« previous next »
Pages: [1]

Author Topic: System is running too slow ... viruses are not detected  (Read 1935 times)

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
System is running too slow ... viruses are not detected
« on: July 01, 2013, 10:21:09 AM »
here is log file of Hijack this

 

****************************************************************************************************************************

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:18:47 PM, on 7/1/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\\WINDOWS\\System32\\smss.exe

C:\\WINDOWS\\system32\\winlogon.exe

C:\\WINDOWS\\system32\\services.exe

C:\\WINDOWS\\system32\\lsass.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\WINDOWS\\system32\\spoolsv.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

C:\\WINDOWS\\Explorer.EXE

C:\\Program Files\\USB Disk Security\\USBGuard.exe

C:\\Program Files\\Internet Download Manager\\IDMan.exe

C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe

C:\\Program Files\\Internet Download Manager\\IEMonitor.exe

C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\App.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\msiexec.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

 

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL

O4 - HKLM\\..\\Run: [USB Security] C:\\Program Files\\USB Disk Security\\USBGuard.exe

O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto

O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot

O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe\"  /MINIMIZED

O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B12C7F3A-70CB-48D6-939A-FA365C28C208}: NameServer = 119.159.255.36 182.176.32.29

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~2\\Office12\\GR99D3~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll

O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\\Program Files\\Common Files\\BCL Technologies\\easyPDF 5\\bepldr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe

O23 - Service: UDisk Monitor - Unknown owner - C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

 

--

End of file - 4261 bytes

 

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
System is running too slow ... viruses are not detected
« Reply #1 on: July 01, 2013, 09:31:50 PM »

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.



  • Close all windows and double click on OTL.exe to run it

  • Click Run Scan and let the program run uninterrupted.

  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.





 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
System is running too slow ... viruses are not detected
« Reply #2 on: July 02, 2013, 05:41:41 AM »

OTL Extras logfile created on: 7/2/2013 2:07:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Administrator\\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free

2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free

Paging file location(s): C:\\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32

Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS

Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS

Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

 

Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*

exefile [open] -- \"%1\" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [Bridge] -- C:\\Program Files\\Adobe\\Adobe Bridge CS5\\Bridge.exe \"%L\" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" ()

Folder [open] -- %SystemRoot%\\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"FirstRunDisabled\" = 1

\"AntiVirusDisableNotify\" = 1

\"FirewallDisableNotify\" = 1

\"UpdatesDisableNotify\" = 1

\"AntiVirusOverride\" = 0

\"FirewallOverride\" = 0

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]

\"DisableMonitoring\" = 1

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore]

\"DisableSR\" = 1

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Sr]

\"Start\" = 4

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SrService]

\"Start\" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DoNotAllowExceptions\" = 0

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List]

\"1900:UDP\" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

\"2869:TCP\" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]

\"%windir%\\system32\\sessmgr.exe\" = %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

\"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe\" = C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]

\"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe\" = C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service

\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\" = C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- (Tonec Inc.)

\"C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe\" = C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

\"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe\" = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Disabled:Facebook Video Calling Plugin -- (Skype Limited)

\"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)

\"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)

\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\" = C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)

\"C:\\WINDOWS\\system32\\sessmgr.exe\" = C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\" = Microsoft_VC90_ATL_x86

\"{08D2E121-7F6A-43EB-97FD-629B44903403}\" = Microsoft_VC90_CRT_x86

\"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}\" = Adobe Community Help

\"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\" = Microsoft_VC80_ATL_x86

\"{15FEDA5F-141C-4127-8D7E-B962D1742728}\" = Adobe Photoshop CS5

\"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\" = WebFldrs XP

\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis

\"{560985FB-4B76-4121-9189-7A2CDC7886D6}\" = Kaspersky Anti-Virus 2013

\"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\" = Microsoft_VC90_MFC_x86

\"{8A708DD8-A5E6-11D4-A706-000629E95E20}\" = Intel(R) Graphics Media Accelerator Driver

\"{90120000-0010-0409-0000-0000000FF1CE}\" = Microsoft Software Update for Web Folders  (English) 12

\"{90120000-0015-0409-0000-0000000FF1CE}\" = Microsoft Office Access MUI (English) 2007

\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007

\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007

\"{90120000-0019-0409-0000-0000000FF1CE}\" = Microsoft Office Publisher MUI (English) 2007

\"{90120000-001A-0409-0000-0000000FF1CE}\" = Microsoft Office Outlook MUI (English) 2007

\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007

\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007

\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007

\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007

\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007

\"{90120000-0030-0000-0000-0000000FF1CE}\" = Microsoft Office Enterprise 2007

\"{90120000-0044-0409-0000-0000000FF1CE}\" = Microsoft Office InfoPath MUI (English) 2007

\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007

\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007

\"{90120000-00BA-0409-0000-0000000FF1CE}\" = Microsoft Office Groove MUI (English) 2007

\"{90120000-0114-0409-0000-0000000FF1CE}\" = Microsoft Office Groove Setup Metadata MUI (English) 2007

\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007

\"{90120000-0117-0409-0000-0000000FF1CE}\" = Microsoft Office Access Setup Metadata MUI (English) 2007

\"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\" = Microsoft_VC80_CRT_x86

\"{A2BCA9F1-566C-4805-97D1-7FDC93386723}\" = Adobe AIR

\"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}\" = PDF Settings CS5

\"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}\" = Facebook Video Calling 1.2.0.287

\"{D1A19B02-817E-4296-A45B-07853FD74D57}\" = Microsoft_VC80_MFC_x86

\"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\" = Microsoft_VC80_MFCLOC_x86

\"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}\" = Adobe Media Player

\"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}\" = Nitro PDF Professional

\"6AF27CD11B617BED2F81E26729D33AF8338D453C\" = Windows Driver Package - Hewlett-Packard hp scanjet 3600 series (04/26/2007 9.0.0.0)

\"Adobe AIR\" = Adobe AIR

\"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\" = Adobe Community Help

\"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\" = Adobe Media Player

\"ENTERPRISE\" = Microsoft Office Enterprise 2007

\"Foxit Reader\" = Foxit Reader

\"GOM Player\" = GOM Player

\"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}\" = Kaspersky Anti-Virus 2013

\"Internet Download Manager\" = Internet Download Manager

\"KLiteCodecPack_is1\" = K-Lite Mega Codec Pack 1.53

\"USB Disk Security_is1\" = USB Disk Security

\"uTorrent\" = µTorrent

\"VLC media player\" = VLC media player 1.1.11

\"WinRAR archiver\" = WinRAR archiver

\"ZTEWireless-101_is1\" = EVDO BROADBAND PTCL

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"Google Chrome\" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 6/29/2013 3:04:08 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 3:08:01 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 3:08:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 3:11:33 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 5:07:03 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

Error - 6/29/2013 5:10:43 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 5:10:46 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 5:11:04 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The  Error code is the first DWORD in Data section.

 

Error - 6/29/2013 5:11:07 AM | Computer Name = HP-AC60887941E4 | Source = LoadPerf | ID = 3006

Description = Unable to read the performance counter strings of the 009 language

 ID.  The Win32 status returned by the call is the first DWORD in Data section.

 

Error - 6/29/2013 7:03:32 AM | Computer Name = HP-AC60887941E4 | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 7/1/2013 9:06:37 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The McAfee Validation Trust Protection Service service terminated

unexpectedly.  It has done this 1 time(s).

 

Error - 7/1/2013 9:08:10 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly.  It has done

this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:

 Restart the service.

 

Error - 7/1/2013 9:15:54 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

 the service) after the unexpected termination of the Windows Management Instrumentation

 service, but this action failed with the following error:   %%1056

 

Error - 7/1/2013 9:19:14 AM | Computer Name = HP-AC60887941E4 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.100.114 for the Network Card with network

 address 0015604FC4CD has been  denied by the DHCP server 0.0.0.0 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/1/2013 9:20:04 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The McAfee Framework Service service terminated unexpectedly.  It

has done this 1 time(s).

 

Error - 7/1/2013 9:23:26 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly.  It has done

this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:

 Restart the service.

 

Error - 7/1/2013 9:26:44 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The StarWind iSCSI Service service terminated unexpectedly.  It has

 done this 1 time(s).

 

Error - 7/1/2013 9:32:56 AM | Computer Name = HP-AC60887941E4 | Source = Service Control Manager | ID = 7034

Description = The UDisk Monitor service terminated unexpectedly.  It has done this

 1 time(s).

 

Error - 7/1/2013 11:38:49 AM | Computer Name = HP-AC60887941E4 | Source = LDMS | ID = 16780239

Description = The Logical Disk Manager Service failed while registering for device

 handle notifications on device \\\\?\\usbstor#cdrom&ven_zte&prod_usb_storage_fff1&rev_2.31#000000000002&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.

 Win32 Error: 2.

 

Error - 7/1/2013 2:02:50 PM | Computer Name = HP-AC60887941E4 | Source = PSched | ID = 14107

Description = QoS [Adapter NDISWANIP]:  The Packet Scheduler could not initialize

the virtual miniport with NDIS.

 

 

< End of report >

 


 


*******************************************************************************************************************************************************


OTL logfile created on: 7/2/2013 2:07:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Documents and Settings\\Administrator\\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.35 Mb Total Physical Memory | 535.04 Mb Available Physical Memory | 52.70% Memory free

2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.79% Paging File free

Paging file location(s): C:\\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files

Drive C: | 24.99 Gb Total Space | 14.65 Gb Free Space | 58.61% Space Free | Partition Type: FAT32

Drive D: | 25.00 Gb Total Space | 3.98 Gb Free Space | 15.93% Space Free | Partition Type: NTFS

Drive E: | 49.70 Gb Total Space | 2.90 Gb Free Space | 5.84% Space Free | Partition Type: NTFS

Drive F: | 49.34 Gb Total Space | 3.59 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

 

Computer Name: HP-AC60887941E4 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

PRC - [2013/06/17 09:41:20 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe

PRC - [2013/05/10 07:53:34 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\\Program Files\\Internet Download Manager\\IDMan.exe

PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\\Program Files\\USB Disk Security\\USBGuard.exe

PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\\Program Files\\Internet Download Manager\\IEMonitor.exe

PRC - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/01/14 14:41:16 | 001,310,136 | ---- | M] () -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\kpcengine.2.2.dll

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\dblite.dll

MOD - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe

MOD - [2004/01/22 18:36:28 | 000,120,832 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe -- (AVP)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/08/25 09:15:12 | 000,262,144 | ---- | M] () [Auto | Running] -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk.exe -- (UDisk Monitor)

SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\BCL Technologies\\easyPDF 5\\bepldr.exe -- (bepldr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/02/13 14:26:02 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\taphss.sys -- (taphss)

DRV - [2013/01/14 14:41:12 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\\WINDOWS\\system32\\drivers\\klif.sys -- (KLIF)

DRV - [2013/01/14 14:41:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\kltdi.sys -- (kltdi)

DRV - [2013/01/14 14:41:12 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klmouflt.sys -- (klmouflt)

DRV - [2013/01/14 14:41:12 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klkbdflt.sys -- (klkbdflt)

DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\kneps.sys -- (kneps)

DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\klim5.sys -- (klim5)

DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\\WINDOWS\\system32\\drivers\\kl1.sys -- (kl1)

DRV - [2012/04/23 04:26:26 | 000,108,448 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\\WINDOWS\\system32\\drivers\\idmtdi.sys -- (IDMTDI)

DRV - [2009/07/21 16:04:16 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\\WINDOWS\\system32\\drivers\\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)

DRV - [2008/12/09 21:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\b57xp32.sys -- (b57w2k)

DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\Hdaudio.sys -- (HdAudAddService)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = %SystemRoot%\\system32\\blank.htm

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

 

========== FireFox ==========

 

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nppl3260;version=6.0.11.2321: C:\\Program Files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpjplug;version=6.0.12.1483: C:\\Program Files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/01 23:02:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\SeaMonkey\\Extensions\\\\[email protected]: C:\\Documents and Settings\\Administrator\\Application Data\\IDM\\idmmzcc5 [2013/05/10 07:49:06 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/\'>http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\27.0.1453.116\\gcswf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\\Program Files\\Windows Media Player\\npdsplay.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npwmsdrm.dll

CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\\Program Files\\Windows Media Player\\npdrmv2.dll

CHR - Extension: Kaspersky URL Advisor = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\13.0.1.4190_0\\

CHR - Extension: Content Blocker = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\hghkgaeecgjhjkannahfamoehjmkjail\\13.0.1.4190_0\\

CHR - Extension: Virtual Keyboard = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\13.0.1.4190_0\\

CHR - Extension: Gmail = C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

 

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\\WINDOWS\\system32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O4 - HKLM..\\Run: [AVP] C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\\Run: [USB Security] C:\\Program Files\\USB Disk Security\\USBGuard.exe (Zbshareware Lab)

O4 - HKCU..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe (Tonec Inc.)

O4 - HKCU..\\Run: [uTorrent] C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 60

O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]

O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm ()

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{03E48A69-FD25-4691-9BDC-99CDA7FFF656}: DhcpNameServer = 192.168.100.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\WINDOWS\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\\system32\\userinit.exe) - C:\\WINDOWS\\system32\\userinit.exe (Microsoft Corporation)

O20 - Winlogon\\Notify\\klogon: DllName - (C:\\WINDOWS\\system32\\klogon.dll) - C:\\WINDOWS\\system32\\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop WallPaper: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2013/03/18 07:27:18 | 000,000,000 | ---- | M] () - C:\\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - C:\\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - D:\\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2013/07/01 16:18:13 | 000,000,000 | ---D | M] - E:\\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2013/07/01 16:18:14 | 000,000,000 | ---D | M] - F:\\autorun.inf -- [ NTFS ]

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell\\AutoRun - \"\" = Auto&Play

O33 - MountPoints2\\{05c568a4-8f9b-11e2-9fba-806d6172696f}\\Shell\\AutoRun\\command - \"\" = G:\\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2095/07/22 18:41:56 | 000,000,000 | -HSD | C] -- C:\\FOUND.014

[2033/09/30 21:36:46 | 000,000,000 | -HSD | C] -- C:\\FOUND.018

[2013/07/02 14:07:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

[2013/07/02 12:16:27 | 000,000,000 | RH-D | C] -- C:\\Documents and Settings\\Administrator\\Recent

[2013/07/02 12:05:06 | 000,000,000 | -HSD | C] -- C:\\FOUND.028

[2013/07/01 23:03:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Kaspersky Anti-Virus 2013

[2013/07/01 23:02:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab

[2013/07/01 23:02:00 | 000,586,584 | ---- | C] (Kaspersky Lab) -- C:\\WINDOWS\\System32\\drivers\\klif.sys

[2013/07/01 23:02:00 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\\WINDOWS\\System32\\drivers\\klflt.sys

[2013/07/01 22:56:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.027

[2013/07/01 20:47:00 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\StarApp

[2013/07/01 20:46:42 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\InstallMate

[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2013/07/01 20:18:36 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\HiJackThis

[2013/07/01 18:53:20 | 000,000,000 | -HSD | C] -- C:\\FOUND.026

[2013/07/01 18:28:57 | 000,000,000 | ---D | C] -- C:\\Avenger

[2013/07/01 18:20:49 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\pss

[2013/07/01 16:43:01 | 000,000,000 | ---D | C] -- C:\\Program Files\\Kaspersky Lab

[2013/07/01 16:42:16 | 000,000,000 | ---D | C] -- C:\\KAV

[2013/07/01 16:41:08 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage

[2013/07/01 16:18:13 | 000,000,000 | ---D | C] -- C:\\autorun.inf

[2013/07/01 16:06:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.025

[2013/06/30 11:09:54 | 000,000,000 | -HSD | C] -- C:\\FOUND.024

[2013/06/29 14:06:18 | 000,000,000 | -HSD | C] -- C:\\FOUND.023

[2013/06/28 20:46:53 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\Adobe Mini Bridge CS5

[2013/06/28 20:46:52 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2013/06/28 06:49:28 | 000,000,000 | -HSD | C] -- C:\\FOUND.022

[2013/06/27 18:50:37 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\regid.1986-12.com.adobe

[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\\Program Files\\Adobe Media Player

[2013/06/27 18:45:29 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe

[2013/06/27 18:43:30 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Adobe AIR

[2013/06/27 18:39:35 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Adobe

[2013/06/27 18:39:28 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Adobe

[2013/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe

[2013/06/27 10:44:39 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\\WINDOWS\\iun503.exe

[2013/06/27 10:40:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\Alcohol Soft

[2013/06/27 10:07:04 | 000,000,000 | -HSD | C] -- C:\\FOUND.021

[2013/06/24 23:00:58 | 000,000,000 | -HSD | C] -- C:\\FOUND.020

[2013/06/23 18:52:32 | 000,000,000 | -HSD | C] -- C:\\FOUND.019

[2013/06/22 11:14:10 | 000,000,000 | -HSD | C] -- C:\\FOUND.017

[2013/06/22 06:27:38 | 000,000,000 | -HSD | C] -- C:\\FOUND.016

[2013/06/17 10:33:46 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\System32\\appmgmt

[2013/06/17 10:09:48 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\LocalService\\Application Data\\Hotspot Shield

[2013/06/17 09:24:39 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\uTorrent

[2013/06/17 08:28:24 | 000,000,000 | -HSD | C] -- C:\\FOUND.015

[2013/06/16 12:40:09 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Application Data\\Nitro PDF

[2013/06/16 11:41:48 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\BCL Technologies

[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\\Program Files\\Nitro PDF

[2013/06/16 11:41:34 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Nitro PDF

[2013/06/16 11:40:46 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Downloaded Installations

[2013/06/13 09:11:55 | 000,000,000 | ---D | C] -- C:\\Program Files\\DIFX

[2013/06/09 04:03:26 | 000,000,000 | -HSD | C] -- C:\\FOUND.013

[2013/06/08 06:19:14 | 000,000,000 | -HSD | C] -- C:\\FOUND.012

[3 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

[2 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/02 14:04:02 | 000,002,048 | --S- | M] () -- C:\\WINDOWS\\bootstat.dat

[2013/07/02 14:04:00 | 1064,747,008 | -HS- | M] () -- C:\\hiberfil.sys

[2013/07/02 13:25:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Documents and Settings\\Administrator\\Desktop\\OTL.exe

[2013/07/02 00:21:08 | 000,000,542 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Four Star.lnk

[2013/07/02 00:17:12 | 000,000,211 | -HS- | M] () -- C:\\boot.ini

[2013/07/01 23:42:00 | 000,002,463 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\HiJackThis.lnk

[2013/07/01 23:02:58 | 000,000,755 | ---- | M] () -- C:\\Documents and Settings\\All Users\\Desktop\\Kaspersky Anti-Virus 2013.lnk

[2013/07/01 23:01:26 | 000,002,251 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Google Chrome.lnk

[2013/07/01 20:51:48 | 000,001,008 | ---- | M] () -- C:\\WINDOWS\\tasks\\FacebookUpdateTaskUserS-1-5-21-776561741-725345543-708340629-500Core.job

[2013/07/01 18:14:18 | 000,017,408 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/07/01 16:41:10 | 000,002,206 | ---- | M] () -- C:\\WINDOWS\\System32\\wpa.dbl

[2013/07/01 00:02:06 | 000,389,376 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\My Documents\\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg

[2013/06/30 09:17:34 | 000,093,367 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\d.jpg

[2013/06/30 02:00:04 | 000,000,358 | ---- | M] () -- C:\\WINDOWS\\tasks\\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job

[2013/06/29 05:14:20 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\\WINDOWS\\iun503.exe

[2013/06/28 07:23:30 | 000,017,769 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\c.jpg

[2013/06/27 21:19:08 | 003,568,328 | ---- | M] () -- C:\\WINDOWS\\System32\\FNTCACHE.DAT

[2013/06/22 19:36:52 | 000,002,269 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2013/06/21 09:21:50 | 000,049,652 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Brasil.jpg

[2013/06/16 01:25:02 | 000,035,833 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\b.jpg

[2013/06/15 23:34:16 | 003,933,337 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3

[2013/06/15 23:27:34 | 005,286,589 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3

[2013/06/15 05:20:00 | 004,847,451 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[Songs.PK] 02 - Rani Tu Mein Raja.mp3

[2013/06/15 04:38:30 | 014,930,814 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv

[2013/06/13 09:03:20 | 000,007,287 | ---- | M] () -- C:\\Documents and Settings\\Administrator\\My Documents\\shez.JPG

[3 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]

[2 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/02 00:57:34 | 1064,747,008 | -HS- | C] () -- C:\\hiberfil.sys

[2013/07/02 00:21:06 | 000,000,542 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Four Star.lnk

[2013/07/01 23:03:12 | 000,000,755 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Desktop\\Kaspersky Anti-Virus 2013.lnk

[2013/07/01 20:18:36 | 000,002,463 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\HiJackThis.lnk

[2013/07/01 16:13:23 | 000,033,585 | -HS- | C] () -- C:\\Documents and Settings\\Administrator\\Application Data\\ofbdgevejc..vbs

[2013/07/01 00:02:07 | 000,389,376 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\My Documents\\managers-officers-coordinators-accountants-healthcare-staff-admin-staff-engineers-and-lot-of-other-important-staff-jobs-in-public-sector-organization-6-207042.jpg

[2013/06/30 09:17:40 | 000,093,367 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\d.jpg

[2013/06/28 20:14:30 | 000,000,358 | ---- | C] () -- C:\\WINDOWS\\tasks\\AdobeAAMUpdater-1.0-HP-AC60887941E4-Administrator.job

[2013/06/28 07:23:36 | 000,017,769 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\c.jpg

[2013/06/27 18:48:32 | 000,000,761 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Photoshop CS5.lnk

[2013/06/27 18:47:36 | 000,000,723 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Bridge CS5.lnk

[2013/06/27 18:47:08 | 000,000,816 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Device Central CS5.lnk

[2013/06/27 18:44:49 | 000,000,907 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Extension Manager CS5.lnk

[2013/06/27 18:44:37 | 000,001,051 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe ExtendScript Toolkit CS5.lnk

[2013/06/27 18:43:33 | 000,000,635 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Adobe Help.lnk

[2013/06/21 09:22:03 | 000,049,652 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Brasil.jpg

[2013/06/16 11:41:36 | 000,001,671 | ---- | C] () -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Nitro PDF Professional.lnk

[2013/06/16 01:25:06 | 000,035,833 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\b.jpg

[2013/06/15 23:33:12 | 003,933,337 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Table No 21 - 05 - Man Mera (Remix).mp3

[2013/06/15 23:26:12 | 005,286,589 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[SongsPK.info] Aashiqui 2 - 01 - Tum Hi Ho_2.mp3

[2013/06/15 05:11:43 | 004,847,451 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\[Songs.PK] 02 - Rani Tu Mein Raja.mp3

[2013/06/15 04:18:49 | 014,930,814 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Desktop\\Balma Full Song (Khiladi 786) ,Akshay Kumar _ Tune.pk.flv

[2013/06/13 09:03:18 | 000,007,287 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\My Documents\\shez.JPG

[2013/05/17 12:50:53 | 000,157,696 | ---- | C] () -- C:\\WINDOWS\\System32\\unrar.dll

[2013/05/17 12:50:49 | 000,568,850 | ---- | C] () -- C:\\WINDOWS\\System32\\x264vfw.dll

[2013/05/17 12:50:48 | 000,856,064 | ---- | C] () -- C:\\WINDOWS\\System32\\xvidcore.dll

[2013/05/17 12:50:48 | 000,217,088 | ---- | C] () -- C:\\WINDOWS\\System32\\xvidvfw.dll

[2013/05/17 12:50:46 | 003,596,288 | ---- | C] () -- C:\\WINDOWS\\System32\\qt-dx331.dll

[2013/05/17 12:50:44 | 000,005,120 | ---- | C] () -- C:\\WINDOWS\\System32\\ff_vfw.dll

[2013/05/10 05:33:25 | 000,017,408 | ---- | C] () -- C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/03/18 08:30:39 | 000,000,376 | ---- | C] () -- C:\\WINDOWS\\ODBC.INI

[2013/03/18 07:38:59 | 000,147,456 | ---- | C] () -- C:\\WINDOWS\\System32\\igfxCoIn_v4926.dll

[2013/03/18 07:30:57 | 000,002,048 | --S- | C] () -- C:\\WINDOWS\\bootstat.dat

[2013/03/18 07:24:15 | 000,021,640 | ---- | C] () -- C:\\WINDOWS\\System32\\emptyregdb.dat

[2013/03/18 07:18:34 | 000,004,161 | ---- | C] () -- C:\\WINDOWS\\ODBCINST.INI

[2013/03/18 07:17:23 | 003,568,328 | ---- | C] () -- C:\\WINDOWS\\System32\\FNTCACHE.DAT

 

========== ZeroAccess Check ==========

 

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shdocvw.dll -- [2004/08/04 00:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\fastprox.dll -- [2004/08/03 16:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = C:\\WINDOWS\\system32\\wbem\\wbemess.dll -- [2004/08/03 16:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both


< End of report >


Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
System is running too slow ... viruses are not detected
« Reply #3 on: July 03, 2013, 09:46:54 PM »

Exactly what problems are you having?


And you have things disabled with msconfig


 


Can you do the following:


Go to START>>RUN>>type in msconfig


 


Select NORMAL STARTUP


reboot then run OTL.exe again with Run Scan... When the scan is done, post the new OTL.txt log that opens


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
System is running too slow ... viruses are not detected
« Reply #4 on: July 21, 2013, 08:18:40 PM »

Topic locked as the original poster has not returned


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »