Jump to content

Malwarebytes and Antivirus not finding whats causing phishing pop up


Recommended Posts

Help, I have run McAfee and Malwarebytes to find whats doing this:

phish.jpg

I installed the newest version of firefox as well but it still appears.

Sorry about the wrong forum and also I guess I should provide some more info. It is the same on IE and Firefox, and it has come up on ebay, banks sites and paypal. A warning does come up saying there are unencrpyted and encrypted items trying to be sent. Thanks!

Link to post
Share on other sites

So I figured out how to read and followed the insturtions "I'm Infected..."

Heres the DDS:

DDS (Ver_10-10-31.01) - NTFSx86

Run by Brad at 14:02:03.05 on Sun 10/31/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3046.1737 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Steam\Steam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\GmoteServer\GmoteServer.exe

C:\Users\Brad\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Java\jre6\bin\javaw.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Brad\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Google Update] "c:\users\brad\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [FXSSutil] rundll32 "c:\users\brad\appdata\local\temp\fasttugc.dll",CreateProcessNotify

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [solidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\brad\appdata\roaming\micros~1\windows\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/68.08/uploader2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\brad\appdata\roaming\mozilla\firefox\profiles\q47cj8iu.default\

FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\users\brad\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-11 343664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-10-23 21256]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-10-23 146448]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-10-23 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-11 70728]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-9-30 91456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-11 91672]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-11 43288]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-10-15 87336]

S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-12-4 17432]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-8-6 20504]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-11 65448]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-10-31 16:28:02 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2010-10-31 16:28:00 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2010-10-31 16:28:00 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2010-10-29 20:33:39 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{63ff4da4-73bc-4dd7-8f43-0ad347bd5462}\mpengine.dll

2010-10-28 06:03:14 -------- d-----w- c:\progra~2\McAfee Security Scan

2010-10-28 06:03:09 -------- d-----w- c:\program files\McAfee Security Scan

2010-10-27 11:29:04 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-27 11:29:04 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-27 11:29:03 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-27 11:29:03 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-27 07:32:46 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-26 23:59:44 -------- d--h--w- c:\program files\InstallJammer Registry

2010-10-26 23:59:41 -------- d-----w- c:\users\brad\appdata\roaming\Gmote

2010-10-26 23:51:52 -------- d-----w- c:\program files\GmoteServer

2010-10-22 05:07:38 -------- d-----w- c:\users\brad\appdata\roaming\Malwarebytes

2010-10-22 05:07:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 05:07:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 05:07:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 05:07:28 -------- d-----w- c:\progra~2\Malwarebytes

2010-10-22 04:36:14 175 ----a-w- c:\users\brad\appdata\roaming\33111.bat

2010-10-22 04:35:23 -------- d-----w- c:\users\brad\appdata\roaming\203F3A240AC9AD60A4E8848020E809A7

2010-10-13 13:58:52 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-10-13 13:58:51 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-13 13:58:43 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-13 13:58:42 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-13 13:58:42 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-13 13:58:42 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-13 13:58:41 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-13 13:58:39 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-12 02:46:40 -------- d-----r- c:\program files\Skype

2010-10-05 03:22:47 -------- d-----w- c:\users\brad\appdata\local\HandBrake

2010-10-05 03:22:39 -------- d-----w- c:\users\brad\appdata\roaming\HandBrake

2010-10-05 03:22:30 -------- d-----w- c:\program files\Handbrake

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 14:03:52.11 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.