Join the Unexplained Mysteries community today! It's free and setting up an account only takes a moment.
- Sign In or Create Account -
Sign in to follow this  
Followers 0
chromefox

annoying popup/malware

25 posts in this topic

Hey guys my system keeps opening firefox up when i start up and it goes to a website called sh.com, i have run spybot and anti malware to no luck , its just annoying the hell outta me i tried another tool too forgot the name and here is my hijack anyone got any ideas?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:58:32, on 18/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

C:\Program Files (x86)\BlueStacks\HD-Adb.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3400&r=173601118507pe468v1h5w46n1v447

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini

O4 - HKCU\..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O15 - Trusted IP range: http://192.168.0.1

O15 - ESC Trusted IP range: http://192.168.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11817 bytes

Share this post


Link to post
Share on other sites

I once had problems with firefox. Pop-Ups out of control. I deleted it off my PC. DL'd Google Chrome. It stopped working with any speed at all. Pages would take a day to load. So I redid Firefox. Working fine now. Make sure you turn on the pop up blocker on set up. Prolly an easier way but that my experience.

Share this post


Link to post
Share on other sites

hmm see im runnin adblock plus and there version of a pop up blocker too but still no luck , cant say i have really used chrome either tbh

Share this post


Link to post
Share on other sites

You must have installed this by mistake while installing something else. (happens often as companies like to instal other rubbish on your machine when you Instal their free stuff) Don't worry though i'm an IT techy and do it sometimes myself when installing stuff, they have it clicked as you agree already and if you're like the majority of people, usually just keep pressing next. lol

Open firefox, click on Firefox drop down menu (top right of window) then in the menu on the right side of options click on "add ons" then either disable and uninstall any add ons with "sh.com" in the name or anything like it.

If you can't see it or need help reply with your list of add ons please.

If this method doesn't work you need to go to your add/remove programs list and look for anything installed with that that name or anything you don't recognise, then remove it.

Just quote my posts if you reply/need assistance so I get a notification.

Edited by Coffey

Share this post


Link to post
Share on other sites

lol me too hence why im stumped think im overlooking something my add ons and program list seem fine im wondering if its some programs backhanded way of advertising tbh

Share this post


Link to post
Share on other sites

uninstall firefox...download a new version, reinstall?

Edited by WoIverine

Share this post


Link to post
Share on other sites

tried thought it might solve it but it just came back .....its grating on me

Share this post


Link to post
Share on other sites

You could try googling, "how to remove popup sh.com firefox", I'm sure others have had the same issue. Ok, so I just tried that...sh.com is pretty inconclusive. Sorry man. I'll check around. Check this out:

https://www.google.c...iw=1680&bih=921

People are saying it's a virus. Did you run a norton scan? Your log shows that you have norton. If not, you can run a free scan here:

http://security.syma...WelcomePage.asp

You'll need to use IE to do the freescan. If it's a virus, you want to get that off your machine asap as random malware can have keyloggers, and other unwanted things. It sucks, but I've had to format a few times due to getting nailed. The MS blaster virus was so bad, I had to format like 4x. Whenever I plugged in a network cable, it would nail me again, was crazy. lol

Edited by WoIverine

Share this post


Link to post
Share on other sites

Is it highlighting words then if you mouse over them the add pops relating to that word ?

I just checked mine have no add-ons and only my basic programs are being auto updated. If its update time Ill manually do it.

Edited by AsteroidX

Share this post


Link to post
Share on other sites

hey yea i did a scan but didnt pick anything up oddly will check that further though and nope it isnt highlighting anything... and a format tbh isnt really something i want to do if i can help it

Share this post


Link to post
Share on other sites

reckon safe mode an norton again...

Share this post


Link to post
Share on other sites

Is it highlighting words then if you mouse over them the add pops relating to that word ?

I just checked mine have no add-ons and only my basic programs are being auto updated. If its update time Ill manually do it.

My housemate had that on her netbook, had to fix it by going into the registry. Was not fun.

lol me too hence why im stumped think im overlooking something my add ons and program list seem fine im wondering if its some programs backhanded way of advertising tbh

Oh! lol

Only other thing I can suggest is that it's in the registry. In which case you will need to find a guide on the net to remove it.

I has to be on your computer somewhere to be able to load firefox.

Have you checked your start up programs to see if it's in there?

Use the run "msconfig" way and check that to see if there is anything in there.

Share this post


Link to post
Share on other sites

Download and run ComboFix.exe from this link http://www.bleepingcomputer.com/download/combofix/

Let run it's course. If it gives a warning about your antivirus running and possibly interfering I never worry about that. The log file will look confusing if you don't know what it actually means. I've seen this tool take up to 1 1/2 hrs to fully run so be patient.

I use this tool to fix some of my client's pc's that don't want to spend the extra $$ on a full wipe and restore to factory new. It works wonders.

Share this post


Link to post
Share on other sites

Did you check to see if your default page get changed ?

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Sometimes they like to do wonky advertising for peeps through the auto updater Ive noticed. Thats where I beleive the add pop up got added to my pc itleast

Share this post


Link to post
Share on other sites

tried combo fixer same result just finished a virus scan in safe mode it removed cookies an that was it...oddly its not shown on this boot so ill wait to see on next boot if it does it again an yea checked msconfig too but nuttin out the ordinary, baffled by it tbh

Share this post


Link to post
Share on other sites

CCleaner by pirisoft is also a great little free util that corrects registry erorrs and generally cleans everything up.

1 person likes this

Share this post


Link to post
Share on other sites

right got it its a program called motioninjoy which is a driver to let me use my ps3 controller on the pc for some odd reason its doin this too

Share this post


Link to post
Share on other sites

right got it its a program called motioninjoy which is a driver to let me use my ps3 controller on the pc for some odd reason its doin this too

Heh, I see. I use a 360 wired gamepad on my pc, MS put out their own drivers though. Maybe the ps3 software...when you installed it, also installed 3rd party software? Alot of times stuff like that is automatically checked off when you do an install. Have to watch every step of the install closely. Good job on finding out what it was though! :tu:

Edited by WoIverine

Share this post


Link to post
Share on other sites

hmm well a deeper google search says its quite suspicious

Share this post


Link to post
Share on other sites

What happens when you uninstall it? You could take a look at the files in it's install directory...there may be additional bundled exes in there, unless they're compiled into the program's actual setup file. Also, clear our your C:/users/'youruser'/AppData/Local/Temp folder. I've seen malware stick files there before.

Edited by WoIverine

Share this post


Link to post
Share on other sites

just takes you to there forums with links to reinstall an such i removed and ran a registry clean up now

Share this post


Link to post
Share on other sites

ah damn never thought bout goin thru the folder i just deleted it DOH

Share this post


Link to post
Share on other sites

Heh, brings back fond memories of the old hex editing days. Make those executables do what you want them to do. Kneel before Zod! lol

Share this post


Link to post
Share on other sites

well seems be fixed now (touch wood) lol zod was epic

Share this post


Link to post
Share on other sites

Download and run malwarebytes just to ensure everything is good. It is one of the best virus scanners out there.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.