Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

found malware PUM.hijack.homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

found malware PUM.hijack.homepage

Unread postby rocky14321 » October 16th, 2013, 2:15 am

hi malware removal team,
recently i scanned my pc with mbam it found "PUM. hijack.homepage" and another pum i forgot its name and mbam sucessfuly deleted it. one year ago i was chatting with one of my friend and he sent a link and i clicked it. the page showed nothing. and i think it must be a browser hijack. help me to remove such malwares completely from my pc. i already posted here but due to sp1 not installed that post was closed now i instaled sp1.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by gatesys at 11:48:11.99 on Wed 10/16/2013
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.40.2
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1132 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gatesys\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.in/
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gatesys\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2013-7-22 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-16 52224]
.
=============== Created Last 30 ================
.
2013-10-16 05:37:53 -------- d-----w- c:\windows\system32\SPReview
2013-10-16 05:22:59 80720 ----a-w- c:\windows\system32\mscories.dll
2013-10-16 05:20:53 -------- d-----w- c:\windows\system32\EventProviders
2013-10-15 17:10:50 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-10-15 17:09:07 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-10-15 17:09:07 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-10-15 17:09:07 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-10-15 17:09:07 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-10-15 17:09:07 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-10-15 17:09:07 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-10-15 17:03:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-15 17:03:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-10-15 17:03:43 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 16:36:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-15 16:35:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-15 16:35:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-10 09:05:22 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps
2013-10-02 08:56:38 -------- d-----w- c:\progra~2\Oracle
2013-10-02 08:56:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL
.
==================== Find3M ====================
.
2013-10-16 05:35:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-10-13 07:50:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:50:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-02 08:56:15 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 08:56:15 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-14 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 17:29:58 217176 ----a-w- c:\windows\system32\unrar.dll
.
============= FINISH: 11:48:42.77 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2013 9:04:49 PM
System Uptime: 10/16/2013 11:10:31 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 75.921 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 55.701 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 10/16/2013 10:51:43 AM - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
CCleaner
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet Download Manager
Java 7 Update 40
Java Auto Updater
K-Lite Mega Codec Pack 10.0.0
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
Picasa 3
Realtek High Definition Audio Driver
WinRAR 5.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/16/2013 3:18:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/16/2013 11:10:58 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/16/2013 11:10:58 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/15/2013 11:40:03 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================
rocky14321
Member+
 
Posts: 5
Joined: October 13th, 2013, 2:10 pm
Advertisement
Register to Remove

Re: found malware PUM.hijack.homepage

Unread postby Cypher » October 17th, 2013, 10:44 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


recently i scanned my pc with mbam it found "PUM. hijack.homepage" and another pum i forgot its name and mbam sucessfuly deleted it. one year ago i was chatting with one of my friend and he sent a link and i clicked it. the page showed nothing. and i think it must be a browser hijack.


I see one of my colleagues at malwarebytes has already checked your computer for you.
https://forums.malwarebytes.org/index.p ... pic=134259

What problems are you still having? let me know in your next reply.

Please post the log from the Malwarebytes' Anti-Malware scan, where the "PUM. hijack.homepage" was found.
To find the log launch MBAM and click on Logs, they are time dated.

Next.

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Logs/Information to Post in your Next Reply

  • What problems are you still having?
  • Malwarebytes log.
  • MGADiag log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: found malware PUM.hijack.homepage

Unread postby rocky14321 » October 18th, 2013, 5:22 am

hi cypher ,
1. browser was hijacked while i was chatting -this was my problem and i read that "absence of symptoms does not mean the infection is all gone"
2. that log was deleted. and in between i installed os again.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {CEBD0CEB-ED30-4318-998F-C4ABD6750CB3}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CEBD0CEB-ED30-4318-998F-C4ABD6750CB3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1915525720-1561026745-3265111426</SID><SYSTEM><Manufacturer>INTEL</Manufacturer><Model>DG31PR</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>PRG3110H.86A.0065.2009.0421.1559</Version><SMBIOSVersion major="2" minor="4"/><Date>20090421000000.000000+000</Date></BIOS><HWID>75023507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65449</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-2032013
Installation ID: 020351062354042740365594122204384115390263234501810266
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 10/18/2013 2:46:50 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAABAAAAAgABAAEAJJTmBHgvKvFI5Kp21i34xTojymEQrfw3Rso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL DG31PR
FACP INTEL DG31PR
HPET INTEL ICH7HPET
MCFG INTEL DG31PR
SLIC _ASUS_ Notebook
rocky14321
Member+
 
Posts: 5
Joined: October 13th, 2013, 2:10 pm

Re: found malware PUM.hijack.homepage

Unread postby Cypher » October 18th, 2013, 11:06 am

Hi,
A couple of questions so i'm clear.
browser was hijacked while i was chatting

When you say your "browser was hijacked", do you mean your searcher were redirected to a different site?
If yes is it still happening?
that log was deleted. and in between i installed os again.

Do you mean you did a reformat and reinstalled windows?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: found malware PUM.hijack.homepage

Unread postby rocky14321 » October 19th, 2013, 3:18 pm

yes before when i click homepage different sites were redirected . they could monitor my online activity like whatever i browse they could see.But now i don t know whether still someone is monitoring online browsing.that you should confirm it.
yes i reinstalled windows.
rocky14321
Member+
 
Posts: 5
Joined: October 13th, 2013, 2:10 pm

Re: found malware PUM.hijack.homepage

Unread postby Cypher » October 20th, 2013, 5:20 am

Hi,
yes i reinstalled windows.

By reformatting your hard drive you removed all content from the disk, and therefore all modifications any attacker may have made.
Meaning your computer will now be clean. There is something i need to draw your attention to.
Your log shows you have a cracked/illegal copy of Microsoft Office Enterprise 2007 installed on your computer.

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware