Jump to content

Recommended Posts

Hi I am running Windows 7 and half Windows Security Essentials, but I do not know how this happened. I am getting pop-ups from "blinx" "chinaontv" "mevio" "twitter" and others. The problems are mainly in IE though when running Firefox it seems to have a few problems too. When I click a drop-down menu on my browser it will crash, then restore...this will happen a few times before it just won't restore at all. I ran malwarebytes a few days ago and i quarantined a "trojan.downloader" and "trojan.sharpro.pgen" but the problems still persist. I am not computer illiterate but I am pretty novice. I can give you whatever information you need just direct me please.

Here is the log of the MbAM scan I just ran:

mbam-log-2011-11-23 (10-51-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 4248

Time elapsed: 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you!

Link to post
Share on other sites

I tried to run HijackThis but I got this message:

"For some reason your system denied write access to the Hosts file.

If any hijacked domains are in this file HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click

Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.

Save the file as 'hosts'. (with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon,

and choose 'Run as administrator'."

I checked my "hosts" file and nothing appeared odd to me....this is it:

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

I know it might not be easy to help with limited info, but let me know what you need and I will do my best to get it.

Link to post
Share on other sites

I finally got HijackThis log to save....hope this helps:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:18:55 PM, on 11/28/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Kitco\KcastWin7.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://g.msn.com/USSMB/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53}

- c:\Program Files\Trend Micro\Client Server Security

Agent\bho\1009\TmIEPlg.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper -

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows

Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN

Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 -

{8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN

Toolbar\Platform\6.3.2291.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F}

- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files\Trend

Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program

Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program

Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe"

-resume

O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT

LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA

Client\concentr.exe" /startup

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security

Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program

Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe

O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [KcastWin7] "C:\Program Files\Kitco\KcastWin7.exe"

O4 - HKCU\..\Run: [winupd] C:\Users\SBCJBU~1\AppData\Local\Temp\winupd.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC-Doctor Update] rundll32

"C:\Users\SBCJbuy-1\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL",DllRegisterServer

O4 - HKCU\..\Run: [{8CB7B8AC-0A38-46E4-A7C8-86F8346A5467}Data]

rundll32.exe C:\Users\SBCJbuy-1\AppData\Local\{8CB7B8AC-0A38-46E4-A7C8-86F8346A5467}\{8CB7B8AC-0A38-46E4-A7C8-86F8346A5467}Data\{8CB7B8AC-0A38-46E4-A7C8-86F8346A5467}data.DLL,DllRegisterServer

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org

3\program\quickstart.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program

Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows

Live\Companion\companionlang.dll,-600 -

{0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows

Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows

Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows

Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common

files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common

files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

O16 - DPF: {A4199744-C60E-467B-B4DA-38C0729140F6} (Bosch Divar_MR

WebViewer Control) - http://216.186.177.148/divar_mr_wv.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

c:\Program Files\Trend Micro\Client Server Security

Agent\bho\1009\TmIEPlg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -

C:\Program Files\Windows Live\Photo

Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe

Systems Incorporated - C:\Program Files\Common

Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea

Electronics Corporation - C:\Program

Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom

Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc.

- C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google

Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program

Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax

Service (HPM1210RcvFaxSrvc) - Marvell - C:\Program Files\HP\HP

LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

O23 - Service: HP SI Service (HPSIService) - HP -

C:\Windows\system32\HPSIsvc.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc.

- C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program

Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan

(ntrtscan) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client

Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent

(svcGenericHost) - Trend Micro Inc. - c:\Program Files\Trend

Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener

(tmlisten) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client

Server Security Agent\tmlisten.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal

Firewall (TmPfw) - Trend Micro Inc. - c:\Program Files\Trend

Micro\Client Server Security Agent\TmPfw.exe

O23 - Service: Trend Micro Client/Server Security Agent Proxy Service

(TmProxy) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client

Server Security Agent\TmProxy.exe

--

End of file - 14083 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Uncheck wordwrap in Notepad please.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.