Jump to content

rocky14321

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok thankyou mr.charlie . finally can i run hijack this program . do you recommend that?
  2. i heard that java should be disabled in browsers . i use google chrome . is it safety to disable java in browser?
  3. 1. am i secure now? 2. i heard that java should e disabled in browsers . i use google chrome . is it true? 3.using ip address browser hijack is possible?
  4. hi charlie, Results of screen317's Security Check version 0.99.74 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 40 Adobe Flash Player 11.8.800.168 Adobe Reader XI Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  5. this means that its third person viewing browsing activity.
  6. system is normal and everything is fine. But one thing worrying is browser hijack , this problem still persists.I want to be completely free from such things.
  7. ive cleaned and taken the reports. ADWARE LOG # AdwCleaner v3.006 - Report created 06/10/2013 at 23:57:43# Updated 01/10/2013 by Xplode# Operating System : Windows 7 Ultimate (32 bits)# Username : gatesys - GATESYS-PC# Running from : C:\Users\gatesys\Downloads\Programs\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v [ File : C:\Users\gatesys\AppData\Roaming\Mozilla\Firefox\Profiles\tez40nft.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search"); -\\ Google Chrome v30.0.1599.69 [ File : C:\Users\gatesys\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1406 octets] - [06/10/2013 23:56:08]AdwCleaner[s0].txt - [1339 octets] - [06/10/2013 23:57:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1399 octets] ########## MBAM LOG : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.06.02 Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385gatesys :: GATESYS-PC [administrator] Protection: Enabled 10/7/2013 12:01:08 AMmbam-log-2013-10-07 (00-01-08).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 194115Time elapsed: 3 minute(s), 17 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  8. hi charlie i saw in bleeping computer forum that these registry keys are potentially unwanted modifications. ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND "Those detections are related to a PUM in the registry. NewStartPanel is a sub-key of Hide Desktop Items...see here and here. A PUM detection means a "Potentially Unwanted Modifcation (PUM)". It is considered potentially unwanted because the program making the detection cannot determine if the modification was set by the user, a legitimate program or by malware. If you recognize the PUM detection items, you can ignore the detection. If you don't recognize the detections, then you may need to investigate further as to what program made the modification(s) or remove them. [RogueKiller] Official Tutorial Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong."
  9. hi charl, i've taken the reports. ComboFix 13-10-04.02 - gatesys 10/06/2013 11:21:29.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.1245 [GMT 5.5:30]Running from: c:\users\gatesys\Desktop\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 )))))))))))))))))))))))))))))))..2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-04 07:08 . 2013-10-04 07:22 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07 . 2013-10-04 07:08 -------- d-----w- c:\users\gatesys\AppData\Local\Deployment2013-10-04 07:07 . 2013-10-04 07:07 -------- d-----w- c:\users\gatesys\AppData\Local\Apps2013-10-02 08:56 . 2013-10-02 08:56 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56 . 2013-10-02 08:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-09-13 07:39 . 2013-09-13 07:39 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37 . 2013-08-14 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37 . 2013-08-02 17:29 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37 . 2013-09-13 07:37 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:35 . 2013-10-04 10:48 -------- d-----w- c:\users\gatesys\AppData\Roaming\Media Player Classic2013-09-13 07:28 . 2013-10-05 07:33 -------- d-----w- c:\users\gatesys\AppData\Roaming\vlc2013-09-13 07:27 . 2013-09-13 07:27 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15 . 2009-09-23 06:20 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15 . 2009-09-23 06:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47 . 2013-09-12 08:15 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46 . 2013-10-02 08:56 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46 . 2013-10-02 08:56 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:35 . 2013-09-12 07:35 -------- d-----w- c:\program files\Microsoft Works2013-09-12 07:17 . 2013-09-12 07:17 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17 . 2013-05-02 11:41 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE27DAB4-FC46-4CAC-AF66-9691732F6789}\mpengine.dll2013-09-12 06:59 . 2013-09-12 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:59 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:57 . 2013-09-12 06:57 -------- d-----w- c:\program files\CCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-21 16:40 . 2013-07-22 16:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40 . 2013-07-22 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35 . 2013-05-02 11:41 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52 . 2013-07-22 16:15 238872 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-23 3565432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-02 356376]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-05 8419872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\users\gatesys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-09-12 44000]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 145040]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-05-02 25944]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-05-02 25944]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-04 07:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 16:40].2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08].2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08]..------- Supplementary Scan -------.uStart Page = https://www.google.co.in/IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):7c,b0,0d,1b,ad,5f,d0,02,ae,a7,4c,77,ee,63,f3,79,46,30,60,70,e2, 70,a3,b1,ec,d7,1c,b0,a5,af,8c,dc,68,ee,22,ba,33,5b,26,fb,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{a51b7669-fc07-473f-b993-67cd6caa4c29}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000107"Therad"=dword:0000001e"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-06 11:32:21ComboFix-quarantined-files.txt 2013-10-06 06:02.Pre-Run: 80,612,208,640 bytes freePost-Run: 80,392,003,584 bytes free.- - End Of File - - 74EB890526B3DB0B2DC82F532C23E507A36C5E4F47E84449FF07ED3517B43A31
  10. hello mr.charlie 1. what is that two registry items detected in rogue killer ? i did only a scan but did not fix it ? i took up the scan , result is no malware found no clean up is required.
  11. hi mr. charlie i took dds and in rogue killer i just clicked scan and did not fix dns and all options there. IT FOUND 2 PUM. here are the reports . DDS : DS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.40.2Run by gatesys at 13:13:09 on 2013-10-04Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.583 [GMT 5.5:30].AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dllBHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dlluRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onbootmRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEmPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888].=============== Created Last 30 ================.2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps2013-10-02 08:56:38 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL2013-09-13 07:39:16 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37:54 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37:54 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37:54 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37:54 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37:53 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37:53 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37:51 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:27:58 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15:19 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47:49 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46:48 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46:48 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36:27 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:17:40 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17:28 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04:55 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2013-09-12 07:04:52 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce27dab4-fc46-4cac-af66-9691732f6789}\mpengine.dll2013-09-12 06:59:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:59:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:57:07 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-09-21 16:40:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35:09 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 13:13:59.21 =============== ATTACH: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 7/22/2013 9:04:49 PMSystem Uptime: 10/4/2013 12:33:00 PM (1 hours ago).Motherboard: Intel Corporation | | DG31PRProcessor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 93 GiB total, 74.685 GiB free.D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.F: is FIXED (NTFS) - 78 GiB total, 55.68 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP36: 9/12/2013 1:15:56 PM - Installed Java 7 Update 25RP37: 9/12/2013 1:25:51 PM - Installed Adobe Reader XI.RP38: 9/12/2013 9:29:41 PM - Installed MSXML 4.0 SP3 ParserRP39: 10/2/2013 2:25:41 PM - Installed Java 7 Update 40.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.04)CCleanerGoogle ChromeGoogle Update HelperIntel® Graphics Media Accelerator DriverIntel® TV WizardInternet Download ManagerJava 7 Update 40Java Auto UpdaterK-Lite Mega Codec Pack 10.0.0Kaspersky Internet Security 2013Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserPicasa 3Realtek High Definition Audio DriverVLC media player 2.0.8WinRAR 5.00 (32-bit).==== Event Viewer Messages From Past Week ========.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/2/2013 1:46:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.10/2/2013 1:46:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535..==== End Of File =========================== ROUGE KILLER REPORT: RogueKiller V8.7.1 [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : gatesys [Admin rights]Mode : Scan -- Date : 10/04/2013 13:17:06| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD321HJ ATA Device +++++--- User ---[MBR] a2bb0b125743c5fe7226b75de681e0d4[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10042013_131706.txt >>
  12. before two months i was infected with pum.hijack.homepage.then i ran few programs myself and deleted those infections.I need to be 100% free from browser hijacks. its annoying that somebody is watching online activity.
  13. hi mr. charl thanks a lot for your assistance.your fantastic in your work thankyou very much

  14. im using win 7 can i use open dns? and can you suggest few things which are mandatory for my pc and network security?
  15. hello mr.charlie , thanks for your kind assistance. i've few questions to ask 1. what is open dns and its uses 2. can i use speed up my pc 3. im using mozilla firefox . but there i saw google chrome to use . what should i use
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.