rocky14321

ok thankyou mr.charlie . finally can i run hijack this program . do you recommend that?

i heard that java should be disabled in browsers . i use google chrome . is it safety to disable java in browser?

1. am i secure now? 2. i heard that java should e disabled in browsers . i use google chrome . is it true? 3.using ip address browser hijack is possible?

hi charlie, Results of screen317's Security Check version 0.99.74 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 40 Adobe Flash Player 11.8.800.168 Adobe Reader XI Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````

this means that its third person viewing browsing activity.

system is normal and everything is fine. But one thing worrying is browser hijack , this problem still persists.I want to be completely free from such things.

ive cleaned and taken the reports. ADWARE LOG # AdwCleaner v3.006 - Report created 06/10/2013 at 23:57:43# Updated 01/10/2013 by Xplode# Operating System : Windows 7 Ultimate (32 bits)# Username : gatesys - GATESYS-PC# Running from : C:\Users\gatesys\Downloads\Programs\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v [ File : C:\Users\gatesys\AppData\Roaming\Mozilla\Firefox\Profiles\tez40nft.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search"); -\\ Google Chrome v30.0.1599.69 [ File : C:\Users\gatesys\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1406 octets] - [06/10/2013 23:56:08]AdwCleaner[s0].txt - [1339 octets] - [06/10/2013 23:57:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1399 octets] ########## MBAM LOG : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.06.02 Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385gatesys :: GATESYS-PC [administrator] Protection: Enabled 10/7/2013 12:01:08 AMmbam-log-2013-10-07 (00-01-08).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 194115Time elapsed: 3 minute(s), 17 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

hi charlie i saw in bleeping computer forum that these registry keys are potentially unwanted modifications. ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND "Those detections are related to a PUM in the registry. NewStartPanel is a sub-key of Hide Desktop Items...see here and here. A PUM detection means a "Potentially Unwanted Modifcation (PUM)". It is considered potentially unwanted because the program making the detection cannot determine if the modification was set by the user, a legitimate program or by malware. If you recognize the PUM detection items, you can ignore the detection. If you don't recognize the detections, then you may need to investigate further as to what program made the modification(s) or remove them. [RogueKiller] Official Tutorial Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong."

hi charl, i've taken the reports. ComboFix 13-10-04.02 - gatesys 10/06/2013 11:21:29.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.1245 [GMT 5.5:30]Running from: c:\users\gatesys\Desktop\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 )))))))))))))))))))))))))))))))..2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-04 07:08 . 2013-10-04 07:22 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07 . 2013-10-04 07:08 -------- d-----w- c:\users\gatesys\AppData\Local\Deployment2013-10-04 07:07 . 2013-10-04 07:07 -------- d-----w- c:\users\gatesys\AppData\Local\Apps2013-10-02 08:56 . 2013-10-02 08:56 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56 . 2013-10-02 08:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-09-13 07:39 . 2013-09-13 07:39 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37 . 2013-08-14 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37 . 2013-08-02 17:29 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37 . 2013-09-13 07:37 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:35 . 2013-10-04 10:48 -------- d-----w- c:\users\gatesys\AppData\Roaming\Media Player Classic2013-09-13 07:28 . 2013-10-05 07:33 -------- d-----w- c:\users\gatesys\AppData\Roaming\vlc2013-09-13 07:27 . 2013-09-13 07:27 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15 . 2009-09-23 06:20 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15 . 2009-09-23 06:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47 . 2013-09-12 08:15 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46 . 2013-10-02 08:56 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46 . 2013-10-02 08:56 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:35 . 2013-09-12 07:35 -------- d-----w- c:\program files\Microsoft Works2013-09-12 07:17 . 2013-09-12 07:17 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17 . 2013-05-02 11:41 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE27DAB4-FC46-4CAC-AF66-9691732F6789}\mpengine.dll2013-09-12 06:59 . 2013-09-12 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:59 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:57 . 2013-09-12 06:57 -------- d-----w- c:\program files\CCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-21 16:40 . 2013-07-22 16:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40 . 2013-07-22 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35 . 2013-05-02 11:41 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52 . 2013-07-22 16:15 238872 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-23 3565432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-02 356376]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-05 8419872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\users\gatesys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-09-12 44000]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 145040]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-05-02 25944]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-05-02 25944]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-04 07:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 16:40].2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08].2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08]..------- Supplementary Scan -------.uStart Page = https://www.google.co.in/IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):7c,b0,0d,1b,ad,5f,d0,02,ae,a7,4c,77,ee,63,f3,79,46,30,60,70,e2, 70,a3,b1,ec,d7,1c,b0,a5,af,8c,dc,68,ee,22,ba,33,5b,26,fb,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{a51b7669-fc07-473f-b993-67cd6caa4c29}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000107"Therad"=dword:0000001e"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-06 11:32:21ComboFix-quarantined-files.txt 2013-10-06 06:02.Pre-Run: 80,612,208,640 bytes freePost-Run: 80,392,003,584 bytes free.- - End Of File - - 74EB890526B3DB0B2DC82F532C23E507A36C5E4F47E84449FF07ED3517B43A31

hello mr.charlie 1. what is that two registry items detected in rogue killer ? i did only a scan but did not fix it ? i took up the scan , result is no malware found no clean up is required.

hi mr. charlie i took dds and in rogue killer i just clicked scan and did not fix dns and all options there. IT FOUND 2 PUM. here are the reports . DDS : DS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.40.2Run by gatesys at 13:13:09 on 2013-10-04Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.583 [GMT 5.5:30].AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dllBHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dlluRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onbootmRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEmPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888].=============== Created Last 30 ================.2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps2013-10-02 08:56:38 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL2013-09-13 07:39:16 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37:54 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37:54 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37:54 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37:54 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37:53 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37:53 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37:51 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:27:58 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15:19 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47:49 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46:48 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46:48 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36:27 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:17:40 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17:28 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04:55 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2013-09-12 07:04:52 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce27dab4-fc46-4cac-af66-9691732f6789}\mpengine.dll2013-09-12 06:59:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:59:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:57:07 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-09-21 16:40:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35:09 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 13:13:59.21 =============== ATTACH: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 7/22/2013 9:04:49 PMSystem Uptime: 10/4/2013 12:33:00 PM (1 hours ago).Motherboard: Intel Corporation | | DG31PRProcessor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 93 GiB total, 74.685 GiB free.D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.F: is FIXED (NTFS) - 78 GiB total, 55.68 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP36: 9/12/2013 1:15:56 PM - Installed Java 7 Update 25RP37: 9/12/2013 1:25:51 PM - Installed Adobe Reader XI.RP38: 9/12/2013 9:29:41 PM - Installed MSXML 4.0 SP3 ParserRP39: 10/2/2013 2:25:41 PM - Installed Java 7 Update 40.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.04)CCleanerGoogle ChromeGoogle Update HelperIntel® Graphics Media Accelerator DriverIntel® TV WizardInternet Download ManagerJava 7 Update 40Java Auto UpdaterK-Lite Mega Codec Pack 10.0.0Kaspersky Internet Security 2013Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserPicasa 3Realtek High Definition Audio DriverVLC media player 2.0.8WinRAR 5.00 (32-bit).==== Event Viewer Messages From Past Week ========.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/2/2013 1:46:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.10/2/2013 1:46:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535..==== End Of File =========================== ROUGE KILLER REPORT: RogueKiller V8.7.1 [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : gatesys [Admin rights]Mode : Scan -- Date : 10/04/2013 13:17:06| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD321HJ ATA Device +++++--- User ---[MBR] a2bb0b125743c5fe7226b75de681e0d4[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10042013_131706.txt >>

before two months i was infected with pum.hijack.homepage.then i ran few programs myself and deleted those infections.I need to be 100% free from browser hijacks. its annoying that somebody is watching online activity.

im using win 7 can i use open dns? and can you suggest few things which are mandatory for my pc and network security?

hello mr.charlie , thanks for your kind assistance. i've few questions to ask 1. what is open dns and its uses 2. can i use speed up my pc 3. im using mozilla firefox . but there i saw google chrome to use . what should i use

hi mr. charlie i could not download in the above link so i downloaded in bleeping computer website. Results of screen317's Security Check version 0.99.72 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````

yes system is not slow and i dont install a lot of softwares which i have. but once when i was chatting with friend in g talk he sent a link and i clicked it. It displayed a blank page , from that time problem persists . And later i recognised it was a browser i hijack. my question is is my system clean without any malware and such crap?

hi charlie here is the report JRT.txt mbam-log-2013-08-15 (09-38-58).txt

i dont have malware bytes .can i install it now and run because as per your instructions i should not install / uninstall anything .

hi mr. charlie ive attached the adw log AdwCleaner0.txt

hi , i've attached the combo fix log ComboFix.txt

hi there, i scanned my pc , it displayed no malwares found. i've attached the logs. mbar-log-2013-08-13 (11-33-50).txt system-log.txt

hi thankyou for your assistance. I've taken the reports. I ve installed Internet Download manager and that is not a peer to peer sharing.So i didnt remove it. Do i need to remove it? DDS.TXT LOG DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.25.2 Run by gatesys at 14:01:48 on 2013-08-12 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.1332 [GMT 5.5:30] . AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files\PANDORA.TV\PanService\PandoraService.exe C:\Program Files\PANDORA.TV\PanService\PanProcess.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\gatesys\appdata\roaming\mozilla\firefox\profiles\0yw037sg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-07-23 16:39; mozilla_cc@internetdownloadmanager.com; c:\users\gatesys\appdata\roaming\idm\idmmzcc5 FF - ExtSQL: 2013-07-23 17:17; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com FF - ExtSQL: 2013-07-23 17:17; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com FF - ExtSQL: 2013-07-23 17:17; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-07-23 20:35; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com FF - ExtSQL: 2013-07-23 20:35; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com . ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216] R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-7-24 625304] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] . =============== File Associations =============== . FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-07-31 09:57:57 -------- d-----w- c:\users\gatesys\appdata\local\Google 2013-07-30 13:42:59 -------- d-----w- c:\windows\ERUNT 2013-07-27 07:46:43 -------- d-----w- c:\users\gatesys\appdata\roaming\Malwarebytes 2013-07-27 07:46:36 -------- d-----w- c:\programdata\Malwarebytes 2013-07-27 07:46:30 -------- d-----w- c:\users\gatesys\appdata\local\Programs 2013-07-26 16:45:15 -------- d-----w- c:\users\gatesys\appdata\local\Microsoft Games 2013-07-24 11:38:30 -------- d-----w- c:\program files\PANDORA.TV 2013-07-24 11:37:17 -------- d-----w- c:\program files\The KMPlayer 2013-07-24 10:08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-07-24 10:08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-07-24 10:08:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-07-24 10:08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-07-24 10:08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-07-23 17:35:53 -------- d-----w- c:\users\gatesys\appdata\local\Macromedia 2013-07-23 17:13:46 398336 ----a-w- c:\windows\system32\TVWizudlg.exe 2013-07-23 17:13:46 140288 ----a-w- c:\windows\system32\igfxtvcx.dll 2013-07-23 17:11:58 1002008 ----a-w- c:\windows\system32\igxpun.exe 2013-07-23 17:11:58 -------- d-----w- c:\windows\system32\Lang 2013-07-23 16:59:30 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-23 16:59:30 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-23 16:58:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-23 16:13:58 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 16:12:48 -------- d-----w- c:\windows\system32\appmgmt 2013-07-23 15:57:37 -------- d-----w- c:\users\gatesys\appdata\roaming\Autodesk 2013-07-23 15:05:10 -------- d-----w- c:\windows\ELAMBKUP 2013-07-23 15:05:08 -------- d-----w- c:\program files\Kaspersky Lab 2013-07-23 15:05:01 74848 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-07-23 13:32:03 -------- d-----w- c:\users\gatesys\appdata\local\Mozilla 2013-07-23 13:31:58 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-07-23 12:49:34 -------- d-----w- c:\users\gatesys\appdata\roaming\uTorrent 2013-07-23 12:07:33 -------- d-----w- c:\program files\VideoLAN 2013-07-23 11:47:41 -------- d-----w- c:\programdata\Kaspersky Lab 2013-07-23 11:45:11 -------- d-----w- c:\program files\CCleaner 2013-07-23 11:36:39 -------- d-----w- c:\program files\Microsoft Synchronization Services 2013-07-23 11:36:26 -------- d-----w- c:\windows\PCHEALTH 2013-07-23 11:36:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2013-07-23 11:35:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-07-23 11:35:23 -------- d-----w- c:\program files\Microsoft Analysis Services 2013-07-23 11:35:11 -------- d-----w- c:\users\gatesys\appdata\local\Microsoft Help 2013-07-23 11:25:24 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-07-23 11:25:06 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2013-07-23 11:25:06 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2013-07-23 11:25:06 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-07-23 11:25:06 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2013-07-23 11:25:06 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2013-07-23 11:25:05 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2013-07-23 11:25:05 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2013-07-23 11:21:12 53248 ----a-w- c:\windows\system32\CSVer.dll 2013-07-23 11:21:10 -------- d-----w- C:\Intel 2013-07-23 11:17:08 -------- d-sh--w- c:\windows\Installer 2013-07-23 11:17:06 -------- d-----w- C:\TempEI4 2013-07-23 11:09:46 -------- d-----w- c:\users\gatesys\appdata\roaming\IDM 2013-07-23 11:09:46 -------- d-----w- c:\programdata\IDM 2013-07-23 11:09:45 -------- d-----w- c:\users\gatesys\appdata\roaming\DMCache 2013-07-23 11:09:43 -------- d-----w- c:\program files\Internet Download Manager 2013-07-23 04:59:27 -------- d-----w- c:\windows\Panther 2013-07-23 04:59:14 -------- d-sh--w- C:\Boot 2013-07-22 16:36:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-22 16:36:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 16:26:00 -------- d-----w- c:\users\gatesys\appdata\local\Adobe 2013-07-22 16:15:36 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6163b713-eae1-487d-a3e9-d0455274443f}\mpengine.dll 2013-07-22 16:15:36 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-07-22 15:42:21 -------- d-----w- c:\windows\system32\wbem\Performance 2013-07-22 15:40:09 -------- d-----w- c:\users\gatesys\appdata\local\Diagnostics . ==================== Find3M ==================== . 2013-07-23 15:58:37 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys . ============= FINISH: 14:01:55.70 =============== ATTACH.TXT LOG UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 7/22/2013 9:04:49 PM System Uptime: 8/12/2013 1:46:05 PM (1 hours ago) . Motherboard: Intel Corporation | | DG31PR Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 93 GiB total, 73.365 GiB free. D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free. E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free. F: is FIXED (NTFS) - 78 GiB total, 55.673 GiB free. G: is CDROM () H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800 Manufacturer: Realtek Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800 Service: RTL8167 . ==== System Restore Points =================== . RP1: 7/22/2013 9:45:28 PM - Windows Update RP3: 7/23/2013 4:47:23 PM - Intel Express Installer RP5: 7/23/2013 4:49:02 PM - Intel ® Express Installer CD Installation - Before RP7: 7/23/2013 4:50:14 PM - Intel ® Express Installer CD Installation - After RP9: 7/23/2013 4:50:39 PM - Intel Express Installer RP11: 7/23/2013 4:51:04 PM - Intel ® Express Installer CD Installation - Before RP13: 7/23/2013 4:52:14 PM - Intel Express Installer RP15: 7/23/2013 4:55:08 PM - Installed Realtek High Definition Audio Driver RP17: 7/23/2013 4:57:50 PM - Intel ® Express Installer CD Installation - After RP19: 7/23/2013 4:58:12 PM - Intel ® Express Installer CD Installation - Before RP21: 7/23/2013 4:58:25 PM - Installed Realtek High Definition Audio Driver RP23: 7/23/2013 5:00:44 PM - Intel Express Installer RP24: 7/23/2013 5:04:46 PM - Installed Microsoft Office Professional Plus 2010 RP25: 7/23/2013 9:42:29 PM - Removed MSXML 4.0 SP2 Parser and SDK RP26: 7/23/2013 9:43:49 PM - Installed MSXML 4.0 SP3 Parser RP27: 7/23/2013 10:28:37 PM - Installed Java 7 Update 25 RP28: 7/24/2013 2:20:28 PM - Installed Adobe Reader XI. RP29: 7/24/2013 3:38:38 PM - Windows Update RP31: 7/31/2013 3:44:57 PM - Uniblue SpeedUpMyPC installation . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) CCleaner Intel® Graphics Media Accelerator Driver Intel® TV Wizard Internet Download Manager Java 7 Update 25 Java Auto Updater Kaspersky Internet Security 2013 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP3 Parser Pandora Service Picasa 3 Realtek High Definition Audio Driver The KMPlayer (remove only) VLC media player 2.0.7 WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 8/6/2013 8:08:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. 8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. . ==== End Of File =========================== ROGUE KILLER REPORT RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : gatesys [Admin rights] Mode : Scan -- Date : 08/12/2013 14:06:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD321HJ ATA Device +++++ --- User --- [MBR] a2bb0b125743c5fe7226b75de681e0d4 [bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08122013_140629.txt >> RKreport[0]_S_08122013_140448.txt;RKreport[0]_S_08122013_140539.txt

when i scanned with mbam it displayed PUM.HIJACK.HOMEPAGE. i know that Someone was was monitoring my online activity. i think it must be browser hijack. i need your help. Thanks in advance.