recently i scanned my pc with mbam it found "PUM. hijack.homepage" and another pum i forgot its name and mbam sucessfuly deleted it. one year ago i was chatting with one of my friend and he sent a link and i clicked it. the page showed nothing. and i think it must be a browser hijack. help me to remove such malwares completely from my pc. i already posted here but due to sp1 not installed that post was closed now i instaled sp1.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by gatesys at 11:48:11.99 on Wed 10/16/2013
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.40.2
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1132 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gatesys\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.in/
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2013-7-22 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-16 52224]
.
=============== Created Last 30 ================
.
2013-10-16 05:37:53 -------- d-----w- c:\windows\system32\SPReview
2013-10-16 05:22:59 80720 ----a-w- c:\windows\system32\mscories.dll
2013-10-16 05:20:53 -------- d-----w- c:\windows\system32\EventProviders
2013-10-15 17:10:50 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-10-15 17:09:07 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-10-15 17:09:07 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-10-15 17:09:07 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-10-15 17:09:07 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-10-15 17:09:07 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-10-15 17:09:07 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-10-15 17:03:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-15 17:03:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-10-15 17:03:43 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 16:36:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-15 16:35:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-15 16:35:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-10 09:05:22 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps
2013-10-02 08:56:38 -------- d-----w- c:\progra~2\Oracle
2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL
.
==================== Find3M ====================
.
2013-10-16 05:35:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-10-13 07:50:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:50:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-02 08:56:15 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 08:56:15 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-14 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 17:29:58 217176 ----a-w- c:\windows\system32\unrar.dll
.
============= FINISH: 11:48:42.77 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2013 9:04:49 PM
System Uptime: 10/16/2013 11:10:31 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 75.921 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 55.701 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 10/16/2013 10:51:43 AM - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
CCleaner
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet Download Manager
Java 7 Update 40
Java Auto Updater
K-Lite Mega Codec Pack 10.0.0
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
Picasa 3
Realtek High Definition Audio Driver
WinRAR 5.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/16/2013 3:18:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/16/2013 11:10:58 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/16/2013 11:10:58 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/15/2013 11:40:03 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================