rocky14321
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by rocky14321
-
-
i heard that java should be disabled in browsers . i use google chrome . is it safety to disable java in browser?
-
1. am i secure now?
2. i heard that java should e disabled in browsers . i use google chrome . is it true?
3.using ip address browser hijack is possible?
-
hi charlie,
Results of screen317's Security Check version 0.99.74Windows 7 x86 (UAC is enabled)``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!Kaspersky Internet SecurityAntivirus out of date!`````````Anti-malware/Other Utilities Check:`````````Malwarebytes Anti-Malware version 1.75.0.1300CCleanerJava 7 Update 40Adobe Flash Player 11.8.800.168Adobe Reader XIGoogle Chrome 30.0.1599.69````````Process Check: objlist.exe by Laurent````````Malwarebytes Anti-Malware mbamservice.exeMalwarebytes Anti-Malware mbamgui.exeMalwarebytes' Anti-Malware mbamscheduler.exeKaspersky Lab Kaspersky Internet Security 2013 avp.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 4%````````````````````End of Log`````````````````````` -
this means that its third person viewing browsing activity.
-
system is normal and everything is fine. But one thing worrying is browser hijack , this problem still persists.I want to be completely free from such things.
-
ive cleaned and taken the reports.
ADWARE LOG
# AdwCleaner v3.006 - Report created 06/10/2013 at 23:57:43# Updated 01/10/2013 by Xplode# Operating System : Windows 7 Ultimate (32 bits)# Username : gatesys - GATESYS-PC# Running from : C:\Users\gatesys\Downloads\Programs\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}***** [ Browsers ] *****-\\ Internet Explorer v8.0.7600.16385-\\ Mozilla Firefox v[ File : C:\Users\gatesys\AppData\Roaming\Mozilla\Firefox\Profiles\tez40nft.default\prefs.js ]Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");-\\ Google Chrome v30.0.1599.69[ File : C:\Users\gatesys\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [1406 octets] - [06/10/2013 23:56:08]AdwCleaner[s0].txt - [1339 octets] - [06/10/2013 23:57:43]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1399 octets] ##########MBAM LOG :Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.10.06.02Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385gatesys :: GATESYS-PC [administrator]Protection: Enabled10/7/2013 12:01:08 AMmbam-log-2013-10-07 (00-01-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 194115Time elapsed: 3 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) -
hi charlie
i saw in bleeping computer forum that these registry keys are potentially unwanted modifications.
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND"Those detections are related to a PUM in the registry.
NewStartPanel is a sub-key of Hide Desktop Items...see here and here.
A PUM detection means a "Potentially Unwanted Modifcation (PUM)". It is considered potentially unwanted because the program making the detection cannot determine if the modification was set by the user, a legitimate program or by malware.
If you recognize the PUM detection items, you can ignore the detection. If you don't recognize the detections, then you may need to investigate further as to what program made the modification(s) or remove them.
[RogueKiller] Official Tutorial
Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong." -
hi charl,
i've taken the reports.
ComboFix 13-10-04.02 - gatesys 10/06/2013 11:21:29.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.1245 [GMT 5.5:30]Running from: c:\users\gatesys\Desktop\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}* Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 )))))))))))))))))))))))))))))))..2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp2013-10-06 05:57 . 2013-10-06 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-04 07:08 . 2013-10-04 07:22 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07 . 2013-10-04 07:08 -------- d-----w- c:\users\gatesys\AppData\Local\Deployment2013-10-04 07:07 . 2013-10-04 07:07 -------- d-----w- c:\users\gatesys\AppData\Local\Apps2013-10-02 08:56 . 2013-10-02 08:56 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56 . 2013-10-02 08:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-09-13 07:39 . 2013-09-13 07:39 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37 . 2013-08-14 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37 . 2013-08-02 17:29 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37 . 2013-09-13 07:37 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:35 . 2013-10-04 10:48 -------- d-----w- c:\users\gatesys\AppData\Roaming\Media Player Classic2013-09-13 07:28 . 2013-10-05 07:33 -------- d-----w- c:\users\gatesys\AppData\Roaming\vlc2013-09-13 07:27 . 2013-09-13 07:27 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15 . 2009-09-23 06:20 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15 . 2009-09-23 06:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47 . 2013-09-12 08:15 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46 . 2013-10-02 08:56 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46 . 2013-10-02 08:56 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:35 . 2013-09-12 07:35 -------- d-----w- c:\program files\Microsoft Works2013-09-12 07:17 . 2013-09-12 07:17 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17 . 2013-05-02 11:41 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE27DAB4-FC46-4CAC-AF66-9691732F6789}\mpengine.dll2013-09-12 06:59 . 2013-09-12 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:59 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:57 . 2013-09-12 06:57 -------- d-----w- c:\program files\CCleaner...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-21 16:40 . 2013-07-22 16:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40 . 2013-07-22 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35 . 2013-05-02 11:41 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52 . 2013-07-22 16:15 238872 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-23 3565432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-02 356376]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-05 8419872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\users\gatesys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-09-12 44000]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 145040]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-05-02 25944]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-05-02 25944]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-04 07:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 16:40].2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08].2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-04 07:08]..------- Supplementary Scan -------.uStart Page = https://www.google.co.in/IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):7c,b0,0d,1b,ad,5f,d0,02,ae,a7,4c,77,ee,63,f3,79,46,30,60,70,e2,70,a3,b1,ec,d7,1c,b0,a5,af,8c,dc,68,ee,22,ba,33,5b,26,fb,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-1915525720-1561026745-3265111426-1000_Classes\CLSID\{a51b7669-fc07-473f-b993-67cd6caa4c29}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000107"Therad"=dword:0000001e"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-06 11:32:21ComboFix-quarantined-files.txt 2013-10-06 06:02.Pre-Run: 80,612,208,640 bytes freePost-Run: 80,392,003,584 bytes free.- - End Of File - - 74EB890526B3DB0B2DC82F532C23E507A36C5E4F47E84449FF07ED3517B43A31 -
hello mr.charlie
1. what is that two registry items detected in rogue killer ? i did only a scan but did not fix it ?
i took up the scan , result is no malware found no clean up is required.
-
hi mr. charlie i took dds and in rogue killer i just clicked scan and did not fix dns and all options there. IT FOUND 2 PUM. here are the reports .
DDS :
DS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.40.2Run by gatesys at 13:13:09 on 2013-10-04Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.583 [GMT 5.5:30].AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dllBHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dlluRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onbootmRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEmPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888].=============== Created Last 30 ================.2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps2013-10-02 08:56:38 -------- d-----w- c:\programdata\Oracle2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL2013-09-13 07:39:16 -------- d--h--w- c:\programdata\Common Files2013-09-13 07:37:54 650752 ----a-w- c:\windows\system32\xvidcore.dll2013-09-13 07:37:54 3649536 ----a-w- c:\windows\system32\x264vfw.dll2013-09-13 07:37:54 243200 ----a-w- c:\windows\system32\xvidvfw.dll2013-09-13 07:37:54 216064 ----a-w- c:\windows\system32\lagarith.dll2013-09-13 07:37:54 122880 ----a-w- c:\windows\system32\ac3acm.acm2013-09-13 07:37:53 217176 ----a-w- c:\windows\system32\unrar.dll2013-09-13 07:37:53 112640 ----a-w- c:\windows\system32\ff_vfw.dll2013-09-13 07:37:51 -------- d-----w- c:\program files\K-Lite Codec Pack2013-09-13 07:27:58 -------- d-----w- c:\program files\VideoLAN2013-09-12 08:15:19 398336 ----a-w- c:\windows\system32\TVWizudlg.exe2013-09-12 08:15:19 140288 ----a-w- c:\windows\system32\igfxtvcx.dll2013-09-12 07:47:49 -------- d-----w- c:\windows\system32\Lang2013-09-12 07:46:48 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-12 07:46:48 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-09-12 07:36:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll2013-09-12 07:36:27 32592 ----a-w- c:\windows\system32\msonpmon.dll2013-09-12 07:17:40 -------- d-----w- c:\windows\ELAMBKUP2013-09-12 07:17:28 74848 ----a-w- c:\windows\system32\drivers\klflt.sys2013-09-12 07:04:55 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2013-09-12 07:04:52 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce27dab4-fc46-4cac-af66-9691732f6789}\mpengine.dll2013-09-12 06:59:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-12 06:59:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-12 06:57:07 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-09-21 16:40:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-21 16:40:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-12 14:35:09 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 13:13:59.21 ===============ATTACH:
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 7/22/2013 9:04:49 PMSystem Uptime: 10/4/2013 12:33:00 PM (1 hours ago).Motherboard: Intel Corporation | | DG31PRProcessor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 93 GiB total, 74.685 GiB free.D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.F: is FIXED (NTFS) - 78 GiB total, 55.68 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP36: 9/12/2013 1:15:56 PM - Installed Java 7 Update 25RP37: 9/12/2013 1:25:51 PM - Installed Adobe Reader XI.RP38: 9/12/2013 9:29:41 PM - Installed MSXML 4.0 SP3 ParserRP39: 10/2/2013 2:25:41 PM - Installed Java 7 Update 40.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.04)CCleanerGoogle ChromeGoogle Update HelperIntel® Graphics Media Accelerator DriverIntel® TV WizardInternet Download ManagerJava 7 Update 40Java Auto UpdaterK-Lite Mega Codec Pack 10.0.0Kaspersky Internet Security 2013Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserPicasa 3Realtek High Definition Audio DriverVLC media player 2.0.8WinRAR 5.00 (32-bit).==== Event Viewer Messages From Past Week ========.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/4/2013 12:33:07 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.10/2/2013 1:46:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.10/2/2013 1:46:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535..==== End Of File ===========================ROUGE KILLER REPORT:RogueKiller V8.7.1 [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : gatesys [Admin rights]Mode : Scan -- Date : 10/04/2013 13:17:06| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD321HJ ATA Device +++++--- User ---[MBR] a2bb0b125743c5fe7226b75de681e0d4[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_10042013_131706.txt >> -
before two months i was infected with pum.hijack.homepage.then i ran few programs myself and deleted those infections.I need to be 100% free from browser hijacks. its annoying that somebody is watching online activity.
-
im using win 7 can i use open dns?
and can you suggest few things which are mandatory for my pc and network security?
-
hello mr.charlie , thanks for your kind assistance.
i've few questions to ask
1. what is open dns and its uses
2. can i use speed up my pc
3. im using mozilla firefox . but there i saw google chrome to use . what should i use
-
hi mr. charlie i could not download in the above link so i downloaded in bleeping computer website.
Results of screen317's Security Check version 0.99.72
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
-
yes system is not slow and i dont install a lot of softwares which i have. but once when i was chatting with friend in g talk he sent a link and i clicked it. It displayed a blank page , from that time problem persists . And later i recognised it was a browser i hijack. my question is is my system clean without any malware and such crap?
-
-
i dont have malware bytes .can i install it now and run because as per your instructions i should not install / uninstall anything .
-
hi mr. charlie ive attached the adw log
-
-
hi there,
i scanned my pc , it displayed no malwares found. i've attached the logs.
-
hi thankyou for your assistance. I've taken the reports. I ve installed Internet Download manager and that is not a peer to peer sharing.So i didnt remove it. Do i need to remove it?
DDS.TXT LOG
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.25.2
Run by gatesys at 14:01:48 on 2013-08-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2036.1332 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{573D783C-21B3-4938-9DDF-56D549DB1EAA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gatesys\appdata\roaming\mozilla\firefox\profiles\0yw037sg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-23 16:39; mozilla_cc@internetdownloadmanager.com; c:\users\gatesys\appdata\roaming\idm\idmmzcc5
FF - ExtSQL: 2013-07-23 17:17; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com
FF - ExtSQL: 2013-07-23 17:17; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com
FF - ExtSQL: 2013-07-23 17:17; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-07-23 20:35; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com
FF - ExtSQL: 2013-07-23 20:35; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-7-24 625304]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-07-31 09:57:57 -------- d-----w- c:\users\gatesys\appdata\local\Google
2013-07-30 13:42:59 -------- d-----w- c:\windows\ERUNT
2013-07-27 07:46:43 -------- d-----w- c:\users\gatesys\appdata\roaming\Malwarebytes
2013-07-27 07:46:36 -------- d-----w- c:\programdata\Malwarebytes
2013-07-27 07:46:30 -------- d-----w- c:\users\gatesys\appdata\local\Programs
2013-07-26 16:45:15 -------- d-----w- c:\users\gatesys\appdata\local\Microsoft Games
2013-07-24 11:38:30 -------- d-----w- c:\program files\PANDORA.TV
2013-07-24 11:37:17 -------- d-----w- c:\program files\The KMPlayer
2013-07-24 10:08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-07-24 10:08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-07-24 10:08:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-07-24 10:08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-07-24 10:08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-07-23 17:35:53 -------- d-----w- c:\users\gatesys\appdata\local\Macromedia
2013-07-23 17:13:46 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2013-07-23 17:13:46 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2013-07-23 17:11:58 1002008 ----a-w- c:\windows\system32\igxpun.exe
2013-07-23 17:11:58 -------- d-----w- c:\windows\system32\Lang
2013-07-23 16:59:30 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-23 16:59:30 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-23 16:58:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-23 16:13:58 -------- d-----w- c:\program files\MSXML 4.0
2013-07-23 16:12:48 -------- d-----w- c:\windows\system32\appmgmt
2013-07-23 15:57:37 -------- d-----w- c:\users\gatesys\appdata\roaming\Autodesk
2013-07-23 15:05:10 -------- d-----w- c:\windows\ELAMBKUP
2013-07-23 15:05:08 -------- d-----w- c:\program files\Kaspersky Lab
2013-07-23 15:05:01 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-07-23 13:32:03 -------- d-----w- c:\users\gatesys\appdata\local\Mozilla
2013-07-23 13:31:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-23 12:49:34 -------- d-----w- c:\users\gatesys\appdata\roaming\uTorrent
2013-07-23 12:07:33 -------- d-----w- c:\program files\VideoLAN
2013-07-23 11:47:41 -------- d-----w- c:\programdata\Kaspersky Lab
2013-07-23 11:45:11 -------- d-----w- c:\program files\CCleaner
2013-07-23 11:36:39 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-07-23 11:36:26 -------- d-----w- c:\windows\PCHEALTH
2013-07-23 11:36:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-07-23 11:35:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-07-23 11:35:23 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-07-23 11:35:11 -------- d-----w- c:\users\gatesys\appdata\local\Microsoft Help
2013-07-23 11:25:24 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-07-23 11:25:06 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-07-23 11:25:06 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-07-23 11:25:06 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-07-23 11:25:06 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-07-23 11:25:06 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-07-23 11:25:05 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2013-07-23 11:25:05 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-07-23 11:21:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-23 11:21:10 -------- d-----w- C:\Intel
2013-07-23 11:17:08 -------- d-sh--w- c:\windows\Installer
2013-07-23 11:17:06 -------- d-----w- C:\TempEI4
2013-07-23 11:09:46 -------- d-----w- c:\users\gatesys\appdata\roaming\IDM
2013-07-23 11:09:46 -------- d-----w- c:\programdata\IDM
2013-07-23 11:09:45 -------- d-----w- c:\users\gatesys\appdata\roaming\DMCache
2013-07-23 11:09:43 -------- d-----w- c:\program files\Internet Download Manager
2013-07-23 04:59:27 -------- d-----w- c:\windows\Panther
2013-07-23 04:59:14 -------- d-sh--w- C:\Boot
2013-07-22 16:36:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 16:36:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-22 16:26:00 -------- d-----w- c:\users\gatesys\appdata\local\Adobe
2013-07-22 16:15:36 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6163b713-eae1-487d-a3e9-d0455274443f}\mpengine.dll
2013-07-22 16:15:36 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-22 15:42:21 -------- d-----w- c:\windows\system32\wbem\Performance
2013-07-22 15:40:09 -------- d-----w- c:\users\gatesys\appdata\local\Diagnostics
.
==================== Find3M ====================
.
2013-07-23 15:58:37 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
.
============= FINISH: 14:01:55.70 ===============ATTACH.TXT LOG
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2013 9:04:49 PM
System Uptime: 8/12/2013 1:46:05 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 73.365 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 55.673 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800
Manufacturer: Realtek
Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_D6088086&REV_01\0000000000EC816800
Service: RTL8167
.
==== System Restore Points ===================
.
RP1: 7/22/2013 9:45:28 PM - Windows Update
RP3: 7/23/2013 4:47:23 PM - Intel Express Installer
RP5: 7/23/2013 4:49:02 PM - Intel ® Express Installer CD Installation - Before
RP7: 7/23/2013 4:50:14 PM - Intel ® Express Installer CD Installation - After
RP9: 7/23/2013 4:50:39 PM - Intel Express Installer
RP11: 7/23/2013 4:51:04 PM - Intel ® Express Installer CD Installation - Before
RP13: 7/23/2013 4:52:14 PM - Intel Express Installer
RP15: 7/23/2013 4:55:08 PM - Installed Realtek High Definition Audio Driver
RP17: 7/23/2013 4:57:50 PM - Intel ® Express Installer CD Installation - After
RP19: 7/23/2013 4:58:12 PM - Intel ® Express Installer CD Installation - Before
RP21: 7/23/2013 4:58:25 PM - Installed Realtek High Definition Audio Driver
RP23: 7/23/2013 5:00:44 PM - Intel Express Installer
RP24: 7/23/2013 5:04:46 PM - Installed Microsoft Office Professional Plus 2010
RP25: 7/23/2013 9:42:29 PM - Removed MSXML 4.0 SP2 Parser and SDK
RP26: 7/23/2013 9:43:49 PM - Installed MSXML 4.0 SP3 Parser
RP27: 7/23/2013 10:28:37 PM - Installed Java 7 Update 25
RP28: 7/24/2013 2:20:28 PM - Installed Adobe Reader XI.
RP29: 7/24/2013 3:38:38 PM - Windows Update
RP31: 7/31/2013 3:44:57 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
CCleaner
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Internet Download Manager
Java 7 Update 25
Java Auto Updater
Kaspersky Internet Security 2013
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
Pandora Service
Picasa 3
Realtek High Definition Audio Driver
The KMPlayer (remove only)
VLC media player 2.0.7
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/6/2013 8:08:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
8/12/2013 1:46:15 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
.
==== End Of File ===========================
ROGUE KILLER REPORT
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : gatesys [Admin rights]
Mode : Scan -- Date : 08/12/2013 14:06:29
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD321HJ ATA Device +++++
--- User ---
[MBR] a2bb0b125743c5fe7226b75de681e0d4
[bSP] bfd27e76ca7524021d98593add749b17 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95243 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195059712 | Size: 65000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 328179712 | Size: 64999 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461299712 | Size: 80000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_08122013_140629.txt >>
RKreport[0]_S_08122013_140448.txt;RKreport[0]_S_08122013_140539.txt
-
when i scanned with mbam it displayed PUM.HIJACK.HOMEPAGE. i know that Someone was was monitoring my online activity. i think it must be browser hijack. i need your help. Thanks in advance.
before i was infected by pum.hijack.homepage
in Resolved Malware Removal Logs
Posted
ok thankyou mr.charlie . finally can i run hijack this program . do you recommend that?