pumhijackho issue

[herbc]

Hi everybody, i had this thing come up in the past and i deleted it but after a Malwarebytes scan there it is again, below is the screenshot. Is there anyway to permanently get rid of it?

In the Title it's spelled with non capaitals, it's really PUM.Hijack.Ho. I will delete it again but i'm wondering why it's coming back, i am not downloading anything.

Just a fwiw, i do not have any open threads about this on any other site, i made sure my Bleeping computer thread was closed.

I'm hoping one of you can help.

 

[VistaKing]

When you click on Remove Selected button and restart and scan again with Quick Scan does it come up again ?

 

[herbc]

I am scanning now so i will let you know, thanks.

 

[VistaKing]

After you run the scan run this tool


Click here DDS

:ar: Click on Download Now button

:ar: Right-click the DDS icon choose Run as administrator to run the tool.

:ar: Place a check next to attact.txt and click Start . When done, DDS will open two logs
DDS.txt
Attach.txt

:ar: Save two logs onto your desktop and upload them with your reply

How to Upload files

Upload a File :
Click on the Go Advanced button under the Message box . Scroll down to Addition Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

 

[herbc]

It appears gone , nothing came up.



OK, i downloaded DDS but when i right click it , it does not allow me to run as admin. What happens is as soon as i click on download from the Bleeping site a notice comes up as shown below.

I hit save and then right click but no run as admin is available

 

[VistaKing]

Restart and Do a full scan now .

 

[herbc]

Here are the logs

I am running a full scan as requested.

 

[VistaKing]

Scan your PC with ESET .

 

[herbc]

The scan came back with nothing.

I ran eset and checked off the appropriate boxes, it came up empty.
Can someone or yourself when you have time look over my logs.

 

[VistaKing]

Lets run RogueKiller


RogueKiller Download

:ar: Click on Download now

:ar: Save to the Desktop.

:ar: Close all windows and browsers

:ar: Right click on

and choose Run as Administrator

:ar: Press: SCAN

ar: provide the RKreport.txt (Mode: Scan) in your reply.

 

[herbc]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : al [Admin rights]
Mode : Scan -- Date : 05/10/2013 03:10:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 ATA Device +++++
--- User ---
[MBR] ef8d4f31926369e4d7bb9bb87da9e88c
[BSP] 943d3c2a959f9dba84794a7edcbb181a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Disk +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05102013_02d0310.txt >>
RKreport[1]_S_05102013_02d0310.txt

 

[VistaKing]

Lets run Malwareware Anti-rootkit

Download : http://downloads.malwarebytes.org/file/mbar

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[herbc]

I'm running it now, you know we can pick this up tomorrow if your tired. It wouldn't be any problem at all.

 

[herbc]

OK, here are the logs

 

[VistaKing]

If you go inside the registry . Click on rb: type REGEDIT inside the Search programs and files box . When REGEDIT appears under Programs (1) right click and choose Run as administrator . On the User Access Control window click on the Yes button .

Inside the Registry navigate to

HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage

Tell me of it has a 0 or a 1 as its Value .

 

[herbc]

Kind of lost, this is what i show

 

[VistaKing]

Inside registry click on the Triangle on the side of each

HKCU
SOFTWARE
Policies
Microsoft
Internet Explorer
Control Panel

Look for Homepage on the right hand side . If there is a 1 under Data . Right click on Homepage choose Modify and input 0 .

   Note

0 is a zero

 

[herbc]

It showed 0 already.

 

[VistaKing]

Do the samething for HKLM

 

[herbc]

In HKLM there is no control panel under internet explorer.