[before i was infected by pum.hijack.homepage]

ok thankyou mr.charlie . finally can i run  hijack this program . do you recommend that?

[before i was infected by pum.hijack.homepage]

 i heard that java should be disabled in browsers . i use google chrome . is it safety to disable java in browser? 

[before i was infected by pum.hijack.homepage]

1. am i secure now?

2. i heard that java should e disabled in browsers . i use google chrome . is it true?

3.using ip address browser hijack is possible?

[before i was infected by pum.hijack.homepage]

hi charlie,

 

 

 

 Results of screen317's Security Check version 0.99.74  

 Windows 7  x86 (UAC is enabled)  

 Out of date service pack!! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Kaspersky Internet Security   

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 CCleaner     

 Java 7 Update 40  

 Adobe Flash Player 11.8.800.168  

 Adobe Reader XI  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 4% 

````````````````````End of Log`````````````````````` 

[before i was infected by pum.hijack.homepage]

this means that its third person viewing browsing activity.

[before i was infected by pum.hijack.homepage]

system is normal and everything is fine. But one thing worrying is browser hijack , this problem still persists.I want to be completely free from such things.

[before i was infected by pum.hijack.homepage]

ive  cleaned and taken the reports.

 

ADWARE LOG

 

 

 

# AdwCleaner v3.006 - Report created 06/10/2013 at 23:57:43

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Ultimate  (32 bits)

# Username : gatesys - GATESYS-PC

# Running from : C:\Users\gatesys\Downloads\Programs\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\gatesys\AppData\Roaming\Mozilla\Firefox\Profiles\tez40nft.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");

 

-\\ Google Chrome v30.0.1599.69

 

[ File : C:\Users\gatesys\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1406 octets] - [06/10/2013 23:56:08]

AdwCleaner[s0].txt - [1339 octets] - [06/10/2013 23:57:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1399 octets] ##########

 

 

 

 

MBAM LOG :

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.06.02

 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

gatesys :: GATESYS-PC [administrator]

 

Protection: Enabled

 

10/7/2013 12:01:08 AM

mbam-log-2013-10-07 (00-01-08).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194115

Time elapsed: 3 minute(s), 17 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

[before i was infected by pum.hijack.homepage]

hi charlie 

                   i saw in bleeping computer forum that these registry keys are potentially unwanted modifications.             

                                    ¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

"Those detections are related to a PUM in the registry.

NewStartPanel is a sub-key of Hide Desktop Items...see here and here.

A PUM detection means a "Potentially Unwanted Modifcation (PUM)". It is considered potentially unwanted because the program making the detection cannot determine if the modification was set by the user, a legitimate program or by malware.

If you recognize the PUM detection items, you can ignore the detection. If you don't recognize the detections, then you may need to investigate further as to what program made the modification(s) or remove them.

[RogueKiller] Official Tutorial

Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong."

[before i was infected by pum.hijack.homepage]

hi charl,

                   i've taken the reports. 

 

 

 

ComboFix 13-10-04.02 - gatesys 10/06/2013  11:21:29.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2036.1245 [GMT 5.5:30]

Running from: c:\users\gatesys\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))

.

.

2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-04 07:08 . 2013-10-04 07:22 -------- d-----w- c:\program files\GUM7129.tmp

2013-10-04 07:07 . 2013-10-04 07:08 -------- d-----w- c:\users\gatesys\AppData\Local\Deployment

2013-10-04 07:07 . 2013-10-04 07:07 -------- d-----w- c:\users\gatesys\AppData\Local\Apps

2013-10-02 08:56 . 2013-10-02 08:56 -------- d-----w- c:\programdata\Oracle

2013-10-02 08:56 . 2013-10-02 08:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-13 07:39 . 2013-09-13 07:39 -------- d--h--w- c:\programdata\Common Files

2013-09-13 07:37 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll

2013-09-13 07:37 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm

2013-09-13 07:37 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll

2013-09-13 07:37 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2013-09-13 07:37 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2013-09-13 07:37 . 2013-08-14 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-09-13 07:37 . 2013-08-02 17:29 217176 ----a-w- c:\windows\system32\unrar.dll

2013-09-13 07:37 . 2013-09-13 07:37 -------- d-----w- c:\program files\K-Lite Codec Pack

2013-09-13 07:35 . 2013-10-04 10:48 -------- d-----w- c:\users\gatesys\AppData\Roaming\Media Player Classic

2013-09-13 07:28 . 2013-10-05 07:33 -------- d-----w- c:\users\gatesys\AppData\Roaming\vlc

2013-09-13 07:27 . 2013-09-13 07:27 -------- d-----w- c:\program files\VideoLAN

2013-09-12 08:15 . 2009-09-23 06:20 398336 ----a-w- c:\windows\system32\TVWizudlg.exe

2013-09-12 08:15 . 2009-09-23 06:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2013-09-12 07:47 . 2013-09-12 08:15 -------- d-----w- c:\windows\system32\Lang

2013-09-12 07:46 . 2013-10-02 08:56 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-12 07:46 . 2013-10-02 08:56 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-12 07:36 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2013-09-12 07:36 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2013-09-12 07:35 . 2013-09-12 07:35 -------- d-----w- c:\program files\Microsoft Works

2013-09-12 07:17 . 2013-09-12 07:17 -------- d-----w- c:\windows\ELAMBKUP

2013-09-12 07:17 . 2013-05-02 11:41 74848 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-09-12 07:04 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE27DAB4-FC46-4CAC-AF66-9691732F6789}\mpengine.dll

2013-09-12 06:59 . 2013-09-12 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-12 06:59 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-12 06:57 . 2013-09-12 06:57 -------- d-----w- c:\program files\CCleaner

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-21 16:40 . 2013-07-22 16:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-21 16:40 . 2013-07-22 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-12 14:35 . 2013-05-02 11:41 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-08-06 22:52 . 2013-07-22 16:15 238872 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-23 3565432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-02 356376]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-05 8419872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\gatesys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-09-12 44000]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 145040]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-05-02 25944]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-05-02 25944]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-04 07:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 16:40]

.

2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08]

.

2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.co.in/

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):7c,b0,0d,1b,ad,5f,d0,02,ae,a7,4c,77,ee,63,f3,79,46,30,60,70,e2,

   70,a3,b1,ec,d7,1c,b0,a5,af,8c,dc,68,ee,22,ba,33,5b,26,fb,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{a51b7669-fc07-473f-b993-67cd6caa4c29}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000107

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

   38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-10-06  11:32:21

ComboFix-quarantined-files.txt  2013-10-06 06:02

.

Pre-Run: 80,612,208,640 bytes free

Post-Run: 80,392,003,584 bytes free

.

- - End Of File - - 74EB890526B3DB0B2DC82F532C23E507

A36C5E4F47E84449FF07ED3517B43A31

[before i was infected by pum.hijack.homepage]

hello mr.charlie 

1. what is that two registry items detected in rogue killer ? i did only a scan but did not fix it ? 

 

i took up the scan , result is no malware found no clean up is required. 

[before i was infected by pum.hijack.homepage]

hi mr. charlie i took dds and in rogue killer i just clicked scan and did not fix dns and all options there. IT FOUND 2 PUM. here are the reports .

 

DDS :

 

DS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.40.2

Run by gatesys at 13:13:09 on 2013-10-04

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2036.583 [GMT 5.5:30]

.

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]

R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]

R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

.

=============== Created Last 30 ================

.

2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp

2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment

2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps

2013-10-02 08:56:38 -------- d-----w- c:\programdata\Oracle

2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL

2013-09-13 07:39:16 -------- d--h--w- c:\programdata\Common Files

2013-09-13 07:37:54 650752 ----a-w- c:\windows\system32\xvidcore.dll

2013-09-13 07:37:54 3649536 ----a-w- c:\windows\system32\x264vfw.dll

2013-09-13 07:37:54 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2013-09-13 07:37:54 216064 ----a-w- c:\windows\system32\lagarith.dll

2013-09-13 07:37:54 122880 ----a-w- c:\windows\system32\ac3acm.acm

2013-09-13 07:37:53 217176 ----a-w- c:\windows\system32\unrar.dll

2013-09-13 07:37:53 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-09-13 07:37:51 -------- d-----w- c:\program files\K-Lite Codec Pack

2013-09-13 07:27:58 -------- d-----w- c:\program files\VideoLAN

2013-09-12 08:15:19 398336 ----a-w- c:\windows\system32\TVWizudlg.exe

2013-09-12 08:15:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2013-09-12 07:47:49 -------- d-----w- c:\windows\system32\Lang

2013-09-12 07:46:48 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-12 07:46:48 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-12 07:36:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

2013-09-12 07:36:27 32592 ----a-w- c:\windows\system32\msonpmon.dll

2013-09-12 07:17:40 -------- d-----w- c:\windows\ELAMBKUP

2013-09-12 07:17:28 74848 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-09-12 07:04:55 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-09-12 07:04:52 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce27dab4-fc46-4cac-af66-9691732f6789}\mpengine.dll

2013-09-12 06:59:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-12 06:59:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-12 06:57:07 -------- d-----w- c:\program files\CCleaner

.

==================== Find3M  ====================

.

2013-09-21 16:40:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-21 16:40:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-12 14:35:09 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 13:13:59.21 ===============

 

 ATTACH:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 7/22/2013 9:04:49 PM

System Uptime: 10/4/2013 12:33:00 PM (1 hours ago)

.

Motherboard: Intel Corporation |  | DG31PR

Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | J3E1 | 2933/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 93 GiB total, 74.685 GiB free.

D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.

E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.

F: is FIXED (NTFS) - 78 GiB total, 55.68 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP36: 9/12/2013 1:15:56 PM - Installed Java 7 Update 25

RP37: 9/12/2013 1:25:51 PM - Installed Adobe Reader XI.

RP38: 9/12/2013 9:29:41 PM - Installed MSXML 4.0 SP3 Parser

RP39: 10/2/2013 2:25:41 PM - Installed Java 7 Update 40

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.04)

CCleaner

Google Chrome

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Internet Download Manager

Java 7 Update 40

Java Auto Updater

K-Lite Mega Codec Pack 10.0.0

Kaspersky Internet Security 2013

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

Picasa 3

Realtek High Definition Audio Driver

VLC media player 2.0.8

WinRAR 5.00 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

10/2/2013 1:46:21 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/2/2013 1:46:21 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

 

 

ROUGE KILLER REPORT:

 

RogueKiller V8.7.1 [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : gatesys [Admin rights]

Mode : Scan -- Date : 10/04/2013 13:17:06

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD321HJ ATA Device +++++

--- User ---

[MBR] a2bb0b125743c5fe7226b75de681e0d4

[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10042013_131706.txt >>

 

 

 

 

[before i was infected by pum.hijack.homepage]

before two months i was infected with pum.hijack.homepage.then i ran few programs myself and deleted those infections.I need to be 100% free from browser hijacks. its annoying that somebody is watching online activity.

[pum.hijack.HOMEPAGE]

im using win 7 can i use open dns?

and can you suggest few things which are mandatory for my pc and network security?

[pum.hijack.HOMEPAGE]

hello mr.charlie , thanks for your kind assistance.

i've few questions to ask

1. what is open dns and its uses

2. can i use speed up my pc

3. im using mozilla firefox . but there i saw google chrome to use . what should i use

[pum.hijack.HOMEPAGE]

hi mr. charlie i could not download in the above link so i downloaded in bleeping computer website.

 

 

Results of screen317's Security Check version 0.99.72  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

[pum.hijack.HOMEPAGE]

yes system is not slow and i dont install a lot of softwares which i have. but once when i was chatting with friend in g talk he sent a link and i clicked it. It displayed a blank page , from that time problem persists . And later i recognised it was a browser i hijack. my question is is my system clean without any malware and such crap?

[pum.hijack.HOMEPAGE]

hi charlie here is the report

JRT.txt

mbam-log-2013-08-15 (09-38-58).txt

[pum.hijack.HOMEPAGE]

i dont have malware bytes .can i install it now and run because as per your instructions i should not install / uninstall anything .

[pum.hijack.HOMEPAGE]

hi mr. charlie ive attached the adw log

AdwCleaner0.txt

[pum.hijack.HOMEPAGE]

hi ,

          i've attached the combo fix log

ComboFix.txt

[pum.hijack.HOMEPAGE]

hi there,

                 i scanned my pc , it displayed no malwares found. i've attached the logs.

mbar-log-2013-08-13 (11-33-50).txt

system-log.txt

[pum.hijack.HOMEPAGE]

hi thankyou for your assistance. I've taken the reports. I ve installed Internet Download manager and that is not a peer to peer sharing.So i didnt remove it. Do i need to remove it?

 

DDS.TXT LOG

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.25.2
Run by gatesys at 14:01:48 on 2013-08-12
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2036.1332 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gatesys\appdata\roaming\mozilla\firefox\profiles\0yw037sg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo


FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-23 16:39; mozilla_cc@internetdownloadmanager.com; c:\users\gatesys\appdata\roaming\idm\idmmzcc5
FF - ExtSQL: 2013-07-23 17:17; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com
FF - ExtSQL: 2013-07-23 17:17; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com
FF - ExtSQL: 2013-07-23 17:17; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-07-23 20:35; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com
FF - ExtSQL: 2013-07-23 20:35; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-7-24 625304]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-07-31 09:57:57    --------    d-----w-    c:\users\gatesys\appdata\local\Google
2013-07-30 13:42:59    --------    d-----w-    c:\windows\ERUNT
2013-07-27 07:46:43    --------    d-----w-    c:\users\gatesys\appdata\roaming\Malwarebytes
2013-07-27 07:46:36    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-27 07:46:30    --------    d-----w-    c:\users\gatesys\appdata\local\Programs
2013-07-26 16:45:15    --------    d-----w-    c:\users\gatesys\appdata\local\Microsoft Games
2013-07-24 11:38:30    --------    d-----w-    c:\program files\PANDORA.TV
2013-07-24 11:37:17    --------    d-----w-    c:\program files\The KMPlayer
2013-07-24 10:08:47    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-07-24 10:08:47    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2013-07-24 10:08:47    297808    ----a-w-    c:\windows\system32\mscoree.dll
2013-07-24 10:08:47    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-07-24 10:08:47    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-07-23 17:35:53    --------    d-----w-    c:\users\gatesys\appdata\local\Macromedia
2013-07-23 17:13:46    398336    ----a-w-    c:\windows\system32\TVWizudlg.exe
2013-07-23 17:13:46    140288    ----a-w-    c:\windows\system32\igfxtvcx.dll
2013-07-23 17:11:58    1002008    ----a-w-    c:\windows\system32\igxpun.exe
2013-07-23 17:11:58    --------    d-----w-    c:\windows\system32\Lang
2013-07-23 16:59:30    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-23 16:59:30    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-23 16:58:58    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-23 16:13:58    --------    d-----w-    c:\program files\MSXML 4.0
2013-07-23 16:12:48    --------    d-----w-    c:\windows\system32\appmgmt
2013-07-23 15:57:37    --------    d-----w-    c:\users\gatesys\appdata\roaming\Autodesk
2013-07-23 15:05:10    --------    d-----w-    c:\windows\ELAMBKUP
2013-07-23 15:05:08    --------    d-----w-    c:\program files\Kaspersky Lab
2013-07-23 15:05:01    74848    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-07-23 13:32:03    --------    d-----w-    c:\users\gatesys\appdata\local\Mozilla
2013-07-23 13:31:58    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-07-23 12:49:34    --------    d-----w-    c:\users\gatesys\appdata\roaming\uTorrent
2013-07-23 12:07:33    --------    d-----w-    c:\program files\VideoLAN
2013-07-23 11:47:41    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-07-23 11:45:11    --------    d-----w-    c:\program files\CCleaner
2013-07-23 11:36:39    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2013-07-23 11:36:26    --------    d-----w-    c:\windows\PCHEALTH
2013-07-23 11:36:26    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2013-07-23 11:35:55    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-07-23 11:35:23    --------    d-----w-    c:\program files\Microsoft Analysis Services
2013-07-23 11:35:11    --------    d-----w-    c:\users\gatesys\appdata\local\Microsoft Help
2013-07-23 11:25:24    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-07-23 11:25:06    757760    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-07-23 11:25:06    69715    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-07-23 11:25:06    32768    ----a-w-    c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-07-23 11:25:06    274432    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-07-23 11:25:06    204800    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-07-23 11:25:05    331908    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2013-07-23 11:25:05    200836    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-07-23 11:21:12    53248    ----a-w-    c:\windows\system32\CSVer.dll
2013-07-23 11:21:10    --------    d-----w-    C:\Intel
2013-07-23 11:17:08    --------    d-sh--w-    c:\windows\Installer
2013-07-23 11:17:06    --------    d-----w-    C:\TempEI4
2013-07-23 11:09:46    --------    d-----w-    c:\users\gatesys\appdata\roaming\IDM
2013-07-23 11:09:46    --------    d-----w-    c:\programdata\IDM
2013-07-23 11:09:45    --------    d-----w-    c:\users\gatesys\appdata\roaming\DMCache
2013-07-23 11:09:43    --------    d-----w-    c:\program files\Internet Download Manager
2013-07-23 04:59:27    --------    d-----w-    c:\windows\Panther
2013-07-23 04:59:14    --------    d-sh--w-    C:\Boot
2013-07-22 16:36:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 16:36:00    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-22 16:26:00    --------    d-----w-    c:\users\gatesys\appdata\local\Adobe
2013-07-22 16:15:36    7143960    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6163b713-eae1-487d-a3e9-d0455274443f}\mpengine.dll
2013-07-22 16:15:36    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-22 15:42:21    --------    d-----w-    c:\windows\system32\wbem\Performance
2013-07-22 15:40:09    --------    d-----w-    c:\users\gatesys\appdata\local\Diagnostics
.
==================== Find3M  ====================
.
2013-07-23 15:58:37    44000    ----a-w-    c:\windows\system32\drivers\kltdi.sys
.
============= FINISH: 14:01:55.70 ===============

 

 

ATTACH.TXT LOG

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2013 9:04:49 PM
System Uptime: 8/12/2013 1:46:05 PM (1 hours ago)
.
Motherboard: Intel Corporation |  | DG31PR
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | J3E1 | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 73.365 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 55.673 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800
Manufacturer: Realtek
Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800
Service: RTL8167
.
==== System Restore Points ===================
.
RP1: 7/22/2013 9:45:28 PM - Windows Update
RP3: 7/23/2013 4:47:23 PM - Intel Express Installer
RP5: 7/23/2013 4:49:02 PM - Intel ® Express Installer CD Installation - Before
RP7: 7/23/2013 4:50:14 PM - Intel ® Express Installer CD Installation - After
RP9: 7/23/2013 4:50:39 PM - Intel Express Installer
RP11: 7/23/2013 4:51:04 PM - Intel ® Express Installer CD Installation - Before
RP13: 7/23/2013 4:52:14 PM - Intel Express Installer
RP15: 7/23/2013 4:55:08 PM - Installed Realtek High Definition Audio Driver
RP17: 7/23/2013 4:57:50 PM - Intel ® Express Installer CD Installation - After
RP19: 7/23/2013 4:58:12 PM - Intel ® Express Installer CD Installation - Before
RP21: 7/23/2013 4:58:25 PM - Installed Realtek High Definition Audio Driver
RP23: 7/23/2013 5:00:44 PM - Intel Express Installer
RP24: 7/23/2013 5:04:46 PM - Installed Microsoft Office Professional Plus 2010
RP25: 7/23/2013 9:42:29 PM - Removed MSXML 4.0 SP2 Parser and SDK
RP26: 7/23/2013 9:43:49 PM - Installed MSXML 4.0 SP3 Parser
RP27: 7/23/2013 10:28:37 PM - Installed Java 7 Update 25
RP28: 7/24/2013 2:20:28 PM - Installed Adobe Reader XI.
RP29: 7/24/2013 3:38:38 PM - Windows Update
RP31: 7/31/2013 3:44:57 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
CCleaner
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Internet Download Manager
Java 7 Update 25
Java Auto Updater
Kaspersky Internet Security 2013
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
Pandora Service
Picasa 3
Realtek High Definition Audio Driver
The KMPlayer (remove only)
VLC media player 2.0.7
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/6/2013 8:08:59 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
.
==== End Of File ===========================
 

 

 

ROGUE KILLER REPORT

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : gatesys [Admin rights]
Mode : Scan -- Date : 08/12/2013 14:06:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321HJ ATA Device +++++
--- User ---
[MBR] a2bb0b125743c5fe7226b75de681e0d4
[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08122013_140629.txt >>
RKreport[0]_S_08122013_140448.txt;RKreport[0]_S_08122013_140539.txt

 

[pum.hijack.HOMEPAGE]

when i scanned with mbam it displayed PUM.HIJACK.HOMEPAGE. i know that Someone was was monitoring my online activity. i think it must be browser hijack. i need your help. Thanks in advance.