Overclock.net › Forums › Software, Programming and Coding › Other Software › I have a problem with Malware/adware or a virus
New Posts  All Forums:Forum Nav:

I have a problem with Malware/adware or a virus

post #1 of 7
Thread Starter 
Using the latest firefox, about a week ago, i started having "redirects" almost constantly from Google search engine. I would back up a page, reclick and all would be fine. Now I can viewing a web page and all of a sudden (without clicking anything) another tab would open up to some website. Each time they have been different sites. Most of them telling me I have won something or trying to sale me something.

I have tried Malwarebytes, AVG and spybot to no avail, everything comes back clean. Any ideas on a different program that may take care of this for me? Normally AVG and malwarebytes work just fine, but no luck this time.

thx
ASUS G73 laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 720QM(1.6GHz) ATI Mobility Radeon HD 5870 (1G GDDR5) 6GB DDR3 500GB 
Optical DriveOS
DVD Super Multi Windows 7 64 bit 
  hide details  
Reply
ASUS G73 laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 720QM(1.6GHz) ATI Mobility Radeon HD 5870 (1G GDDR5) 6GB DDR3 500GB 
Optical DriveOS
DVD Super Multi Windows 7 64 bit 
  hide details  
Reply
post #2 of 7
Care to get this, scan and post a log. http://free.antivirus.com/hijackthis/
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
post #3 of 7
Thread Starter 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:07 PM, on 3/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\brsvc01a.exe
C:\\WINDOWS\\system32\\brss01a.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe
C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\GIGABYTE\\EnergySaver\\GSvr.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
C:\\Program Files\\LogMeIn\\x86\\LMIGuardianSvc.exe
C:\\Program Files\\LogMeIn\\x86\\RaMaint.exe
C:\\Program Files\\LogMeIn\\x86\\LogMeIn.exe
C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe
C:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe
C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwriter.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\AVG\\AVG10\\avgnsx.exe
C:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WLService.exe
C:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WUSB54GC.exe
C:\\WINDOWS\\system32\\fxssvc.exe
C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe
C:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe
C:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe
C:\\WINDOWS\\system32\\RUNDLL32.EXE
C:\\Program Files\\AVG\\AVG10\\avgtray.exe
C:\\Program Files\\ACT\\Act for Windows\\Act.Outlook.Service.exe
C:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe
C:\\Program Files\\Vonage\\Vonage Companion\\companion.exe
C:\\PROGRA~1\\RingCentral\\RingCentral Call Controller\\RCUI.exe
C:\\Program Files\\Common Files\\LogiShrd\\KHAL3\\KHALMNPR.EXE
C:\\PROGRA~1\\RingCentral\\RingCentral Call Controller\\RCHotKey.exe
C:\\Program Files\\AVG\\AVG10\\Identity Protection\\agent\\bin\\avgidsmonitor.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe
C:\\Program Files\\AVG\\AVG10\\avgcsrvx.exe
C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Mozilla Firefox\\plugin-container.exe
C:\\Documents and Settings\\Brian Roddam\\Local Settings\\Apps\\2.0\\NLGQYYD2.69G\\KKA2M5EQ.Q7N\\3 sixty_13c5df2c701b7d7c_0003.0000_5932d75f0976660c\ \3sixty.exe
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe
C:\\PMW140\\PCMWIN32.EXE
C:\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE
C:\\WINDOWS\\system32\\SNDVOL32.EXE
C:\\WINDOWS\\system32\\SNDVOL32.EXE
C:\\WINDOWS\\system32\\msiexec.exe
C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG10\\avgssie.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugi n.dll
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Zboard] C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe
O4 - HKLM\\..\\Run: [Monitor] C:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe
O4 - HKLM\\..\\Run: [EvtMgr6] C:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe /launchGaming
O4 - HKLM\\..\\Run: [Client Access Service] "C:\\Program Files\\IBM\\Client Access\\cwbsvstr.exe"
O4 - HKLM\\..\\Run: [Rzehuropifat] rundll32.exe "C:\\WINDOWS\\egadoxiy.dll",Startup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] C:\\Program Files\\NVIDIA Corporation\
View\
wiz.exe /installquiet
O4 - HKLM\\..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe
O4 - HKLM\\..\\Run: [Act.Outlook.Service] "C:\\Program Files\\ACT\\Act for Windows\\Act.Outlook.Service.exe"
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKLM\\..\\Run: [LogMeIn GUI] "C:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [Adobe ARM] "C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"
O4 - HKLM\\..\\Run: [AppleSyncNotifier] C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKCU\\..\\Run: [Pmiheweriquyiw] rundll32.exe "C:\\WINDOWS\\ctcvin.dll",Startup
O4 - HKCU\\..\\Run: [Vonage Companion] "C:\\Program Files\\Vonage\\Vonage Companion\\companion.exe"
O4 - HKCU\\..\\Run: [RCUI] "C:\\PROGRA~1\\RingCentral\\RingCentral Call Controller\\RCUI.exe"
O4 - HKCU\\..\\Run: [RCHotKey] "C:\\PROGRA~1\\RingCentral\\RingCentral Call Controller\\RCHotKey.exe"
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.ex e" -t (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [DWQueuedReporting] "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.ex e" -t (User 'Default user')
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\TransCore\\3sixty Freight Match Prerequisites\\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\\WINDOWS\\system32\\brsvc01a.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\\WINDOWS\\CWBRXD.EXE
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\\Program Files\\GIGABYTE\\EnergySaver\\GSvr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\\Program Files\\LogMeIn\\x86\\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\\Program Files\\LogMeIn\\x86\\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\\Program Files\\LogMeIn\\x86\\LogMeIn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\\WINDOWS\\system32\\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WLService.exe

--
End of file - 9887 bytes
ASUS G73 laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 720QM(1.6GHz) ATI Mobility Radeon HD 5870 (1G GDDR5) 6GB DDR3 500GB 
Optical DriveOS
DVD Super Multi Windows 7 64 bit 
  hide details  
Reply
ASUS G73 laptop
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 720QM(1.6GHz) ATI Mobility Radeon HD 5870 (1G GDDR5) 6GB DDR3 500GB 
Optical DriveOS
DVD Super Multi Windows 7 64 bit 
  hide details  
Reply
post #4 of 7
http://www.hijackremote.com/RecentSpywareDetail704.aspx

Close browsers and remove those. I would also run CCleaner after that.
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
post #5 of 7
Sorry, takin' care of my daughter atm. Anyway, not a pro with that software, can't see anything else suspicious there.
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
R.I.P. MJ
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T BE GA-890FXA-UD7 Rev. 2.0 2x AX6950 2GBD5-M2DH CMP8GX3M4A1600C8 
Hard DriveOSPowerCase
WD7500AALX W7 Ultimate 64Bit CMPSU-850HXEU RV02-BW 
Mouse
Cyborg R.a.t. 7 
  hide details  
Reply
post #6 of 7
post it on the hijack this forums maybe they can help as well?
   
Spare Rigs
(13 items)
 
CPUMotherboardGraphicsRAM
core 2 duo P8700@2.53GHz 2242CTO Intel X4500MHD 4gb 
Hard DriveOptical DriveOSMonitor
fujitsu 320gb dvd rom cd/rw Windows 7 Professional x64 15.4" 
PowerCaseMouse
Panasonic 6-cell + 65W AC adapter lenovo t500 Logitech MX518 
CPUMotherboardGraphicsRAM
Intel i5 760 evga p55 sli MSI gtx460 Hawk corsair dominator 
Hard DriveCoolingOSMonitor
kingston ssdnow hyper 212+ windows 7 professional sam syncmaster 
MonitorKeyboardPowerCase
Acer Razer Blackwidow ocz 650W coolermaster elite 335 
Mouse
Logitech MX518 
  hide details  
Reply
   
Spare Rigs
(13 items)
 
CPUMotherboardGraphicsRAM
core 2 duo P8700@2.53GHz 2242CTO Intel X4500MHD 4gb 
Hard DriveOptical DriveOSMonitor
fujitsu 320gb dvd rom cd/rw Windows 7 Professional x64 15.4" 
PowerCaseMouse
Panasonic 6-cell + 65W AC adapter lenovo t500 Logitech MX518 
CPUMotherboardGraphicsRAM
Intel i5 760 evga p55 sli MSI gtx460 Hawk corsair dominator 
Hard DriveCoolingOSMonitor
kingston ssdnow hyper 212+ windows 7 professional sam syncmaster 
MonitorKeyboardPowerCase
Acer Razer Blackwidow ocz 650W coolermaster elite 335 
Mouse
Logitech MX518 
  hide details  
Reply
post #7 of 7
O4 - HKLM\\..\\Run: [Rzehuropifat] rundll32.exe "C:\\WINDOWS\\egadoxiy.dll",Startup

O4 - HKCU\\..\\Run: [Pmiheweriquyiw] rundll32.exe "C:\\WINDOWS\\ctcvin.dll",Startup
PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700K eVGA Classified K eVGA GTX970SSC G.Skill F4-3600C16-16GTZ 
Hard DriveOptical DriveCoolingOS
2x Samsung 960 EVO M.2 RAID0 Samsung SH-S223L Custom Loop D5 Vario, Thermochill PA140.3, Heat... W7 U SP1 x64 
MonitorKeyboardPowerCase
Viewsonic VX2770 Logitech Corsair AX1200, APC RS1500 LCD Thermaltake VG4000SNA  
Mouse
Logitech 
  hide details  
Reply
PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700K eVGA Classified K eVGA GTX970SSC G.Skill F4-3600C16-16GTZ 
Hard DriveOptical DriveCoolingOS
2x Samsung 960 EVO M.2 RAID0 Samsung SH-S223L Custom Loop D5 Vario, Thermochill PA140.3, Heat... W7 U SP1 x64 
MonitorKeyboardPowerCase
Viewsonic VX2770 Logitech Corsair AX1200, APC RS1500 LCD Thermaltake VG4000SNA  
Mouse
Logitech 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Other Software
Overclock.net › Forums › Software, Programming and Coding › Other Software › I have a problem with Malware/adware or a virus