Inactive UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions-Vistaxpuser

Status
Not open for further replies.

vistaXPuser

Posts: 6   +0
Hi technical support team,

I have followed the 8 step process for initial process of getting rid of virus from my PC.
Here are the copies of the required documents from my pc. Can some one please help me out to find if my pc is effected with virus.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6371

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/15/2011 5:22:13 PM
mbam-log-2011-04-15 (17-22-13).txt

Scan type: Quick scan
Objects scanned: 165054
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


===================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-04-16 06:13:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BEVE-00WZT0 rev.01.01A01
Running: t3jmy7lx.exe; Driver: C:\DOCUME~1\Sudhakar\LOCALS~1\Temp\uwtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT F7CDB0D6 ZwCreateKey
SSDT F7CDB0CC ZwCreateThread
SSDT F7CDB0DB ZwDeleteKey
SSDT F7CDB0E5 ZwDeleteValueKey
SSDT F7CDB0EA ZwLoadKey
SSDT F7CDB0B8 ZwOpenProcess
SSDT F7CDB0BD ZwOpenThread
SSDT F7CDB0F4 ZwReplaceKey
SSDT F7CDB0EF ZwRestoreKey
SSDT F7CDB0E0 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 1CF7CDB0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6AA2ABF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6A67A80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF78FC192]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

==========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Sudhakar at 6:14:32.15 on Sat 04/16/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.411 [GMT -7:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Informatica\PowerCenter8.6.1\OrchestrationServer\service\bin\wrapper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
c:\app\Sudhakar\product\11.2.0\dbhome_1\Bin\extjob.exe
C:\oracle\Ora91\bin\agntsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Informatica\PowerCenter8.6.1\java\bin\java.exe
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\oracle\Ora91\BIN\TNSLSNR.exe
c:\oracle\ora91\bin\ORACLE.EXE
c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE
C:\oracle\Ora91\bin\dbsnmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\oracle\Ora91\jdk\bin\java.exe
C:\oracle\Ora91\jdk\bin\java.exe
c:\oracle\ora91\bin\isqlplus
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Sudhakar\Desktop\Techspot\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com/
mDefault_Page_URL = hxxp://www.hp.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\Sudhakar\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243443961187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\Sudhakar\applic~1\mozilla\firefox\profiles\2k3daltf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Sudhakar\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: TranslatorBar 1.1 Community Toolbar: {3bd53dec-24d7-4f9e-b27c-925559b8d27d} - %profile%\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
R2 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf --> c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf [?]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016]
R2 OracleJobSchedulerNORTHWIND;OracleJobSchedulerNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe NORTHWIND [?]
R2 OracleOra91Agent;OracleOra91Agent;c:\oracle\ora91\bin\agntsrvc.exe [2002-4-26 28944]
R2 OracleOra91HTTPServer;OracleOra91HTTPServer;c:\oracle\ora91\apache\apache\Apache.exe [2002-4-18 4096]
R2 OracleOra91TNSListener;OracleOra91TNSListener;c:\oracle\ora91\bin\tnslsnr --> c:\oracle\ora91\bin\TNSLSNR [?]
R2 OracleServiceMADUD;OracleServiceMADUD;c:\oracle\ora91\bin\oracle.exe madud --> c:\oracle\ora91\bin\ORACLE.EXE MADUD [?]
R2 OracleServiceNORTHWIND;OracleServiceNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oracle.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE NORTHWIND [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
S2 InformaticaServices8.6.1;InformaticaServices8.6.1;c:\informatica\powercenter8.6.1\server\tomcat\bin\infasvcs.exe [2010-8-3 61440]
S2 MsDtsServer100;SQL Server Integration Services 10.0;"c:\program files\microsoft sql server\100\dts\binn\msdtssrvr.exe" --> c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [?]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\reportingservicesservice.exe" --> c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [?]
S3 OracleOra91ClientCache;OracleOra91ClientCache;c:\oracle\ora91\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleOra91PagingServer;OracleOra91PagingServer;c:\oracle\ora91\bin\pagntsrv.exe [2002-8-20 49152]
S3 OracleOra91SNMPPeerEncapsulator;OracleOra91SNMPPeerEncapsulator;c:\oracle\ora91\bin\encsvc.exe [2002-2-13 187392]
S3 OracleOra91SNMPPeerMasterAgent;OracleOra91SNMPPeerMasterAgent;c:\oracle\ora91\bin\agntsvc.exe [2002-2-13 254464]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);"c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe" -s mssql10.mssqlserver --> c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe" --> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]
S4 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal --> c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal [?]
S4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== File Associations ===============

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems
2011-03-23 03:26:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
2011-03-19 22:27:03 -------- d-----w- c:\program files\VideoLAN
2011-03-19 19:04:49 -------- d-----w- C:\Apex dataloderlogs

==================== Find3M ====================

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

============= FINISH: 6:16:15.31 ===============


====================

Thanks

VistaXPuser
 
Welcome to TechSpot! While I finish checking these logs:

Please tell me what problem you're having that made you think you had malware.
Please find the additional log from the DDS scan named Attach.txt and paste it in your next reply. Do not zip it.

Also:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

Your user name is deceptive. We are working on a Windows XP machine- is that correct?

Please check the time and date on your computer:
The following are all from the log section "Created in the last 30 days:"
This date appears to be correct:
2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems

But follow that date, these entries are obviously wrong:
2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll[/b]

Can you also tell me please if this is your work computer?
 
I have a suspesion that, my PC got effected by identity theft. And i did not had an antivirus for almost 6 months on my PC. So i am suspicious. and wanted to make sure, my pc is clean from any virus.

My current system is XP with service pack 3.

and here is the attachment you requested for.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2009 9:43:23 PM
System Uptime: 4/15/2011 5:07:04 PM (13 hours ago)

Motherboard: Hewlett-Packard | | 308A
Processor: Intel(R) Pentium(R) M processor 1.86GHz | U10 | 782/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 10.399 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP87: 1/16/2011 9:20:53 PM - System Checkpoint
RP88: 1/19/2011 6:46:34 PM - System Checkpoint
RP89: 1/25/2011 6:12:27 PM - System Checkpoint
RP90: 2/9/2011 2:00:56 PM - Software Distribution Service 3.0
RP91: 2/11/2011 9:38:48 AM - System Checkpoint
RP92: 2/12/2011 10:38:54 AM - System Checkpoint
RP93: 2/13/2011 11:08:21 AM - System Checkpoint
RP94: 2/14/2011 12:07:42 PM - System Checkpoint
RP95: 2/16/2011 2:00:38 PM - Software Distribution Service 3.0
RP96: 2/17/2011 3:53:37 PM - System Checkpoint
RP97: 2/21/2011 1:01:09 PM - System Checkpoint
RP98: 2/22/2011 3:37:58 PM - System Checkpoint
RP99: 2/23/2011 4:20:47 PM - System Checkpoint
RP100: 2/24/2011 4:29:30 PM - System Checkpoint
RP101: 2/26/2011 3:45:41 PM - System Checkpoint
RP102: 2/27/2011 4:41:32 PM - System Checkpoint
RP103: 2/28/2011 5:27:03 PM - System Checkpoint
RP104: 3/1/2011 6:05:22 PM - System Checkpoint
RP105: 3/8/2011 8:45:46 PM - System Checkpoint
RP106: 3/9/2011 2:02:38 PM - Software Distribution Service 3.0
RP107: 3/10/2011 6:20:25 PM - System Checkpoint
RP108: 3/14/2011 6:22:52 PM - System Checkpoint
RP109: 3/15/2011 7:02:47 PM - System Checkpoint
RP110: 3/16/2011 2:02:08 PM - Software Distribution Service 3.0
RP111: 3/18/2011 8:12:50 AM - System Checkpoint
RP112: 3/19/2011 3:46:38 PM - System Checkpoint
RP113: 3/20/2011 11:55:13 PM - System Checkpoint
RP114: 3/22/2011 1:14:27 PM - System Checkpoint
RP115: 3/23/2011 3:05:52 PM - System Checkpoint
RP116: 3/25/2011 2:00:31 PM - Software Distribution Service 3.0
RP117: 3/26/2011 3:19:39 PM - System Checkpoint
RP118: 3/27/2011 3:35:15 PM - System Checkpoint
RP119: 3/28/2011 8:00:31 PM - System Checkpoint
RP120: 3/29/2011 8:38:35 PM - System Checkpoint
RP121: 3/30/2011 9:38:37 PM - System Checkpoint
RP122: 3/31/2011 10:38:37 PM - System Checkpoint
RP123: 4/1/2011 10:46:08 PM - System Checkpoint
RP124: 4/2/2011 11:40:08 PM - System Checkpoint
RP125: 4/3/2011 11:53:48 PM - System Checkpoint
RP126: 4/6/2011 9:20:25 AM - System Checkpoint
RP127: 4/7/2011 9:23:00 AM - System Checkpoint
RP128: 4/8/2011 10:14:27 AM - System Checkpoint
RP129: 4/9/2011 10:15:24 AM - System Checkpoint
RP130: 4/10/2011 11:15:23 AM - System Checkpoint
RP131: 4/11/2011 3:36:34 PM - System Checkpoint
RP132: 4/12/2011 4:40:54 PM - System Checkpoint
RP133: 4/13/2011 6:58:19 PM - System Checkpoint
RP134: 4/14/2011 7:23:16 PM - System Checkpoint
RP135: 4/15/2011 2:00:49 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems AC'97 Modem
ApexDataLoader
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Broadcom NetXtreme Ethernet Controller
Cisco Connect
CodeSite 3.0.1 Client Tools
Critical Update for Windows Media Player 11 (KB959772)
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Accessories Product Tour
HP BIOS Configuration for ProtectTools 1.00 C1
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP ProtectTools Security Manager 1.00 C3
HP Wireless Assistant
Informatica Mapping Template
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Knowledge Xpert for PLSQL V8.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
PowerCenter 8.6.1
PowerCenter Client 8.6.1
Quest Application Integration Tool
Quest Installer
Quest Software Toad for Oracle Version 8.6.1
Quest SQL Tuning for Oracle
Quick Launch Buttons 5.10 A1
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.7
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

9/8/2013 6:15:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OracleJobSchedulerNORTHWIND service to connect.
9/8/2013 6:15:22 PM, error: Service Control Manager [7000] - The OracleJobSchedulerNORTHWIND service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2013 12:23:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OracleServiceNORTHWIND service to connect.
9/6/2013 12:23:46 PM, error: Service Control Manager [7000] - The OracleServiceNORTHWIND service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2013 12:08:09 PM, error: Dhcp [1002] - The IP address lease 192.168.0.71 for the Network Card with network address 001560C8C26E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The ReportServer service was unable to log on as .\Sudhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as .\subhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/4/2013 2:22:09 PM, error: Service Control Manager [7038] - The MsDtsServer100 service was unable to log on as .\Sudhakar with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not start due to a logon failure.
9/4/2013 2:22:09 PM, error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
9/4/2013 12:59:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NAV service.
9/1/2013 7:38:08 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -94694395 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.15.101:123->207.46.197.32:123) is working properly.
1/18/2014 3:07:20 PM, error: Dhcp [1002] - The IP address lease 192.168.15.107 for the Network Card with network address 00166F8D3633 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2014 8:57:41 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -105238837 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.15.107:123->207.46.197.32:123) is working properly.

==== End Of File ===========================
 
I was editing my last reply when you were posting. Please go back and read what I added..

No antivirus for 6 months? Why?
Identity theft? What are you expecting to find here?

Cisco, SQL, Oracle, Informatica Orchestration Server>> got to be for work!
=============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
I was editing my last reply when you were posting. Please go back and read what I added..

No antivirus for 6 months? Why?
Identity theft? What are you expecting to find here?

Cisco, SQL, Oracle, Informatica Orchestration Server>> got to be for work!
=============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

===================

Hi,

My name is madhu.

my system shows the date 19th april, 2011.

i am not sure, what those programs might be.

I can delete those applications. i am not even sure what they might be.



my system is my personel laptop. I try to improve my knowledge by experimenting different issues from my work on my personel laptop. that's the reason, my laptop has several softwares like sql, oracle, informatica Orchestration Server. Cisco was installed some time to have remote login. I dont need that. I can uninstall it.


My main purpose for this virus check is that

1. when i try to match any vedio online, it does not play continiously. it keeps on pausing, even though the download in complete. Also, when i try to play online games like poker or games from orkut, my browser hangs up for 2-3 seconds. and this happenes freguently. So, i am not sure, what might be the problem with that. and i have enough space in my computer.

2. the reason for identity theft is that, i think some one is accessing my email account.

I am trying to figureout, if my system has got any virus which might be causing the identity theft.


I had an expired version of antivirus. and i did not renew it and then i installed the Avira Antivir Personal free edition.

So i wanted to make sure, my system is virus free.

I am interested to see if the system's registery is clean and free from virus.


here is the copy from Eset NOD32 online antivirus scan result:



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=4e90425206c7a74ea1bd1b5bf73cef01
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-19 09:27:09
# local_time=2011-04-19 02:27:09 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 0 39662005 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177283
# found=0
# cleaned=0
# scan_time=4174

please help me out.
 
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Status
Not open for further replies.
Back