vistaXPuser
Posts: 6 +0
Hi technical support team,
I have followed the 8 step process for initial process of getting rid of virus from my PC.
Here are the copies of the required documents from my pc. Can some one please help me out to find if my pc is effected with virus.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6371
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
4/15/2011 5:22:13 PM
mbam-log-2011-04-15 (17-22-13).txt
Scan type: Quick scan
Objects scanned: 165054
Time elapsed: 7 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
===================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-04-16 06:13:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BEVE-00WZT0 rev.01.01A01
Running: t3jmy7lx.exe; Driver: C:\DOCUME~1\Sudhakar\LOCALS~1\Temp\uwtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT F7CDB0D6 ZwCreateKey
SSDT F7CDB0CC ZwCreateThread
SSDT F7CDB0DB ZwDeleteKey
SSDT F7CDB0E5 ZwDeleteValueKey
SSDT F7CDB0EA ZwLoadKey
SSDT F7CDB0B8 ZwOpenProcess
SSDT F7CDB0BD ZwOpenThread
SSDT F7CDB0F4 ZwReplaceKey
SSDT F7CDB0EF ZwRestoreKey
SSDT F7CDB0E0 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 1CF7CDB0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6AA2ABF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6A67A80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF78FC192]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
==========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by Sudhakar at 6:14:32.15 on Sat 04/16/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.411 [GMT -7:00]
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Informatica\PowerCenter8.6.1\OrchestrationServer\service\bin\wrapper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
c:\app\Sudhakar\product\11.2.0\dbhome_1\Bin\extjob.exe
C:\oracle\Ora91\bin\agntsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Informatica\PowerCenter8.6.1\java\bin\java.exe
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\oracle\Ora91\BIN\TNSLSNR.exe
c:\oracle\ora91\bin\ORACLE.EXE
c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE
C:\oracle\Ora91\bin\dbsnmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\oracle\Ora91\jdk\bin\java.exe
C:\oracle\Ora91\jdk\bin\java.exe
c:\oracle\ora91\bin\isqlplus
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Sudhakar\Desktop\Techspot\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hp.com/
mDefault_Page_URL = hxxp://www.hp.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\Sudhakar\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243443961187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\Sudhakar\applic~1\mozilla\firefox\profiles\2k3daltf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Sudhakar\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: TranslatorBar 1.1 Community Toolbar: {3bd53dec-24d7-4f9e-b27c-925559b8d27d} - %profile%\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
R2 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf --> c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf [?]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016]
R2 OracleJobSchedulerNORTHWIND;OracleJobSchedulerNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe NORTHWIND [?]
R2 OracleOra91Agent;OracleOra91Agent;c:\oracle\ora91\bin\agntsrvc.exe [2002-4-26 28944]
R2 OracleOra91HTTPServer;OracleOra91HTTPServer;c:\oracle\ora91\apache\apache\Apache.exe [2002-4-18 4096]
R2 OracleOra91TNSListener;OracleOra91TNSListener;c:\oracle\ora91\bin\tnslsnr --> c:\oracle\ora91\bin\TNSLSNR [?]
R2 OracleServiceMADUD;OracleServiceMADUD;c:\oracle\ora91\bin\oracle.exe madud --> c:\oracle\ora91\bin\ORACLE.EXE MADUD [?]
R2 OracleServiceNORTHWIND;OracleServiceNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oracle.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE NORTHWIND [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
S2 InformaticaServices8.6.1;InformaticaServices8.6.1;c:\informatica\powercenter8.6.1\server\tomcat\bin\infasvcs.exe [2010-8-3 61440]
S2 MsDtsServer100;SQL Server Integration Services 10.0;"c:\program files\microsoft sql server\100\dts\binn\msdtssrvr.exe" --> c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [?]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\reportingservicesservice.exe" --> c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [?]
S3 OracleOra91ClientCache;OracleOra91ClientCache;c:\oracle\ora91\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleOra91PagingServer;OracleOra91PagingServer;c:\oracle\ora91\bin\pagntsrv.exe [2002-8-20 49152]
S3 OracleOra91SNMPPeerEncapsulator;OracleOra91SNMPPeerEncapsulator;c:\oracle\ora91\bin\encsvc.exe [2002-2-13 187392]
S3 OracleOra91SNMPPeerMasterAgent;OracleOra91SNMPPeerMasterAgent;c:\oracle\ora91\bin\agntsvc.exe [2002-2-13 254464]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);"c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe" -s mssql10.mssqlserver --> c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe" --> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]
S4 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal --> c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal [?]
S4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
=============== File Associations ===============
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
=============== Created Last 30 ================
2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems
2011-03-23 03:26:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
2011-03-19 22:27:03 -------- d-----w- c:\program files\VideoLAN
2011-03-19 19:04:49 -------- d-----w- C:\Apex dataloderlogs
==================== Find3M ====================
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
============= FINISH: 6:16:15.31 ===============
====================
Thanks
VistaXPuser
I have followed the 8 step process for initial process of getting rid of virus from my PC.
Here are the copies of the required documents from my pc. Can some one please help me out to find if my pc is effected with virus.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6371
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
4/15/2011 5:22:13 PM
mbam-log-2011-04-15 (17-22-13).txt
Scan type: Quick scan
Objects scanned: 165054
Time elapsed: 7 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
===================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-04-16 06:13:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BEVE-00WZT0 rev.01.01A01
Running: t3jmy7lx.exe; Driver: C:\DOCUME~1\Sudhakar\LOCALS~1\Temp\uwtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT F7CDB0D6 ZwCreateKey
SSDT F7CDB0CC ZwCreateThread
SSDT F7CDB0DB ZwDeleteKey
SSDT F7CDB0E5 ZwDeleteValueKey
SSDT F7CDB0EA ZwLoadKey
SSDT F7CDB0B8 ZwOpenProcess
SSDT F7CDB0BD ZwOpenThread
SSDT F7CDB0F4 ZwReplaceKey
SSDT F7CDB0EF ZwRestoreKey
SSDT F7CDB0E0 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 1CF7CDB0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6AA2ABF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6A67A80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF78FC192]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3024] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
==========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by Sudhakar at 6:14:32.15 on Sat 04/16/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.411 [GMT -7:00]
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Informatica\PowerCenter8.6.1\OrchestrationServer\service\bin\wrapper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
c:\app\Sudhakar\product\11.2.0\dbhome_1\Bin\extjob.exe
C:\oracle\Ora91\bin\agntsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Informatica\PowerCenter8.6.1\java\bin\java.exe
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\oracle\Ora91\BIN\TNSLSNR.exe
c:\oracle\ora91\bin\ORACLE.EXE
c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE
C:\oracle\Ora91\bin\dbsnmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\oracle\Ora91\Apache\Apache\apache.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\oracle\Ora91\jdk\bin\java.exe
C:\oracle\Ora91\jdk\bin\java.exe
c:\oracle\ora91\bin\isqlplus
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Sudhakar\Desktop\Techspot\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hp.com/
mDefault_Page_URL = hxxp://www.hp.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\Sudhakar\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243443961187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\Sudhakar\applic~1\mozilla\firefox\profiles\2k3daltf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Sudhakar\application data\mozilla\firefox\profiles\2k3daltf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sudhakar\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Sudhakar\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: TranslatorBar 1.1 Community Toolbar: {3bd53dec-24d7-4f9e-b27c-925559b8d27d} - %profile%\extensions\{3bd53dec-24d7-4f9e-b27c-925559b8d27d}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
R2 InformaticaOrchestrationServer;Informatica Orchestration Server;c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf --> c:\informatica\powercenter8.6.1\orchestrationserver\service\bin\wrapper.exe -s c:\informatica\powercenter8.6.1\orchestrationserver\service\conf\wrapper.conf [?]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016]
R2 OracleJobSchedulerNORTHWIND;OracleJobSchedulerNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\extjob.exe NORTHWIND [?]
R2 OracleOra91Agent;OracleOra91Agent;c:\oracle\ora91\bin\agntsrvc.exe [2002-4-26 28944]
R2 OracleOra91HTTPServer;OracleOra91HTTPServer;c:\oracle\ora91\apache\apache\Apache.exe [2002-4-18 4096]
R2 OracleOra91TNSListener;OracleOra91TNSListener;c:\oracle\ora91\bin\tnslsnr --> c:\oracle\ora91\bin\TNSLSNR [?]
R2 OracleServiceMADUD;OracleServiceMADUD;c:\oracle\ora91\bin\oracle.exe madud --> c:\oracle\ora91\bin\ORACLE.EXE MADUD [?]
R2 OracleServiceNORTHWIND;OracleServiceNORTHWIND;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oracle.exe northwind --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\ORACLE.EXE NORTHWIND [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
S2 InformaticaServices8.6.1;InformaticaServices8.6.1;c:\informatica\powercenter8.6.1\server\tomcat\bin\infasvcs.exe [2010-8-3 61440]
S2 MsDtsServer100;SQL Server Integration Services 10.0;"c:\program files\microsoft sql server\100\dts\binn\msdtssrvr.exe" --> c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [?]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\reportingservicesservice.exe" --> c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [?]
S3 OracleOra91ClientCache;OracleOra91ClientCache;c:\oracle\ora91\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleOra91PagingServer;OracleOra91PagingServer;c:\oracle\ora91\bin\pagntsrv.exe [2002-8-20 49152]
S3 OracleOra91SNMPPeerEncapsulator;OracleOra91SNMPPeerEncapsulator;c:\oracle\ora91\bin\encsvc.exe [2002-2-13 187392]
S3 OracleOra91SNMPPeerMasterAgent;OracleOra91SNMPPeerMasterAgent;c:\oracle\ora91\bin\agntsvc.exe [2002-2-13 254464]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);"c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe" -s mssql10.mssqlserver --> c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe" --> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]
S4 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal --> c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\Sudhakar\product\112~1.0\dbhome_1\ccr\hosts\dhamaal [?]
S4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\Sudhakar\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
=============== File Associations ===============
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
=============== Created Last 30 ================
2014-01-18 07:48:36 -------- d-----w- c:\docume~1\Sudhakar\applic~1\Quest Software
2013-09-06 07:09:04 -------- d-----w- c:\program files\CA
2013-09-06 05:58:31 -------- d-----w- c:\docume~1\Sudhakar\locals~1\applic~1\Downloaded Installations
2013-09-02 08:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-09-02 08:19:25 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-09-02 08:19:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-09-02 08:19:24 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-23 03:27:01 -------- d-----w- c:\program files\Cisco Systems
2011-03-23 03:26:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
2011-03-19 22:27:03 -------- d-----w- c:\program files\VideoLAN
2011-03-19 19:04:49 -------- d-----w- C:\Apex dataloderlogs
==================== Find3M ====================
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
============= FINISH: 6:16:15.31 ===============
====================
Thanks
VistaXPuser