  
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  
  

 

Title: System is running too slow ... viruses are not detected
Post by: faraz on July 02, 2013, 05:41:41 AM

OTL Extras logfile created on: 7/2/2013 2:07:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Administrator\\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free

2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free

Paging file location(s): C:\\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32

Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS

Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS

Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

 

Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

exefile [open] -- \"%1\" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [Bridge] -- C:\\Program Files\\Adobe\\Adobe Bridge CS5\\Bridge.exe \"%L\" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" ()

Folder [open] -- %SystemRoot%\\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"FirstRunDisabled\" = 1

\"AntiVirusDisableNotify\" = 1

\"FirewallDisableNotify\" = 1

\"UpdatesDisableNotify\" = 1

\"AntiVirusOverride\" = 0

\"FirewallOverride\" = 0

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]

\"DisableMonitoring\" = 1

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore]

\"DisableSR\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sr]

\"Start\" = 4

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SrService]

\"Start\" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DoNotAllowExceptions\" = 0

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List]

\"1900:UDP\" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

\"2869:TCP\" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe\" = C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]

\"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe\" = C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service

\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\" = C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- (Tonec Inc.)

\"C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe\" = C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

\"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe\" = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Disabled:Facebook Video Calling Plugin -- (Skype Limited)

\"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)

\"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)

\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)

\"C:\\WINDOWS\\system32\\sessmgr.exe\" = C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\" = Microsoft_VC90_ATL_x86

\"{08D2E121-7F6A-43EB-97FD-629B44903403}\" = Microsoft_VC90_CRT_x86

\"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}\" = Adobe Community Help

\"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\" = Microsoft_VC80_ATL_x86

\"{15FEDA5F-141C-4127-8D7E-B962D1742728}\" = Adobe Photoshop CS5

\"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\" = WebFldrs XP

\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis

\"{560985FB-4B76-4121-9189-7A2CDC7886D6}\" = Kaspersky Anti-Virus 2013

\"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\" = Microsoft_VC90_MFC_x86

\"{8A708DD8-A5E6-11D4-A706-000629E95E20}\" = Intel(R) Graphics Media Accelerator Driver

\"{90120000-0010-0409-0000-0000000FF1CE}\" = Microsoft Software Update for Web Folders  (English) 12

\"{90120000-0015-0409-0000-0000000FF1CE}\" = Microsoft Office Access MUI (English) 2007

\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007

\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007

\"{90120000-0019-0409-0000-0000000FF1CE}\" = Microsoft Office Publisher MUI (English) 2007

\"{90120000-001A-0409-0000-0000000FF1CE}\" = Microsoft Office Outlook MUI (English) 2007

\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007

\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007

\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007

\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007

\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007

\"{90120000-0030-0000-0000-0000000FF1CE}\" = Microsoft Office Enterprise 2007

\"{90120000-0044-0409-0000-0000000FF1CE}\" = Microsoft Office InfoPath MUI (English) 2007

\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007

\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007

\"{90120000-00BA-0409-0000-0000000FF1CE}\" = Microsoft Office Groove MUI (English) 2007

\"{90120000-0114-0409-0000-0000000FF1CE}\" = Microsoft Office Groove Setup Metadata MUI (English) 2007

\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007

\"{90120000-0117-0409-0000-0000000FF1CE}\" = Microsoft Office Access Setup Metadata MUI (English) 2007

\"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\" = Microsoft_VC80_CRT_x86

\"{A2BCA9F1-566C-4805-97D1-7FDC93386723}\" = Adobe AIR

\"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}\" = PDF Settings CS5

\"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}\" = Facebook Video Calling 1.2.0.287

\"{D1A19B02-817E-4296-A45B-07853FD74D57}\" = Microsoft_VC80_MFC_x86

\"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\" = Microsoft_VC80_MFCLOC_x86

\"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}\" = Adobe Media Player

\"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}\" = Nitro PDF Professional

\"6AF27CD11B617BED2F81E26729D33AF8338D453C\" = Windows Driver Package - Hewlett-Packard hp scanjet 3600 series (04/26/2007 9.0.0.0)

\"Adobe AIR\" = Adobe AIR

\"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\" = Adobe Community Help

\"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\" = Adobe Media Player

\"ENTERPRISE\" = Microsoft Office Enterprise 2007

\"Foxit Reader\" = Foxit Reader

\"GOM Player\" = GOM Player

\"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}\" = Kaspersky Anti-Virus 2013

\"Internet Download Manager\" = Internet Download Manager

\"KLiteCodecPack_is1\" = K-Lite Mega Codec Pack 1.53

\"USB Disk Security_is1\" = USB Disk Security

\"uTorrent\" = µTorrent

\"VLC media player\" = VLC media player 1.1.11

\"WinRAR archiver\" = WinRAR archiver

\"ZTEWireless-101_is1\" = EVDO BROADBAND PTCL

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"Google Chrome\" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 6/29/2013 3:04:08 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 3:08:01 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 3:08:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 3:11:33 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 5:07:03 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 5:10:43 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 5:10:46 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 5:11:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 5:11:07 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 7:03:32 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 7/1/2013 9:06:37 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The McAfee Validation Trust Protection Service service terminated

unexpectedly.  It has done this 1 time(s).

 

Error - 7/1/2013 9:08:10 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly.  It has done

this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:

 Restart the service.

 

Error - 7/1/2013 9:15:54 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

 the service) after the unexpected termination of the Windows Management Instrumentation

 service, but this action failed with the following error:   %%1056

 

Error - 7/1/2013 9:19:14 AM | Computer Name = HP-AC60887941E4 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.100.114 for the Network Card with network

 address 0015604FC4CD has been  denied by the DHCP server 0.0.0.0 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/1/2013 9:20:04 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The McAfee Framework Service service terminated unexpectedly.  It

has done this 1 time(s).

 

Error - 7/1/2013 9:23:26 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly.  It has done

this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:

 Restart the service.

 

Error - 7/1/2013 9:26:44 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The StarWind iSCSI Service service terminated unexpectedly.  It has

 done this 1 time(s).

 

Error - 7/1/2013 9:32:56 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The UDisk Monitor service terminated unexpectedly.  It has done this

 1 time(s).

 

Error - 7/1/2013 11:38:49 AM | Computer Name = HP-AC60887941E4 | Source = LDMS | ID = 16780239

Description = The Logical Disk Manager Service failed while registering for device

 handle notifications on device \\\\?\\usbstor#cdrom&ven_zte&prod_usb_storage_fff1&rev_2.31#000000000002&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.

 Win32 Error: 2.

 

Error - 7/1/2013 2:02:50 PM | Computer Name = HP-AC60887941E4 | Source = PSched | ID = 14107

Description = QoS [Adapter NDISWANIP]:  The Packet Scheduler could not initialize

the virtual miniport with NDIS.

 

 

< End of report >

 

 

*******************************************************************************************************************************************************

OTL logfile created on: 7/2/2013 2:07:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Administrator\\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free

2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free

Paging file location(s): C:\\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32

Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS

Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS

Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

 

Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

PRC - [2013/06/17 09:41:20 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe

PRC - [2013/05/10 07:53:34 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\\Program Files\\Internet Download Manager\\IDMan.exe

PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\\Program Files\\USB Disk Security\\USBGuard.exe

PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\\Program Files\\Internet Download Manager\\IEMonitor.exe

PRC - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/01/14 14:41:16 | 001,310,136 | ---- | M] () -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\kpcengine.2.2.dll

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\dblite.dll

MOD - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

MOD - [2004/01/22 18:36:28 | 000,120,832 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe -- (AVP)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () [Auto | Running] -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe -- (UDisk Monitor)

SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\BCL Technologies\\easyPDF 5\\bepldr.exe -- (bepldr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/02/13 14:26:02 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\taphss.sys -- (taphss)

DRV - [2013/01/14 14:41:12 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\\WINDOWS\\system32\\drivers\\klif.sys -- (KLIF)

DRV - [2013/01/14 14:41:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\kltdi.sys -- (kltdi)

DRV - [2013/01/14 14:41:12 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klmouflt.sys -- (klmouflt)

DRV - [2013/01/14 14:41:12 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klkbdflt.sys -- (klkbdflt)

DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\kneps.sys -- (kneps)

DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klim5.sys -- (klim5)

DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\kl1.sys -- (kl1)

DRV - [2012/04/23 04:26:26 | 000,108,448 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\idmtdi.sys -- (IDMTDI)

DRV - [2009/07/21 16:04:16 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)

DRV - [2008/12/09 21:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\b57xp32.sys -- (b57w2k)

DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\Hdaudio.sys -- (HdAudAddService)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = %SystemRoot%\\system32\\blank.htm

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

 

========== FireFox ==========

 

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nppl3260;version=6.0.11.2321: C:\\Program Files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpjplug;version=6.0.12.1483: C:\\Program Files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\SeaMonkey\\Extensions\\\\[email protected]: C:\\Documents and Settings\\Administrator\\Application Data\\IDM\\idmmzcc5 [2013/05/10 07:49:06 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\gcswf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\\Program Files\\Windows Media Player\\npdsplay.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npwmsdrm.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npdrmv2.dll

CHR - Extension: Kaspersky URL Advisor = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\13.0.1.4190_0\\

CHR - Extension: Content Blocker = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\hghkgaeecgjhjkannahfamoehjmkjail\\13.0.1.4190_0\\

CHR - Extension: Virtual Keyboard = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\13.0.1.4190_0\\

CHR - Extension: Gmail = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

 

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\\WINDOWS\\system32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O4 - HKLM..\\Run: [AVP] C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\\Run: [USB Security] C:\\Program Files\\USB Disk Security\\USBGuard.exe (Zbshareware Lab)

O4 - HKCU..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe (Tonec Inc.)

O4 - HKCU..\\Run: [uTorrent] C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 60

O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]

O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm ()

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{03E48A69-FD25-4691-9BDC-99CDA7FFF656}: DhcpNameServer = 192.168.100.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\WINDOWS\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\\system32\\userinit.exe) - C:\\WINDOWS\\system32\\userinit.exe (Microsoft Corporation)

O20 - Winlogon\\Notify\\klogon: DllName - (C:\\WINDOWS\\system32\\klogon.dll) - C:\\WINDOWS\\system32\\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop WallPaper: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2013/03/18 07:27:18 | 000,000,000 | ---- | M] () - C:\\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - C:\\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - D:\\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - E:\\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - F:\\autorun.inf -- [ NTFS ]

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell\\AutoRun\\command - \"\" = G:\\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2095/07/22 18:41:56 | 000,000,000 | -HSD | C] -- C:\\FOUND.014

[2033/09/30 21:36:46 | 000,000,000 | -HSD | C] -- C:\\FOUND.018

[2013/07/02 14:07:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

[2013/07/02 12:16:27 | 000,000,000 | RH-D | C] -- C:\\Documents and Settings\\Administrator\\Recent

[2013/07/02 12:05:06 | 000,000,000 | -HSD | C] -- C:\\FOUND.028

[2013/07/01 23:03:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Kaspersky Anti-Virus 2013

[2013/07/01 23:02:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab

[2013/07/01 23:02:00 | 000,586,584 | ---- | C] (Kaspersky Lab) -- C:\\WINDOWS\\System32\\drivers\\klif.sys

[2013/07/01 23:02:00 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\\WINDOWS\\System32\\drivers\\klflt.sys

[2013/07/01 22:56:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.027

[2013/07/01 20:47:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\StarApp

[2013/07/01 20:46:42 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\InstallMate

[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\HiJackThis

[2013/07/01 18:53:20 | 000,000,000 | -HSD | C] -- C:\\FOUND.026

[2013/07/01 18:28:57 | 000,000,000 | ---D | C] -- C:\\Avenger

[2013/07/01 18:20:49 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\pss

[2013/07/01 16:43:01 | 000,000,000 | ---D | C] -- C:\\Program Files\\Kaspersky Lab

[2013/07/01 16:42:16 | 000,000,000 | ---D | C] -- C:\\KAV

[2013/07/01 16:41:08 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage

[2013/07/01 16:18:13 | 000,000,000 | ---D | C] -- C:\\autorun.inf

[2013/07/01 16:06:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.025

[2013/06/30 11:09:54 | 000,000,000 | -HSD | C] -- C:\\FOUND.024

[2013/06/29 14:06:18 | 000,000,000 | -HSD | C] -- C:\\FOUND.023

[2013/06/28 20:46:53 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\Adobe Mini Bridge CS5

[2013/06/28 20:46:52 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2013/06/28 06:49:28 | 000,000,000 | -HSD | C] -- C:\\FOUND.022

[2013/06/27 18:50:37 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\regid.1986-12.com.adobe

[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\\Program Files\\Adobe Media Player

[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe

[2013/06/27 18:43:30 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Adobe AIR

[2013/06/27 18:39:35 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Adobe

[2013/06/27 18:39:28 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Adobe

[2013/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe

[2013/06/27 10:44:39 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\\WINDOWS\\iun503.exe

[2013/06/27 10:40:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\Alcohol Soft

[2013/06/27 10:07:04 | 000,000,000 | -HSD | C] -- C:\\FOUND.021

[2013/06/24 23:00:58 | 000,000,000 | -HSD | C] -- C:\\FOUND.020

[2013/06/23 18:52:32 | 000,000,000 | -HSD | C] -- C:\\FOUND.019

[2013/06/22 11:14:10 | 000,000,000 | -HSD | C] -- C:\\FOUND.017

[2013/06/22 06:27:38 | 000,000,000 | -HSD | C] -- C:\\FOUND.016

[2013/06/17 10:33:46 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\System32\\appmgmt

[2013/06/17 10:09:48 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\LocalService\\Application Data\\Hotspot Shield

[2013/06/17 09:24:39 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent

[2013/06/17 08:28:24 | 000,000,000 | -HSD | C] -- C:\\FOUND.015

[2013/06/16 12:40:09 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\Nitro PDF

[2013/06/16 11:41:48 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\BCL Technologies

[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Nitro PDF

[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Nitro PDF

[2013/06/16 11:40:46 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Downloaded Installations

[2013/06/13 09:11:55 | 000,000,000 | ---D | C] -- C:\\Program Files\\DIFX

[2013/06/09 04:03:26 | 000,000,000 | -HSD | C] -- C:\\FOUND.013

[2013/06/08 06:19:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.012

[3 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

[2 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/02 14:04:02 | 000,002,048 | --S- | M] () -- C:\\WINDOWS\\bootstat.dat

[2013/07/02 14:04:00 | 1064,747,008 | -HS- | M] () -- C:\\hiberfil.sys

[2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

[2013/07/02 00:21:08 | 000,000,542 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Four Star.lnk

[2013/07/02 00:17:12 | 000,000,211 | -HS- | M] () -- C:\\boot.ini

[2013/07/01 23:42:00 | 000,002,463 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\HiJackThis.lnk

[2013/07/01 23:02:58 | 000,000,755 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Kaspersky Anti-Virus 2013.lnk

[2013/07/01 23:01:26 | 000,002,251 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Google Chrome.lnk

[2013/07/01 20:51:48 | 000,001,008 | ---- | M] () -- C:\\WINDOWS\\tasks\\FacebookUpdateTaskUserS-1-5-21-776561741-725345543-708340629-500Core.job

[2013/07/01 18:14:18 | 000,017,408 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/07/01 16:41:10 | 000,002,206 | ---- | M] () -- C:\\WINDOWS\\System32\\wpa.dbl

[2013/07/01 00:02:06 | 000,389,376 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\My Documents\\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg

[2013/06/30 09:17:34 | 000,093,367 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\d.jpg

[2013/06/30 02:00:04 | 000,000,358 | ---- | M] () -- C:\\WINDOWS\\tasks\\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job

[2013/06/29 05:14:20 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\\WINDOWS\\iun503.exe

[2013/06/28 07:23:30 | 000,017,769 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\c.jpg

[2013/06/27 21:19:08 | 003,568,328 | ---- | M] () -- C:\\WINDOWS\\System32\\FNTCACHE.DAT

[2013/06/22 19:36:52 | 000,002,269 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2013/06/21 09:21:50 | 000,049,652 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Brasil.jpg

[2013/06/16 01:25:02 | 000,035,833 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\b.jpg

[2013/06/15 23:34:16 | 003,933,337 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3

[2013/06/15 23:27:34 | 005,286,589 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3

[2013/06/15 05:20:00 | 004,847,451 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[Songs.PK] 02 - Rani Tu Mein Raja.mp3

[2013/06/15 04:38:30 | 014,930,814 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv

[2013/06/13 09:03:20 | 000,007,287 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\My Documents\\shez.JPG

[3 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

[2 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/02 00:57:34 | 1064,747,008 | -HS- | C] () -- C:\\hiberfil.sys

[2013/07/02 00:21:06 | 000,000,542 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Four Star.lnk

[2013/07/01 23:03:12 | 000,000,755 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Kaspersky Anti-Virus 2013.lnk

[2013/07/01 20:18:36 | 000,002,463 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\HiJackThis.lnk

[2013/07/01 16:13:23 | 000,033,585 | -HS- | C] () -- C:\\Documents and Settings\\Administrator\\Application Data\\ofbdgevejc..vbs

[2013/07/01 00:02:07 | 000,389,376 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\My Documents\\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg

[2013/06/30 09:17:40 | 000,093,367 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\d.jpg

[2013/06/28 20:14:30 | 000,000,358 | ---- | C] () -- C:\\WINDOWS\\tasks\\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job

[2013/06/28 07:23:36 | 000,017,769 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\c.jpg

[2013/06/27 18:48:32 | 000,000,761 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Photoshop CS5.lnk

[2013/06/27 18:47:36 | 000,000,723 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Bridge CS5.lnk

[2013/06/27 18:47:08 | 000,000,816 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Device Central CS5.lnk

[2013/06/27 18:44:49 | 000,000,907 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Extension Manager CS5.lnk

[2013/06/27 18:44:37 | 000,001,051 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe ExtendScript Toolkit CS5.lnk

[2013/06/27 18:43:33 | 000,000,635 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Help.lnk

[2013/06/21 09:22:03 | 000,049,652 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Brasil.jpg

[2013/06/16 11:41:36 | 000,001,671 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Nitro PDF Professional.lnk

[2013/06/16 01:25:06 | 000,035,833 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\b.jpg

[2013/06/15 23:33:12 | 003,933,337 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3

[2013/06/15 23:26:12 | 005,286,589 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3

[2013/06/15 05:11:43 | 004,847,451 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[Songs.PK] 02 - Rani Tu Mein Raja.mp3

[2013/06/15 04:18:49 | 014,930,814 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv

[2013/06/13 09:03:18 | 000,007,287 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\My Documents\\shez.JPG

[2013/05/17 12:50:53 | 000,157,696 | ---- | C] () -- C:\\WINDOWS\\System32\\unrar.dll

[2013/05/17 12:50:49 | 000,568,850 | ---- | C] () -- C:\\WINDOWS\\System32\\x264vfw.dll

[2013/05/17 12:50:48 | 000,856,064 | ---- | C] () -- C:\\WINDOWS\\System32\\xvidcore.dll

[2013/05/17 12:50:48 | 000,217,088 | ---- | C] () -- C:\\WINDOWS\\System32\\xvidvfw.dll

[2013/05/17 12:50:46 | 003,596,288 | ---- | C] () -- C:\\WINDOWS\\System32\\qt-dx331.dll

[2013/05/17 12:50:44 | 000,005,120 | ---- | C] () -- C:\\WINDOWS\\System32\\ff_vfw.dll

[2013/05/10 05:33:25 | 000,017,408 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/03/18 08:30:39 | 000,000,376 | ---- | C] () -- C:\\WINDOWS\\ODBC.INI

[2013/03/18 07:38:59 | 000,147,456 | ---- | C] () -- C:\\WINDOWS\\System32\\igfxCoIn_v4926.dll

[2013/03/18 07:30:57 | 000,002,048 | --S- | C] () -- C:\\WINDOWS\\bootstat.dat

[2013/03/18 07:24:15 | 000,021,640 | ---- | C] () -- C:\\WINDOWS\\System32\\emptyregdb.dat

[2013/03/18 07:18:34 | 000,004,161 | ---- | C] () -- C:\\WINDOWS\\ODBCINST.INI

[2013/03/18 07:17:23 | 003,568,328 | ---- | C] () -- C:\\WINDOWS\\System32\\FNTCACHE.DAT

 

========== ZeroAccess Check ==========

 

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shdocvw.dll -- [2004/08/04 00:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\fastprox.dll -- [2004/08/03 16:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\wbemess.dll -- [2004/08/03 16:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

< End of report >

Title: System is running too slow ... viruses are not detected
Post by: guestolo on July 03, 2013, 09:46:54 PM

Exactly what problems are you having?

And you have things disabled with msconfig

 

Can you do the following:

Go to START>>RUN>>type in msconfig

 

Select NORMAL STARTUP

reboot then run OTL.exe again with Run Scan... When the scan is done, post the new OTL.txt log that opens

Title: System is running too slow ... viruses are not detected
Post by: guestolo on July 21, 2013, 08:18:40 PM

Topic locked as the original poster has not returned