Jump to content

Recommended Posts

============== Running Processes ================

.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.bing.com

mStart Page = hxxp://websearch.helpmefindyour.info/?pid=727&r=2013/04/13&hid=3530116696&lg=EN&cc=IN

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

uPolicies-Explorer: NoDriveTypeAutoRun = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{3FD4E0CE-A39C-4DDC-90C5-4E04D58B41C6} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{7783B1DB-1711-4F39-A08E-14368431378D} : NameServer = 61.1.96.71,61.1.96.69

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\saveas\sprote~1.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\saranya\application data\mozilla\firefox\profiles\ddfa38q1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.helpmefindyour.info/?pid=727&r=2013/04/13&hid=3530116696&lg=EN&cc=IN&l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.helpmefindyour.info/?pid=727&r=2013/04/13&hid=3530116696&lg=EN&cc=IN&l=1&q=

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-02-22 17:25; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-03-04 07:29; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF - ExtSQL: 2013-03-04 22:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - ExtSQL: 2013-04-10 22:56; linkfilter@kaspersky.ru; c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - ExtSQL: 2013-04-16 22:09; wrc@avast.com; c:\program files\alwil software\avast5\webrep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - f821b07d0000000000000016e3e6702b

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15767

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:34:36

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.newTab - false

.

.

.

.

============= SERVICES / DRIVERS ===============

.

R? aswVmm;aswVmm

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device

R? huawei_enumerator;huawei_enumerator

R? SkypeUpdate;Skype Updater

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

R? ztemtusbser;ZTEMT Legacy Serial Communication

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswRvrt;aswRvrt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? NPUsbLIP;NPUsbLIP

S? Skype C2C Service;Skype C2C Service

S? UDisk Monitor;UDisk Monitor

.

=============== File Associations ===============

.

FileExt: .scr: scrfile="%1" %*

ShellExec: MediaConverter.exe: open="c:\program files\sandisk\sansa media converter\uMediaConverter.exe" "%1"

.

=============== Created Last 30 ================

.

2013-04-17 02:10:35 -------- d-----w- c:\documents and settings\saranya\application data\GlarySoft

2013-04-17 02:08:28 -------- d-----w- c:\program files\Glarysoft

2013-04-17 02:07:49 -------- d--h--w- c:\windows\PIF

2013-04-16 17:39:43 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-04-16 17:39:42 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-16 17:39:41 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-04-16 17:39:40 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-04-16 17:39:31 41664 ----a-w- c:\windows\avastSS.scr

2013-04-16 15:16:15 -------- d-----w- C:\temp

2013-04-15 18:00:20 -------- d-----w- c:\windows\system32\NtmsData

2013-04-14 18:11:45 -------- d-----w- c:\windows\system32\XPSViewer

2013-04-14 06:34:47 -------- d-----w- c:\documents and settings\saranya\application data\Uniblue

2013-04-14 04:48:59 -------- d-----w- c:\documents and settings\all users\Uniblue

2013-04-13 03:12:11 -------- d-----w- c:\documents and settings\all users\application data\SoftSafe

2013-04-12 17:56:43 -------- d-----w- c:\program files\BrowseToSave

2013-04-11 15:23:30 12744 ------w- c:\windows\system32\drivers\NPUsbLIP.sys

2013-04-11 15:22:53 -------- d-----w- c:\program files\microsoft

2013-04-11 15:22:44 49152 ------w- c:\documents and settings\saranya\NPProt.bkp

2013-04-11 15:21:20 -------- d-----w- c:\documents and settings\saranya\local settings\application data\Identities

2013-04-11 15:08:27 -------- d-----w- c:\documents and settings\all users\application data\WebSecure

2013-04-11 09:11:41 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2013-04-11 09:07:44 -------- d-----w- c:\windows\SHELLNEW

2013-04-11 09:06:21 -------- d-----w- c:\documents and settings\saranya\local settings\application data\Microsoft Help

2013-04-10 18:26:14 162320 ------w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2013-04-10 18:23:18 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

2013-04-10 15:07:56 -------- d-----w- c:\program files\WebSearch

2013-04-09 01:51:32 -------- d-----w- c:\documents and settings\saranya\application data\searchresultstb

2013-04-08 18:04:54 -------- d-----w- c:\documents and settings\saranya\AppData

2013-04-08 16:35:01 -------- d-----w- c:\program files\MSXML 4.0

2013-04-08 16:33:20 75264 ------w- c:\windows\system32\nmwcdcls.dll

2013-04-08 16:32:32 -------- d-----w- c:\documents and settings\saranya\local settings\application data\Nokia

2013-03-24 09:00:04 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess

2013-03-24 08:45:31 -------- d-----w- c:\documents and settings\saranya\application data\FixBee

2013-03-24 08:45:31 -------- d-----w- c:\documents and settings\all users\application data\FixBee

2013-03-22 16:22:54 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-21 16:57:58 -------- d-----w- c:\documents and settings\saranya\application data\RoboForm

2013-03-18 15:18:17 -------- d-----w- c:\program files\TOSHIBA

.

==================== Find3M ====================

.

2013-04-11 14:09:02 691592 ------w- c:\windows\system32\FlashPlayerApp.exe

2013-04-11 14:09:01 71048 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 08:36:22 293376 ------w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2013-03-06 17:19:06 94112 ------w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-06 17:18:59 143872 ------w- c:\windows\system32\javacpl.cpl

2013-03-06 17:18:57 861088 ------w- c:\windows\system32\npDeployJava1.dll

2013-03-06 17:18:57 782240 ------w- c:\windows\system32\deployJava1.dll

2013-03-02 02:06:31 916480 ------w- c:\windows\system32\wininet.dll

2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25:02 1867264 ------w- c:\windows\system32\win32k.sys

2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec

2013-02-27 07:56:51 2067456 ------w- c:\windows\system32\mstscax.dll

2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023.sys

2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll

2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32(2)(2)(2).dll

.

============= FINISH: 7:08:39.23 ===============

dds.txt

attach.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.