Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo email hacked - questions


  • Please log in to reply
6 replies to this topic

#1 moonscape

moonscape

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 April 2014 - 01:53 AM

I'm not sure if I have a computer issue or not.    Am new here, have read around the site, but ask your patience and forgiveness if I don't do it quite right.   I have macular degeneration and can read, but it's slow going and not sure I got through/found all the instructions.

 

Two days ago my Yahoo email was hacked.    All the group emails went to my contacts only.     There were no logins shown from any IP but mine, and the emails were in my sent folder.    This took me a day to deconstruct!

 

I checked with MalwareBytes and it showed only PUP.Optional.BundleInstaller.A in Microsoft Security essentials download setup.exe file.    I had had MSE, then learned it had gone downhill in recent years, installed Avast! free, uninstalled the later because of the junk it put on my computer, went back to MSE until I could figure out what I was going to use.   Had to use Revo to get rid of all the Avast!     (Recommendations for virus/trojan protection welcome)

 

I've had that email account for maybe 20 years, used only for friends and get almost zero spam on it (really!) because I've been so diligent with it, insistent on no group emails, never entered anywhere, etc.     My password wasn't the greatest, just average, but still - it creeped me out that there was no login from an IP except mine and nobody else is on my network.    

 

Got paranoid enough that I installed SpyShelter to see if I could've gotten a keylogger virus but not much is flagging except a couple of what I think are false positives.    I downloaded KeyPass, but figured changing all my passwords everywhere (I had them stored with a password in LibreOffice) was futile if there was a keylogger.

 

How does a hacker gain access to my Yahoo account from my IP?    ... or is there a way they do it without Yahoo registering the real login?

 

Thanks!

 

 

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 moonscape

moonscape
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 April 2014 - 09:05 PM

Am still concerned about the hack.     I have used  tools mentioned in a generic response as an initial dx  (Security Check, MiniTool, rkill, AdwCleaner, JRT) - have the logs but to my ignorant eye nothing suspicious.  

 

Since then I purchased and am running ESET to replace MSE (probably downloaded it from CNet and now know better)

 

Before reading about the fake flash update prompts, I downloaded from a pop-up at dslreports.com.  Now I know better (not just about flash, but in general)

 

Can one hack my Yahoo web email (spam was in sent folder) without being on my network or logging in at Yahoo?    The only IP shown for login was mine.   If not, then my computer or router was compromised in some way and I'm not even comfortable continuing to change financial passwords until I know.

 

Am pleased to post any old or new logs.

 

Thanks!



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:09 AM

Posted 19 April 2014 - 08:29 PM

How is it after the ESET scan..

also run these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 moonscape

moonscape
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 20 April 2014 - 05:50 PM

If I'm clean (am suspecting yes), is the most likely culprit my router?    I wasn't spoofed as it was all my contacts only, from within my email, and from my IP.   Nobody was physically here with access to my computer or network.    Thanks for checking the logs and your input!

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Carola (administrator) on 20-04-2014 at 15:14:34
Running from "C:\Users\Carola\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 7260 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® Ethernet Connection I218-LM = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Carola-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 0E-8B-FD-6C-62-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 0E-8B-FD-6C-62-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-6C-62-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f3:6c2:af06:d8b5%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.180(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, April 20, 2014 12:19:37 PM
   Lease Expires . . . . . . . . . . : Monday, April 21, 2014 12:19:41 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 386698237
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0D-F6-0B-9C-B6-54-A4-DD-71
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Ethernet Connection I218-LM
   Physical Address. . . . . . . . . : 9C-B6-54-A4-DD-71
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 0C-8B-FD-6C-62-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{645E175B-F81F-48C7-A975-98C741ECD933}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:878:c34:bc4b:1ac7(Preferred)
   Link-local IPv6 Address . . . . . : fe80::878:c34:bc4b:1ac7%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.asus.com
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4005:802::1001
      74.125.239.136
      74.125.239.129
      74.125.239.133
      74.125.239.130
      74.125.239.131
      74.125.239.137
      74.125.239.142
      74.125.239.128
      74.125.239.135
      74.125.239.132
      74.125.239.134


Pinging google.com [74.125.239.134] with 32 bytes of data:
Reply from 74.125.239.134: bytes=32 time=20ms TTL=55
Reply from 74.125.239.134: bytes=32 time=18ms TTL=55

Ping statistics for 74.125.239.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 20ms, Average = 19ms
Server:  router.asus.com
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=95ms TTL=46
Reply from 98.139.183.24: bytes=32 time=94ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 95ms, Average = 94ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...0e 8b fd 6c 62 b3 ......Microsoft Virtual WiFi Miniport Adapter #2
 17...0e 8b fd 6c 62 b4 ......Microsoft Virtual WiFi Miniport Adapter
 16...0c 8b fd 6c 62 b3 ......Intel® Dual Band Wireless-AC 7260
 15...9c b6 54 a4 dd 71 ......Intel® Ethernet Connection I218-LM
 14...0c 8b fd 6c 62 b7 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.180     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.180    276
    192.168.1.180  255.255.255.255         On-link     192.168.1.180    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.180    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.180    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.180    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:878:c34:bc4b:1ac7/128
                                    On-link
 16    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 16    276 fe80::f3:6c2:af06:d8b5/128
                                    On-link
 12    306 fe80::878:c34:bc4b:1ac7/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2014 00:20:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0fee82af-801b-4989-8ea0-d2e3e61d2ba1}

Error: (04/20/2014 08:49:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {98133f1c-69f7-4228-9f1e-0247302a9220}

Error: (04/17/2014 11:52:58 AM) (Source: ISCTAgent) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (04/17/2014 11:52:47 AM) (Source: flcdlock) (User: )
Description: Current SID profile operation failed with unknown exception.

Error: (04/16/2014 02:54:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Utilities\Revo Uninstaller Pro\RevoUninPro.exe Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - HP Setup; Error = 0x80070005).

Error: (04/16/2014 02:54:41 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {999d5b82-6ca1-4320-8288-a42584e9dc74}

Error: (04/16/2014 02:49:07 PM) (Source: flcdlock) (User: )
Description: Current SID profile operation failed with unknown exception.

Error: (04/16/2014 02:03:45 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Utilities\Revo Uninstaller Pro\RevoUninPro.exe Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - HP Setup; Error = 0x80070005).

Error: (04/16/2014 02:00:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2b036bd2-7535-49bd-9e33-86a4891c108b}

Error: (04/16/2014 01:09:43 AM) (Source: flcdlock) (User: )
Description: Current SID profile operation failed with unknown exception.


System errors:
=============
Error: (04/20/2014 00:24:51 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/20/2014 00:19:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/20/2014 08:44:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/19/2014 10:19:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/19/2014 03:28:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/19/2014 10:32:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/18/2014 10:57:14 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/17/2014 11:54:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/17/2014 11:52:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/17/2014 09:55:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (04/20/2014 00:20:20 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0fee82af-801b-4989-8ea0-d2e3e61d2ba1}

Error: (04/20/2014 08:49:01 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {98133f1c-69f7-4228-9f1e-0247302a9220}

Error: (04/17/2014 11:52:58 AM) (Source: ISCTAgent)(User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (04/17/2014 11:52:47 AM) (Source: flcdlock)(User: )
Description:

Error: (04/16/2014 02:54:50 PM) (Source: System Restore)(User: )
Description: C:\Utilities\Revo Uninstaller Pro\RevoUninPro.exe Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - HP Setup0x80070005

Error: (04/16/2014 02:54:41 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {999d5b82-6ca1-4320-8288-a42584e9dc74}

Error: (04/16/2014 02:49:07 PM) (Source: flcdlock)(User: )
Description:

Error: (04/16/2014 02:03:45 PM) (Source: System Restore)(User: )
Description: C:\Utilities\Revo Uninstaller Pro\RevoUninPro.exe Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - HP Setup0x80070005

Error: (04/16/2014 02:00:39 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2b036bd2-7535-49bd-9e33-86a4891c108b}

Error: (04/16/2014 01:09:43 AM) (Source: flcdlock)(User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2013-11-07 16:45:58.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-07 16:45:58.296
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 13 Plugin (Version: 13.0.0.182)
Alcor Micro Smart Card Reader Driver (Version: 1.7.35.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-8810DW (Version: 2.0.1.0)
CyberLink PowerDVD 12 (Version: 12.0.2.3115)
Energy Star (Version: 1.0.9)
ESET NOD32 Antivirus (Version: 7.0.302.26)
GPSoftware Directory Opus (Version: 10.5.5.0)
Hewlett-Packard ACLM.NET v1.2.2.1 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 6.0.16.1)
HP Client Security Manager (Version: 8.2.0.1663)
HP Connection Manager (Version: 4.6.12.1)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Device Access Manager (Version: 8.2.0.10)
HP Documentation (Version: 1.1.0.0)
HP ESU for Microsoft Windows 7 (Version: 2.3.1)
HP File Sanitizer (Version: 8.4.11.1)
HP Hotkey Support (Version: 5.0.24.1)
HP PageLift (Version: 1.0.11.1)
HP Postscript Converter (Version: 4.5.12120)
HP Setup (Version: 9.1.15453.4066)
HP SoftPaq Download Manager (Version: 3.4.11.0)
HP Software Setup (Version: 8.7.2.1)
HP Support Assistant (Version: 7.2.23.56)
HP Support Information (Version: 13.00.0000)
HP System Default Settings (Version: 2.6.1)
HP Theft Recovery (Version: 8.2.0.9)
HP Trust Circles (Version: 8.2.15.16418)
Iconoid version 3.8.6 (Version: 3.8.6)
IDT Audio (Version: 1.0.6486.0)
Intel® Management Engine Components (Version: 9.5.15.1730)
Intel® Network Connections Drivers (Version: 18.7)
Intel® PRO/Wireless Driver (Version: 16.01.3000.0512)
Intel® Processor Graphics (Version: 9.18.10.3324)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1332.1) (Version: 3.1.1307.0366)
Intel® Rapid Storage Technology (Version: 12.8.6.1000)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 3.0.0.66956)
Intel® Smart Connect Technology (Version: 4.2.40.2384)
Intel® Update Manager (Version: 2.3.1338)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 2.5.1.28)
Intel® WiDi (Version: 4.2.19.0)
Intel® PROSet/Wireless Software (Version: 16.1.3)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.3000.0254)
Intel® Trusted Connect Service Client (Version: 1.31.8.1)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
LastPass (uninstall only)
LibreOffice 4.2.1.1 (Version: 4.2.1.1)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
mIRC (Version: 7.32)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
Mozilla Thunderbird 24.3.0 (x86 en-US) (Version: 24.3.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0005)
Nuance PDF Viewer Plus (Version: 5.30.3290)
opensource (Version: 1.0.14960.3876)
PaperPort Image Printer 64-bit (Version: 14.00.0000)
PDF Complete Corporate Edition (Version: 4.1.50)
Realtek Card Reader (Version: 1.1.9200.22)
Restore Point Creator version 2.3 (Version: 2.3)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
Sandboxie 4.08 (64-bit) (Version: 4.08)
Scansoft PDF Professional
Synaptics Pointing Device Driver (Version: 17.0.8.3)
TurboTax 2013 (Version: 2013.0)
TurboTax 2013 wcaiper (Version: 013.000.1280)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1986)
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492)
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168)
TurboTax 2013 wrapper (Version: 013.000.0135)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Validity Fingerprint Sensor Driver (Version: 4.5.130.0)
WinPatrol (Version: 30.5.2014.1)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 7833.06 MB
Available physical RAM: 5620.37 MB
Total Pagefile: 15664.3 MB
Available Pagefile: 13328.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.49 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:451.41 GB) (Free:398.04 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.34 GB) (Free:1.26 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

========================= Users: ========================================

User accounts for \\CAROLA-HP

Administrator            Carola                   CMD                      
Guest                    


**** End of log ****
 



#5 moonscape

moonscape
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 20 April 2014 - 05:55 PM

TDSSKiller - no infected or suspicious files found

 

# AdwCleaner v3.101 - Report created 20/04/2014 at 15:32:20
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Carola - CAROLA-HP
# Running from : C:\Users\Carola\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Package Cache

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\classes\STacAPI.CODECCtrls
Key Deleted : HKLM\SOFTWARE\classes\STacAPI.CODECCtrls.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Carola\AppData\Roaming\Mozilla\Firefox\Profiles\nwo4vbg2.default-1392139238671\prefs.js ]


*************************

AdwCleaner[R0].txt - [789 octets] - [14/04/2014 16:11:13]
AdwCleaner[R1].txt - [1060 octets] - [20/04/2014 15:28:55]
AdwCleaner[S0].txt - [849 octets] - [14/04/2014 16:12:12]
AdwCleaner[S1].txt - [991 octets] - [20/04/2014 15:32:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1050 octets] ##########
 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Carola on Sun 04/20/2014 at 15:35:41.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Carola\AppData\Roaming\mozilla\firefox\profiles\nwo4vbg2.default-1392139238671\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/20/2014 at 15:41:58.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:09 AM

Posted 20 April 2014 - 11:25 PM

Very probable it was the router and it should be reset and passworded.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 moonscape

moonscape
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 20 April 2014 - 11:59 PM

Thanks very much for your time!   Will do.


Edited by moonscape, 21 April 2014 - 12:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users