Author Topic: Google banned virus (Read 1163 times)

neal2087 · « **on:** June 13, 2010, 08:39:46 AM »

this is related to one of my neighbors personnel computer
problem is that gpedit.msc, regedit, taskmanger all have been disabled

every time he visits a Google site a alert pops up saying google is banned and the browser turns off

her is the hijackthis log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:34 PM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ .exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ .exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\rasika\Desktop\pendrive\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll
O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Windows Messengger] C:\WINDOWS\system32\ .exe
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\WINDOWS\system32\ .exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04D2D17B-AD2F-4CAE-B9FE-752737DBB3AA}: NameServer = 59.185.3.10,59.185.3.12,203.94.227.70,203.94.243.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{04D2D17B-AD2F-4CAE-B9FE-752737DBB3AA}: NameServer = 59.185.3.10,59.185.3.12,203.94.227.70,203.94.243.70
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3756 bytes

guestolo · « **Reply #1 on:** June 13, 2010, 04:42:02 PM »

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

neal2087 · « **Reply #2 on:** June 17, 2010, 02:24:14 PM »

[size="5"]OTL logfile [/size]created on: 6/17/2010 2:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = H:\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 24.00 Mb Available Physical Memory | 10.00% Memory free
606.00 Mb Paging File | 360.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 11.81 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 18.53 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive E: | 18.63 Gb Total Space | 13.93 Gb Free Space | 74.79% Space Free | Partition Type: FAT32
Drive F: | 18.63 Gb Total Space | 18.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 3.72 Gb Total Space | 3.04 Gb Free Space | 81.60% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YADAV-37F87775D
Current User Name: rasika
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 09:28:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- H:\New Folder\OTL.exe
PRC - [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] () -- C:\WINDOWS\system32\ .exe
PRC - [2010/04/28 14:49:03 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/04/28 14:48:54 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/04/28 14:48:46 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/01 00:03:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2004/06/01 00:03:42 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/06/01 00:03:41 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

========== Modules (SafeList) ==========

MOD - [2010/06/14 09:28:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- H:\New Folder\OTL.exe
MOD - [2008/04/14 05:40:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/04/28 14:48:54 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2004/06/01 00:03:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

========== Driver Services (SafeList) ==========

DRV - [2008/04/14 00:15:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/06/01 00:03:58 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2004/06/01 00:03:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2004/06/01 00:03:51 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2002/06/13 09:07:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\URLSearchHook: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 18:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 18:45:40 | 000,000,000 | ---D | M]

[2010/05/31 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rasika\Application Data\Mozilla\Extensions
[2010/06/16 12:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rasika\Application Data\Mozilla\Firefox\Profiles\j9zlq5ov.default\extensions
[2010/05/31 18:54:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\rasika\Application Data\Mozilla\Firefox\Profiles\j9zlq5ov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/31 18:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic VLC EN Toolbar) - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic VLC EN Toolbar) - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic VLC EN Toolbar) - {E6570CD8-9978-4621-B1F9-6A62436F0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKCU..\Run: [Windows Messengger] C:\WINDOWS\system32\ .exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: winlogon = C:\WINDOWS\system32\ .exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4145257546-6780596894-091098790-4005\windll.exe) - C:\RECYCLER\S-1-5-21-4145257546-6780596894-091098790-4005\windll.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/20 20:16:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/05 22:53:12 | 000,000,150 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell - "" = AutoRun
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\Auto\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\explore\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\Open\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell - "" = Autorun
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell\Open\command - "" = H:\gphone.exe -- File not found
O33 - MountPoints2\{b2c627c4-b330-11d8-90b0-000b6aea2db4}\Shell\AutoRun\command - "" = KARINA///debeja.exe
O33 - MountPoints2\{b2c627c4-b330-11d8-90b0-000b6aea2db4}\Shell\open\command - "" = KARINA///debeja.exe
O33 - MountPoints2\{b5478056-b330-11d8-90cd-000b6aea2db4}\Shell\AutoRun\command - "" = I:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{b5478056-b330-11d8-90cd-000b6aea2db4}\Shell\open\command - "" = I:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\AutoRun\command - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\eXpLorE\cOMMand - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\oPen\CoMMAnd - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\AutoRun\command - "" = I:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\eXpLorE\cOMMand - "" = I:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\oPen\CoMMAnd - "" = I:\filesystem\pagefile.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Local Settings\Application Data\Opera
[2010/06/16 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Application Data\Opera
[2010/06/16 12:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/06/13 13:20:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/13 13:15:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/13 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Application Data\Malwarebytes
[2010/06/13 12:59:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/13 12:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/13 12:59:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/13 12:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/13 12:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Desktop\pendrive
[2010/06/13 12:49:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\rasika\Recent
[2010/05/31 20:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/31 20:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/31 20:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/31 20:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/31 20:03:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/31 19:43:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/31 19:29:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/31 18:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/31 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\My Documents\Downloads
[2010/05/31 18:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Local Settings\Application Data\Mozilla
[2010/05/31 18:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rasika\Application Data\Mozilla
[2010/05/31 18:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/17 13:59:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/17 13:59:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 13:58:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 15:27:18 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\rasika\NTUSER.DAT
[2010/06/16 15:27:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\rasika\ntuser.ini
[2010/06/16 15:27:09 | 003,197,072 | -H-- | M] () -- C:\Documents and Settings\rasika\Local Settings\Application Data\IconCache.db
[2010/06/16 12:07:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/16 11:55:37 | 061,096,097 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/16 11:50:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/13 12:59:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/12 12:01:47 | 000,038,264 | ---- | M] () -- C:\Documents and Settings\rasika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/12 12:00:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/09 00:54:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/09 00:54:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/09 00:54:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/06 19:57:48 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\rasika\Desktop\panwada.doc.lnk.doc
[2010/06/06 19:50:23 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\rasika\Desktop\Pandharwada.doc
[2010/06/05 22:53:10 | 000,000,150 | RHS- | M] () -- C:\WINDOWS\System32\autorun.ini
[2010/05/31 20:47:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/31 20:47:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/31 20:47:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/31 20:47:20 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/31 20:41:37 | 000,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/31 19:42:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/31 18:57:37 | 000,019,964 | ---- | M] () -- C:\Documents and Settings\rasika\My Documents\cc_20100531_185733.reg
[2010/05/31 18:53:40 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\rasika\Desktop\CCleaner.lnk
[2010/05/31 18:46:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/31 18:45:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/27 00:07:40 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010/05/25 17:50:34 | 000,511,191 | RHS- | M] () -- C:\WINDOWS\System32\ .exe
[2010/05/25 17:50:34 | 000,511,191 | ---- | M] () -- C:\WINDOWS\ .exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/16 12:07:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/13 12:59:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/06 19:57:47 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\rasika\Desktop\panwada.doc.lnk.doc
[2010/06/06 19:48:41 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\rasika\Desktop\Pandharwada.doc
[2010/06/05 22:53:10 | 000,511,191 | RHS- | C] () -- C:\WINDOWS\System32\ .exe
[2010/06/05 22:53:10 | 000,511,191 | ---- | C] () -- C:\WINDOWS\ .exe
[2010/06/05 22:53:10 | 000,000,150 | RHS- | C] () -- C:\WINDOWS\System32\autorun.ini
[2010/05/31 18:57:36 | 000,019,964 | ---- | C] () -- C:\Documents and Settings\rasika\My Documents\cc_20100531_185733.reg
[2010/05/31 18:53:40 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\rasika\Desktop\CCleaner.lnk
[2010/05/31 18:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/31 18:45:49 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/20 21:38:55 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/09/20 21:38:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/09/20 21:38:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/09/20 21:38:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/09/20 21:38:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009/09/20 21:37:51 | 000,002,661 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/20 21:37:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/07/01 01:36:52 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\cdac32.dll
[2004/07/01 01:36:52 | 000,007,960 | ---- | C] () -- C:\WINDOWS\System32\cdac.dll
[2004/07/01 01:36:51 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Splapp.ini
[2004/07/01 01:29:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/01 00:47:37 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1999/01/23 00:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >[size="5"]OTL Extras logfile[/size] created on: 6/17/2010 2:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = H:\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 24.00 Mb Available Physical Memory | 10.00% Memory free
606.00 Mb Paging File | 360.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 11.81 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 18.53 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive E: | 18.63 Gb Total Space | 13.93 Gb Free Space | 74.79% Space Free | Partition Type: FAT32
Drive F: | 18.63 Gb Total Space | 18.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 3.72 Gb Total Space | 3.04 Gb Free Space | 81.60% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YADAV-37F87775D
Current User Name: rasika
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ISM300" = ISM Office 3.04
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Softonic_VLC_EN Toolbar" = Softonic_VLC_EN Toolbar
"VLC media player" = VLC media player 1.0.2
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2010 9:57:18 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/6/2010 9:57:18 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/7/2010 2:37:00 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 2:37:00 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 1:21:57 PM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 12:41:06 AM | Computer Name = YADAV-37F87775D | Source = Application Error | ID = 1000
Description = Faulting application zclientm.exe, version 1.2.626.1, faulting module
cmnclim.dll, version 1.2.629.1, fault address 0x000230b4.

Error - 6/8/2010 12:43:12 AM | Computer Name = YADAV-37F87775D | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 6/8/2010 12:44:25 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application zClientm.exe, version 1.2.626.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 1:29:29 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application mspaint.exe, version 5.1.2600.5918, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 2:47:54 AM | Computer Name = YADAV-37F87775D | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/13/2010 3:41:52 AM | Computer Name = YADAV-37F87775D | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/13/2010 3:41:53 AM | Computer Name = YADAV-37F87775D | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST CD-RW GCE-8527B' (IDE\CdRomHL-DT-ST_CD-RW_GCE-8527B________________1.02____\5&345a3639&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 6/16/2010 2:55:08 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/16/2010 2:55:08 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/16/2010 3:09:47 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/16/2010 3:09:47 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/16/2010 3:18:56 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/16/2010 3:18:56 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/16/2010 5:42:11 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/16/2010 5:42:11 AM | Computer Name = YADAV-37F87775D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

< End of report >

guestolo · « **Reply #3 on:** June 20, 2010, 12:21:03 AM »

Sorry for the delay, can you do the following please:

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
PRC - [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] () -- C:\WINDOWS\system32\ .exe
O4 - HKCU..\Run: [Windows Messengger] C:\WINDOWS\system32\ .exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: winlogon = C:\WINDOWS\system32\ .exe ()
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4145257546-6780596894-091098790-4005\windll.exe) - C:\RECYCLER\S-1-5-21-4145257546-6780596894-091098790-4005\windll.exe File not found
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell - "" = AutoRun
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\Auto\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\explore\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{9c86312a-76bb-11df-914e-000b6aea2db4}\Shell\Open\command - "" = H:\ .exe -- [2010/05/25 17:50:34 | 000,511,191 | RHS- | M] ()
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell - "" = Autorun
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a852eec2-b33e-11d8-90bd-000b6aea2db4}\Shell\Open\command - "" = H:\gphone.exe -- File not found
O33 - MountPoints2\{b2c627c4-b330-11d8-90b0-000b6aea2db4}\Shell\AutoRun\command - "" = KARINA///debeja.exe
O33 - MountPoints2\{b2c627c4-b330-11d8-90b0-000b6aea2db4}\Shell\open\command - "" = KARINA///debeja.exe
O33 - MountPoints2\{b5478056-b330-11d8-90cd-000b6aea2db4}\Shell\AutoRun\command - "" = I:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{b5478056-b330-11d8-90cd-000b6aea2db4}\Shell\open\command - "" = I:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\AutoRun\command - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\eXpLorE\cOMMand - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{db685ba2-b330-11d8-90c8-000b6aea2db4}\Shell\oPen\CoMMAnd - "" = H:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\AutoRun\command - "" = I:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\eXpLorE\cOMMand - "" = I:\filesystem\pagefile.exe -- File not found
O33 - MountPoints2\{fc59391d-b330-11d8-90d5-000b6aea2db4}\Shell\oPen\CoMMAnd - "" = I:\filesystem\pagefile.exe -- File not found
:Reg
:Files
C:\WINDOWS\System32\ .exe
C:\WINDOWS\ .exe
C:\WINDOWS\System32\autorun.ini
:Commands
[EmptyTemp]
[Reboot]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: You have Malwarebytes AntiMalware installed
Open it, then do the following:

Click on the Update tab and "Check for Updates"
If an update is found, it will download and install the latest version.
After downloading, select the SCANNER tab

Select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

mtptl77 · « **Reply #4 on:** July 07, 2010, 10:16:34 PM »

Put them onto cd.Transfer them to your desktop.Reboot your pc, as it begins booting tap the f 8 key.You will then see the advanced boot options screen,choose safe mode.
Now install MBAM. Then exit MBAM, then double clickon the update file.Updates will be installed, while still in safe mode run MBAM, and delete all threats.

Also you can try Avira rescue cd, a linux based program that is fully updated.It works on all windows platforms.
Download from clean pc,double click on file, you will be prompted to insert cd/dvd.Program is burnt to cd.Insert disc into infected machine, reboot.
This program works without booting windows.See link for simple instructions
I wish you the best of luck.

==============

Free Games

TheTechGuide Forum

News:

Author Topic: Google banned virus (Read 1163 times)

neal2087

Google banned virus

guestolo

Google banned virus

neal2087

Google banned virus

guestolo

Google banned virus

mtptl77

Google banned virus