TechSpot

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions-Vistaxpuser

Inactive
By vistaXPuser
Apr 19, 2011
Topic Status:
Not open for further replies.
  1. Hi technical support team,

    I have followed the 8 step process for initial process of getting rid of virus from my PC.
    Here are the copies of the required documents from my pc. Can some one please help me out to find if my pc is effected with virus.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6371

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    4/15/2011 5:22:13 PM
    mbam-log-2011-04-15 (17-22-13).txt

    Scan type: Quick scan
    Objects scanned: 165054
    Time elapsed: 7 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ===================

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-04-16 06:13:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BEVE-00WZT0 rev.01.01A01
    Running: t3jmy7lx.exe; Driver: C:\DOCUME~1\Sudhakar\LOCALS~1\Temp\uwtdapoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7CDB0D6 ZwCreateKey
    SSDT F7CDB0CC ZwCreateThread
    SSDT F7CDB0DB ZwDeleteKey
    SSDT F7CDB0E5 ZwDeleteValueKey
    SSDT F7CDB0EA ZwLoadKey
    SSDT F7CDB0B8 ZwOpenProcess
    SSDT F7CDB0BD ZwOpenThread
    SSDT F7CDB0F4 ZwReplaceKey
    SSDT F7CDB0EF ZwRestoreKey
    SSDT F7CDB0E0 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 1CF7CDB0
    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6AA2ABF]
    init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6A67A80]
    init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF78FC192]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----

    ==========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Sudhakar at 6:14:32.15 on Sat 04/16/2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.411 [GMT -7:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    svchost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Informatica\PowerCenter8.6.1\OrchestrationServer\service\bin\wrapper.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
    c:\app\Sudhakar\product\11.2.0\dbhome_1\Bin\extjob.exe
    C:\oracle\Ora91\bin\agntsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Informatica\PowerCenter8.6.1\java\bin\java.exe
    C:\oracle\Ora91\Apache\Apache\apache.exe
    C:\oracle\Ora91\BIN\TNSLSNR.exe
    c:\oracle\ora91\bin\ORACLE.EXE
    c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE
    C:\oracle\Ora91\bin\dbsnmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\oracle\Ora91\Apache\Apache\apache.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\oracle\Ora91\jdk\bin\java.exe
    C:\oracle\Ora91\jdk\bin\java.exe
    c:\oracle\ora91\bin\isqlplus
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Documents and Settings\Sudhakar\Desktop\Techspot\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.hp.com/
    mDefault_Page_URL = hxxp://www.hp.com
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\documents and settings\Sudhakar\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [<NO NAME>]
    mExplorerRun: [<NO NAME>] 1 (0x1)
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243443961187
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\Sudhakar\applic~1\mozilla\firefox\profiles\2k3daltf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\Sudhakar\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: TranslatorBar 1.1 Community Toolbar: {3bd53dec-24d7-4f9e-b27c-925559b8d27d} - %profile%\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
    R2 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf --> c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf [?]
    R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016]
    R2 OracleJobSchedulerNORTHWIND;OracleJobSchedulerNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe NORTHWIND [?]
    R2 OracleOra91Agent;OracleOra91Agent;c:\oracle\ora91\bin\agntsrvc.exe [2002-4-26 28944]
    R2 OracleOra91HTTPServer;OracleOra91HTTPServer;c:\oracle\ora91\apache\apache\Apache.exe [2002-4-18 4096]
    R2 OracleOra91TNSListener;OracleOra91TNSListener;c:\oracle\ora91\bin\tnslsnr --> c:\oracle\ora91\bin\TNSLSNR [?]
    R2 OracleServiceMADUD;OracleServiceMADUD;c:\oracle\ora91\bin\oracle.exe madud --> c:\oracle\ora91\bin\ORACLE.EXE MADUD [?]
    R2 OracleServiceNORTHWIND;OracleServiceNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oracle.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE NORTHWIND [?]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
    S2 InformaticaServices8.6.1;InformaticaServices8.6.1;c:\informatica\powercenter8.6.1\server\tomcat\bin\infasvcs.exe [2010-8-3 61440]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;"c:\program files\microsoft sql server\100\dts\binn\msdtssrvr.exe" --> c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [?]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\reportingservicesservice.exe" --> c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [?]
    S3 OracleOra91ClientCache;OracleOra91ClientCache;c:\oracle\ora91\bin\ONRSD.EXE [2002-4-26 242328]
    S3 OracleOra91PagingServer;OracleOra91PagingServer;c:\oracle\ora91\bin\pagntsrv.exe [2002-8-20 49152]
    S3 OracleOra91SNMPPeerEncapsulator;OracleOra91SNMPPeerEncapsulator;c:\oracle\ora91\bin\encsvc.exe [2002-2-13 187392]
    S3 OracleOra91SNMPPeerMasterAgent;OracleOra91SNMPPeerMasterAgent;c:\oracle\ora91\bin\agntsvc.exe [2002-2-13 254464]
    S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);"c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe" -s mssql10.mssqlserver --> c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe" --> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]
    S4 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal --> c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal [?]
    S4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

    =============== File Associations ===============

    vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

    =============== Created Last 30 ================

    2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
    2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
    2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
    2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems
    2011-03-23 03:26:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
    2011-03-19 22:27:03 -------- d-----w- c:\program files\VideoLAN
    2011-03-19 19:04:49 -------- d-----w- C:\Apex dataloderlogs

    ==================== Find3M ====================

    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

    ============= FINISH: 6:16:15.31 ===============


    ====================

    Thanks

    VistaXPuser
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! While I finish checking these logs:

    Please tell me what problem you're having that made you think you had malware.
    Please find the additional log from the DDS scan named Attach.txt and paste it in your next reply. Do not zip it.

    Also:
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Your user name is deceptive. We are working on a Windows XP machine- is that correct?

    Please check the time and date on your computer:
    The following are all from the log section "Created in the last 30 days:"
    This date appears to be correct:
    2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems

    But follow that date, these entries are obviously wrong:
    2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
    2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
    2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
    2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll[/b]

    Can you also tell me please if this is your work computer?
  4. vistaXPuser

    vistaXPuser TS Rookie Topic Starter

    I have a suspesion that, my PC got effected by identity theft. And i did not had an antivirus for almost 6 months on my PC. So i am suspicious. and wanted to make sure, my pc is clean from any virus.

    My current system is XP with service pack 3.

    and here is the attachment you requested for.



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/22/2009 9:43:23 PM
    System Uptime: 4/15/2011 5:07:04 PM (13 hours ago)

    Motherboard: Hewlett-Packard | | 308A
    Processor: Intel(R) Pentium(R) M processor 1.86GHz | U10 | 782/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 10.399 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP87: 1/16/2011 9:20:53 PM - System Checkpoint
    RP88: 1/19/2011 6:46:34 PM - System Checkpoint
    RP89: 1/25/2011 6:12:27 PM - System Checkpoint
    RP90: 2/9/2011 2:00:56 PM - Software Distribution Service 3.0
    RP91: 2/11/2011 9:38:48 AM - System Checkpoint
    RP92: 2/12/2011 10:38:54 AM - System Checkpoint
    RP93: 2/13/2011 11:08:21 AM - System Checkpoint
    RP94: 2/14/2011 12:07:42 PM - System Checkpoint
    RP95: 2/16/2011 2:00:38 PM - Software Distribution Service 3.0
    RP96: 2/17/2011 3:53:37 PM - System Checkpoint
    RP97: 2/21/2011 1:01:09 PM - System Checkpoint
    RP98: 2/22/2011 3:37:58 PM - System Checkpoint
    RP99: 2/23/2011 4:20:47 PM - System Checkpoint
    RP100: 2/24/2011 4:29:30 PM - System Checkpoint
    RP101: 2/26/2011 3:45:41 PM - System Checkpoint
    RP102: 2/27/2011 4:41:32 PM - System Checkpoint
    RP103: 2/28/2011 5:27:03 PM - System Checkpoint
    RP104: 3/1/2011 6:05:22 PM - System Checkpoint
    RP105: 3/8/2011 8:45:46 PM - System Checkpoint
    RP106: 3/9/2011 2:02:38 PM - Software Distribution Service 3.0
    RP107: 3/10/2011 6:20:25 PM - System Checkpoint
    RP108: 3/14/2011 6:22:52 PM - System Checkpoint
    RP109: 3/15/2011 7:02:47 PM - System Checkpoint
    RP110: 3/16/2011 2:02:08 PM - Software Distribution Service 3.0
    RP111: 3/18/2011 8:12:50 AM - System Checkpoint
    RP112: 3/19/2011 3:46:38 PM - System Checkpoint
    RP113: 3/20/2011 11:55:13 PM - System Checkpoint
    RP114: 3/22/2011 1:14:27 PM - System Checkpoint
    RP115: 3/23/2011 3:05:52 PM - System Checkpoint
    RP116: 3/25/2011 2:00:31 PM - Software Distribution Service 3.0
    RP117: 3/26/2011 3:19:39 PM - System Checkpoint
    RP118: 3/27/2011 3:35:15 PM - System Checkpoint
    RP119: 3/28/2011 8:00:31 PM - System Checkpoint
    RP120: 3/29/2011 8:38:35 PM - System Checkpoint
    RP121: 3/30/2011 9:38:37 PM - System Checkpoint
    RP122: 3/31/2011 10:38:37 PM - System Checkpoint
    RP123: 4/1/2011 10:46:08 PM - System Checkpoint
    RP124: 4/2/2011 11:40:08 PM - System Checkpoint
    RP125: 4/3/2011 11:53:48 PM - System Checkpoint
    RP126: 4/6/2011 9:20:25 AM - System Checkpoint
    RP127: 4/7/2011 9:23:00 AM - System Checkpoint
    RP128: 4/8/2011 10:14:27 AM - System Checkpoint
    RP129: 4/9/2011 10:15:24 AM - System Checkpoint
    RP130: 4/10/2011 11:15:23 AM - System Checkpoint
    RP131: 4/11/2011 3:36:34 PM - System Checkpoint
    RP132: 4/12/2011 4:40:54 PM - System Checkpoint
    RP133: 4/13/2011 6:58:19 PM - System Checkpoint
    RP134: 4/14/2011 7:23:16 PM - System Checkpoint
    RP135: 4/15/2011 2:00:49 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Agere Systems AC'97 Modem
    ApexDataLoader
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Broadcom NetXtreme Ethernet Controller
    Cisco Connect
    CodeSite 3.0.1 Client Tools
    Critical Update for Windows Media Player 11 (KB959772)
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Accessories Product Tour
    HP BIOS Configuration for ProtectTools 1.00 C1
    HP Help and Support
    HP Integrated Module with Bluetooth wireless technology
    HP ProtectTools Security Manager 1.00 C3
    HP Wireless Assistant
    Informatica Mapping Template
    Intel(R) Graphics Media Accelerator Driver for Mobile
    InterVideo DVD Check
    InterVideo WinDVD
    J2SE Runtime Environment 5.0
    Java Auto Updater
    Java(TM) 6 Update 22
    Knowledge Xpert for PLSQL V8.6
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Analysis Services
    Microsoft SQL Server 2008 BI Development Studio
    Microsoft SQL Server 2008 Client Tools
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Full text search
    Microsoft SQL Server 2008 Integration Services
    Microsoft SQL Server 2008 Management Studio
    Microsoft SQL Server 2008 Reporting Services
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Services for ADO.NET v2.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Mozilla Firefox (3.6.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    OGA Notifier 2.0.0048.0
    PowerCenter 8.6.1
    PowerCenter Client 8.6.1
    Quest Application Integration Tool
    Quest Installer
    Quest Software Toad for Oracle Version 8.6.1
    Quest SQL Tuning for Oracle
    Quick Launch Buttons 5.10 A1
    QuickTime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype Toolbars
    Skype™ 5.1
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Sql Server Customer Experience Improvement Program
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 1.1.7
    WebEx
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    9/8/2013 6:15:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OracleJobSchedulerNORTHWIND service to connect.
    9/8/2013 6:15:22 PM, error: Service Control Manager [7000] - The OracleJobSchedulerNORTHWIND service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/6/2013 12:23:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OracleServiceNORTHWIND service to connect.
    9/6/2013 12:23:46 PM, error: Service Control Manager [7000] - The OracleServiceNORTHWIND service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/6/2013 12:08:09 PM, error: Dhcp [1002] - The IP address lease 192.168.0.71 for the Network Card with network address 001560C8C26E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The ReportServer service was unable to log on as .\Sudhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as .\subhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The MsDtsServer100 service was unable to log on as .\Sudhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not start due to a logon failure.
    9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    9/4/2013 12:59:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NAV service.
    9/1/2013 7:38:08 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -94694395 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.15.101:123->207.46.197.32:123) is working properly.
    1/18/2014 3:07:20 PM, error: Dhcp [1002] - The IP address lease 192.168.15.107 for the Network Card with network address 00166F8D3633 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    1/17/2014 8:57:41 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -105238837 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.15.107:123->207.46.197.32:123) is working properly.

    ==== End Of File ===========================
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I was editing my last reply when you were posting. Please go back and read what I added..

    No antivirus for 6 months? Why?
    Identity theft? What are you expecting to find here?

    Cisco, SQL, Oracle, Informatica Orchestration Server>> got to be for work!
    =============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  6. vistaXPuser

    vistaXPuser TS Rookie Topic Starter

    ===================

    Hi,

    My name is madhu.

    my system shows the date 19th april, 2011.

    i am not sure, what those programs might be.

    I can delete those applications. i am not even sure what they might be.



    my system is my personel laptop. I try to improve my knowledge by experimenting different issues from my work on my personel laptop. that's the reason, my laptop has several softwares like sql, oracle, informatica Orchestration Server. Cisco was installed some time to have remote login. I dont need that. I can uninstall it.


    My main purpose for this virus check is that

    1. when i try to match any vedio online, it does not play continiously. it keeps on pausing, even though the download in complete. Also, when i try to play online games like poker or games from orkut, my browser hangs up for 2-3 seconds. and this happenes freguently. So, i am not sure, what might be the problem with that. and i have enough space in my computer.

    2. the reason for identity theft is that, i think some one is accessing my email account.

    I am trying to figureout, if my system has got any virus which might be causing the identity theft.


    I had an expired version of antivirus. and i did not renew it and then i installed the Avira Antivir Personal free edition.

    So i wanted to make sure, my system is virus free.

    I am interested to see if the system's registery is clean and free from virus.


    here is the copy from Eset NOD32 online antivirus scan result:



    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=4e90425206c7a74ea1bd1b5bf73cef01
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-04-19 09:27:09
    # local_time=2011-04-19 02:27:09 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16775141 100 93 0 39662005 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=177283
    # found=0
    # cleaned=0
    # scan_time=4174

    please help me out.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.