Home > General > PUM.Hijack.StartMenu.Infection/TrojanhorsePakes

PUM.Hijack.StartMenu.Infection/TrojanhorsePakes

Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle Can you hear it?It's all around! I believe it is called a KeyRootLogger because it seemed to follow me throughout the system as I tried to fix the problem and insert itself as the Administrator. Before I reinstalled I did a scan with MBAM, everything came up clean. I need you to be patient while I analyze any logs you post. weblink

I couldn't located the space that is filled up. I don't have any logs to go on, as they have also been deleted. Any help is appreciated. Noticed that all networking ports were open into/out of the machine.

combofixlog042011.txt 17.31KB 9 downloads Edited by hamluis, 15 June 2011 - 04:56 PM. I then decided to download a paid app called Xplorer2 (http://www.zabkat.com/) which I have abandoned in the past, because i thought it was the cause for a "Hijack.Drives" i caught long PUP Conduit, Hijack StartMenu, BenchUpdater, Adware, and pcregservice Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you I have run Malware in safe mode a few times and removed the 2 infections; however, the same problem occurs when I restart.

Share this post Link to post Share on other sites Double    New Member Topic Starter Members 46 posts ID: 8   Posted May 15, 2014 I unhid 'Computer' from the Seemed to hijack hard drive and processing power.; made no changes. But after they were installed I ran into some problems. I saw she was under an active fake av virus and rebooted in safe mode and installed Malwarebytes to find and remove the malware.

Have I helped you? Cam Avatar Creator"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post I then use WinDirStat, I found out that the pagefile.sys and hiberfil.sys is using up the space.

Share this post Link to post Share on other sites Double    New Member Topic Starter Members 46 posts ID: 6   Posted May 14, 2014 I asked the question and File not foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. Completion time: 2011-04-20 20:22:10 ComboFix-quarantined-files.txt 2011-04-21 03:22 . Attention to detail is important!

  1. O3 - HKU\S-1-5-21-26503809-3169056269-3851447981-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  2. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state
  3. And I keep getting an odd notification that just doesn't seem like it's legitimate.(I've spent a lot of time on the forums here over the past few weeks while I was
  4. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the
  5. Here is my log: Logfile of HijackThis v1.99.1 Scan saved at 1:04:41 PM, on 8/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe
  6. I have not experienced any slowness or any other affects from a virus or malware as far as I can tell. .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by
  7. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.
  8. Ran combofix, I recognize that I jumped the gun by running combofix, however I had not intended to post here, then thought why not.
  9. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need

Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. Please perform the following scan:Download DDS by sUBs from one of the following links. Read more Answer:PUM.Hijack.StartMenu...Infection/TrojanhorsePakes Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. After I restored, I scanned my computer with Malwarebyte's Anti-Malware and it found the Hijack.StartMenu malware.

I also realize now I am posted in the wrong place and the combofix log I had posted is not helpful.This XP install is not that important it is a OEM have a peek at these guys I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do Will the new computer recognize the second hard drive?

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows Using the site is easy and fun. Answer:pum.hijack startmenu Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete http://scvanet.org/general/pum-hijack-help.html Did you disable any items from appearing in the start menu? 9 more replies Relevance 58.22% Question: PUM.Hijack.StartMenu My little brother just got his laptop back from BestBuy after it stopped

Read more 28 more replies Relevance 58.22% Question: pum.hijack.startmenu Started seeing some strangeness suddenly and then the errors started popping up claiming potential hard disk errors"windows has lost access to the Chrome is the latest Chrome beta.I also found some info online about removing this virus etc, but I wanted some personal advice.Thanks in advance for any help,Barry C Answer:Malware Infection (pum.hijack.startmenu) Use the other options.DDS.pifDDS.COMDouble click on the DDS icon, allow it to run.

I installed MBAM as an extra layer of protection, since even the best AV program may not catch malware.  So, MBAM threw a scare into my day that was utterly unnecessary.

If not please perform the following steps below so we can have a look at the current condition of your machine. Noticed firewall seemed to be disabled. Copy and Paste that report in your next reply.If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.NEXT:Scanning with MalwareBytes' Anti-MalwarePlease Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner.

I believe it is called a KeyRootLogger because it seemed to follow me throughout the system as I tried to fix the problem and insert itself as the Administrator. I downloaded Malwarebytes Anti-Malware and ran a quick scan. I tried that, and two trojans were discovered, both named Exploit.Drop.7, and I removed them. this content Thanks so much!WIN XP SP3Posted are DDS Log, aswMBR Log, and MBAM Log,aswMBR.

Invalid Xml syntax. [ OSession Events ]Error - 4/5/2011 11:01:58 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Do not install any other programs until this if fixed.[/b]Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery I restored the system to a later date in time to get back some files that had been changed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Read more Answer:Was infected with PUM.Hijack.StartMenu Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.