Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can't get rid of this adware
New Posts  All Forums:Forum Nav:

Can't get rid of this adware - Page 2

post #11 of 20
Quote:
Originally Posted by flushentitypacket View Post
Ended the Acrotray process and removed it from my startup. It seems like that fixed the redirecting problem--I will let you guys know if there are any more problems!
Awesome, checking processes is always the first step. Now make sure Firefox has your homepage and everything still default. Also run a full scan with Malwarebytes or any other program you prefer. After that, use CCleaner to clean your temp folder, your history, cookies, etc. Restart.

You want to absolutely make sure everything is gone before you go logging into stuff. Your information is at risk.
post #12 of 20
If you've tried Malwarebytes, now try Superantispyware.

LINK: http://www.superantispyware.com
EconoGamer#
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K 5 GHz (delidded) ASRock Z97 Extreme4 nVidia Titan Xp Team Xtreem 16GB/2400 
Hard DriveHard DriveCoolingOS
Corsair Force GT 120G SSD (OS) Crucial MX200 500G SSD (Games) Corsair H75 Hydro Cooler Windows 10 x64 
MonitorKeyboardPowerCase
Acer Predator Z35 Corsair K95 RGB Platinum Corsair HX750 v2 80+ Gold Thermaltake Core X9 (M0dd3D!) 
MouseMouse PadAudioAudio
Logitech G403 wireless XTrac Ripper XL (cloth) Realtek ALC1150 (on-board) Audio Technica ATH-MSR7 Headphones 
  hide details  
Reply
EconoGamer#
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K 5 GHz (delidded) ASRock Z97 Extreme4 nVidia Titan Xp Team Xtreem 16GB/2400 
Hard DriveHard DriveCoolingOS
Corsair Force GT 120G SSD (OS) Crucial MX200 500G SSD (Games) Corsair H75 Hydro Cooler Windows 10 x64 
MonitorKeyboardPowerCase
Acer Predator Z35 Corsair K95 RGB Platinum Corsair HX750 v2 80+ Gold Thermaltake Core X9 (M0dd3D!) 
MouseMouse PadAudioAudio
Logitech G403 wireless XTrac Ripper XL (cloth) Realtek ALC1150 (on-board) Audio Technica ATH-MSR7 Headphones 
  hide details  
Reply
post #13 of 20
Thread Starter 
Never mind. It's back.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:17 PM, on 3/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\askeng.exe
C:\\Windows\\system32\askhost.exe
C:\\Program Files\\Connectify\\ConnectifyService.exe
C:\\Program Files\\PowerISO\\PWRISOVM.EXE
C:\\Program Files\\AVG\\AVG9\\avgtray.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Windows\\System32\\hkcmd.exe
C:\\Windows\\System32\\igfxpers.exe
C:\\Program Files\\Connectify\\Connectifyd.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe
C:\\Program Files\\Trillian\rillian.exe
C:\\Program Files\\Skype\\Phone\\Skype.exe
C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Mozilla Firefox\\plugin-container.exe
C:\\Users\\Ron\\Desktop\\HijackThis.exe
C:\\Windows\\system32\\SearchFilterHost.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyOverride = *.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG9\\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O4 - HKLM\\..\\Run: [PWRISOVM.EXE] C:\\Program Files\\PowerISO\\PWRISOVM.EXE
O4 - HKLM\\..\\Run: [AVG9_TRAY] C:\\PROGRA~1\\AVG\\AVG9\\avgtray.exe
O4 - HKLM\\..\\Run: [SynTPEnh] %ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
O9 - Extra button: @C:\\Windows\\WindowsMobile\\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\\Windows\\WindowsMobile\\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\Windows\\WindowsMobile\\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\\Windows\\WindowsMobile\\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\Windows\\WindowsMobile\\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG9\\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG9\\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG9\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\\Windows\\system32\\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\\Program Files\\WinPcap\
pcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\\Program Files\\Spybot - Search & Destroy\\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

--
End of file - 6372 bytes
Current
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k ASRock Z68 Extreme4 Gen3 EVGA GTX 570 Classified 4x4GB Corsair XMS3 
Hard DriveCoolingPowerCase
Samsung 830 Thermaltake Frio OCZ ZS 850W Lian Li Lancool First Knight K9 
MouseAudioOtherOther
Logitech G500 Audinst HUD-MX1 Sennheiser HD598 Swan D1080MkII 
  hide details  
Reply
Current
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k ASRock Z68 Extreme4 Gen3 EVGA GTX 570 Classified 4x4GB Corsair XMS3 
Hard DriveCoolingPowerCase
Samsung 830 Thermaltake Frio OCZ ZS 850W Lian Li Lancool First Knight K9 
MouseAudioOtherOther
Logitech G500 Audinst HUD-MX1 Sennheiser HD598 Swan D1080MkII 
  hide details  
Reply
post #14 of 20
Hi,

I am new to these forums but this is the only place where I found the exact issue I am having - it seems to be pretty rare. I think I got the malware from a website which must have been infected with the file. If anyone has figured this out, can you please update it? Thank you.
post #15 of 20
Try roguefix http://www.internetinspiration.co.uk/roguefix.htm

Do be aware however the program can be quite ruthless so -

1. You must follow the instructions for use exactly.
2. Backup critical data first.
Firefly
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 ASUS P8Z68-V LX ASUS 6950 + Powercolor 6950 (CF) Gskill Ripjaw 8Gb 
Hard DriveOptical DriveCoolingOS
A-Data S599 SSD (RAID0) Does this matter anymore? Lots of fans Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
ASUS 27", ACER 24'' x 2 Logitech G15 Coolermaster Extreme Power + 700W Coolermaster Stacker 830 Evo 
MouseMouse PadAudioOther
Logitech G5 Laser Razer Mantis Creative X-Fi Gamer Logitech Z5500's 
  hide details  
Reply
Firefly
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 ASUS P8Z68-V LX ASUS 6950 + Powercolor 6950 (CF) Gskill Ripjaw 8Gb 
Hard DriveOptical DriveCoolingOS
A-Data S599 SSD (RAID0) Does this matter anymore? Lots of fans Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
ASUS 27", ACER 24'' x 2 Logitech G15 Coolermaster Extreme Power + 700W Coolermaster Stacker 830 Evo 
MouseMouse PadAudioOther
Logitech G5 Laser Razer Mantis Creative X-Fi Gamer Logitech Z5500's 
  hide details  
Reply
post #16 of 20
Ad-Aware should clear that up no problem
Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9550 Yorkfield 2.83GHz 12MB L2 ASUS Striker II Formla 775 NVIDIA nForce 780i SLI HIS Radeon 4870 1gb 8 GB's DDR2@ 1066 Mghz 
Hard DriveOSMonitorKeyboard
500 Gig Sata Windows 7 Ultimate x64 ACER H233H 23 inch G15 
PowerCaseMouseMouse Pad
Ultra 750w NZXT Beta Gaming Mid-Tower Case LogiTech G9 UMadBrah? It works 
  hide details  
Reply
Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q9550 Yorkfield 2.83GHz 12MB L2 ASUS Striker II Formla 775 NVIDIA nForce 780i SLI HIS Radeon 4870 1gb 8 GB's DDR2@ 1066 Mghz 
Hard DriveOSMonitorKeyboard
500 Gig Sata Windows 7 Ultimate x64 ACER H233H 23 inch G15 
PowerCaseMouseMouse Pad
Ultra 750w NZXT Beta Gaming Mid-Tower Case LogiTech G9 UMadBrah? It works 
  hide details  
Reply
post #17 of 20
you can try ComboFix http://www.bleepingcomputer.com/comb...o-use-combofix

^ READ THE WARNINGS AND INSTRUCTIONS FOR COMBOFIX! RUN AT YOUR OWN RISK


also, try repairing the Host file, it's possible that even after removing the malware/adware/virus that the host file is still messed up and causing redirects

run this little guy http://support.microsoft.com/kb/972034

see if that helps you out
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
post #18 of 20
Quote:
Try roguefix http://www.internetinspiration.co.uk/roguefix.htm

Do be aware however the program can be quite ruthless so -

1. You must follow the instructions for use exactly.
2. Backup critical data first.
Nonchalat, I wasn't able to try your suggestion since the program only works for XP and I am running 64-bit Windows 7.

Quote:
you can try ComboFix http://www.bleepingcomputer.com/comb...o-use-combofix

^ READ THE WARNINGS AND INSTRUCTIONS FOR COMBOFIX! RUN AT YOUR OWN RISK


also, try repairing the Host file, it's possible that even after removing the malware/adware/virus that the host file is still messed up and causing redirects

run this little guy http://support.microsoft.com/kb/972034
I did try this, however every time I run it I get a blue screen of death... Any suggestions?
post #19 of 20
Quote:
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\\Windows\\system32\\GameMon.des.exe (file missing)
I did some checking on this and it seems to be a likely culprit.

Quote:
(Command: GameMon.des>
Description: Added by the Trojan.Downexec.C Trojan. Trojan.Downexec.C is a Trojan horse that may download files and steal information from the compromised computer.)

generally speaking, a file with more than one extension is highly suspect. you might have a rootkit related problem and should consider a rootkit removal app such as rootrepeal.
Pro Tem
(15 items)
 
  
CPUMotherboardGraphicsGraphics
i5 25oo MSI P67A-GD65 B3 MSi GTX56oTX-Ti Asus Direct CUii GTX56o Ti 
RAMHard DriveOptical DriveCooling
CORSAIR XMS3 8GB C3oo 128GB / 2x5ooGB WDGreen / 1.5TB SG LG DvD Burner Hyper 212+ 
OSMonitorPowerCase
Win7 HP 64 AcerH233H / Acer X2o3H Antec 75oW Raidmax Smilodon Extreme fan mod 
  hide details  
Reply
Pro Tem
(15 items)
 
  
CPUMotherboardGraphicsGraphics
i5 25oo MSI P67A-GD65 B3 MSi GTX56oTX-Ti Asus Direct CUii GTX56o Ti 
RAMHard DriveOptical DriveCooling
CORSAIR XMS3 8GB C3oo 128GB / 2x5ooGB WDGreen / 1.5TB SG LG DvD Burner Hyper 212+ 
OSMonitorPowerCase
Win7 HP 64 AcerH233H / Acer X2o3H Antec 75oW Raidmax Smilodon Extreme fan mod 
  hide details  
Reply
post #20 of 20
Thread Starter 
I have reformatted since I made this post. I hope you have some luck with grishka's suggestion, arguav74. Seems like the problem.

If that's not it, then post your own Hijackthis log in a new thread. For now, this thread is dead.

Thanks to everyone who helped!
Current
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k ASRock Z68 Extreme4 Gen3 EVGA GTX 570 Classified 4x4GB Corsair XMS3 
Hard DriveCoolingPowerCase
Samsung 830 Thermaltake Frio OCZ ZS 850W Lian Li Lancool First Knight K9 
MouseAudioOtherOther
Logitech G500 Audinst HUD-MX1 Sennheiser HD598 Swan D1080MkII 
  hide details  
Reply
Current
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k ASRock Z68 Extreme4 Gen3 EVGA GTX 570 Classified 4x4GB Corsair XMS3 
Hard DriveCoolingPowerCase
Samsung 830 Thermaltake Frio OCZ ZS 850W Lian Li Lancool First Knight K9 
MouseAudioOtherOther
Logitech G500 Audinst HUD-MX1 Sennheiser HD598 Swan D1080MkII 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can't get rid of this adware