chromefox Posted December 18, 2012 #1 Share Posted December 18, 2012 Hey guys my system keeps opening firefox up when i start up and it goes to a website called sh.com, i have run spybot and anti malware to no luck , its just annoying the hell outta me i tried another tool too forgot the name and here is my hijack anyone got any ideas? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:58:32, on 18/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\BlueStacks\HD-Frontend.exe C:\Program Files (x86)\BlueStacks\HD-Adb.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3400&r=173601118507pe468v1h5w46n1v447 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini O4 - HKCU\..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 11817 bytes Link to comment Share on other sites More sharing options...
AsteroidX Posted December 18, 2012 #2 Share Posted December 18, 2012 I once had problems with firefox. Pop-Ups out of control. I deleted it off my PC. DL'd Google Chrome. It stopped working with any speed at all. Pages would take a day to load. So I redid Firefox. Working fine now. Make sure you turn on the pop up blocker on set up. Prolly an easier way but that my experience. Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #3 Share Posted December 18, 2012 hmm see im runnin adblock plus and there version of a pop up blocker too but still no luck , cant say i have really used chrome either tbh Link to comment Share on other sites More sharing options...
Coffey Posted December 18, 2012 #4 Share Posted December 18, 2012 (edited) You must have installed this by mistake while installing something else. (happens often as companies like to instal other rubbish on your machine when you Instal their free stuff) Don't worry though i'm an IT techy and do it sometimes myself when installing stuff, they have it clicked as you agree already and if you're like the majority of people, usually just keep pressing next. lol Open firefox, click on Firefox drop down menu (top right of window) then in the menu on the right side of options click on "add ons" then either disable and uninstall any add ons with "sh.com" in the name or anything like it. If you can't see it or need help reply with your list of add ons please. If this method doesn't work you need to go to your add/remove programs list and look for anything installed with that that name or anything you don't recognise, then remove it. Just quote my posts if you reply/need assistance so I get a notification. Edited December 18, 2012 by Coffey Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #5 Share Posted December 18, 2012 lol me too hence why im stumped think im overlooking something my add ons and program list seem fine im wondering if its some programs backhanded way of advertising tbh Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #6 Share Posted December 18, 2012 (edited) uninstall firefox...download a new version, reinstall? Edited December 18, 2012 by WoIverine Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #7 Share Posted December 18, 2012 tried thought it might solve it but it just came back .....its grating on me Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #8 Share Posted December 18, 2012 (edited) You could try googling, "how to remove popup sh.com firefox", I'm sure others have had the same issue. Ok, so I just tried that...sh.com is pretty inconclusive. Sorry man. I'll check around. Check this out: https://www.google.c...iw=1680&bih=921 People are saying it's a virus. Did you run a norton scan? Your log shows that you have norton. If not, you can run a free scan here: http://security.syma...WelcomePage.asp You'll need to use IE to do the freescan. If it's a virus, you want to get that off your machine asap as random malware can have keyloggers, and other unwanted things. It sucks, but I've had to format a few times due to getting nailed. The MS blaster virus was so bad, I had to format like 4x. Whenever I plugged in a network cable, it would nail me again, was crazy. lol Edited December 18, 2012 by WoIverine Link to comment Share on other sites More sharing options...
AsteroidX Posted December 18, 2012 #9 Share Posted December 18, 2012 (edited) Is it highlighting words then if you mouse over them the add pops relating to that word ? I just checked mine have no add-ons and only my basic programs are being auto updated. If its update time Ill manually do it. Edited December 18, 2012 by AsteroidX Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #10 Share Posted December 18, 2012 hey yea i did a scan but didnt pick anything up oddly will check that further though and nope it isnt highlighting anything... and a format tbh isnt really something i want to do if i can help it Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #11 Share Posted December 18, 2012 reckon safe mode an norton again... Link to comment Share on other sites More sharing options...
Coffey Posted December 18, 2012 #12 Share Posted December 18, 2012 Is it highlighting words then if you mouse over them the add pops relating to that word ? I just checked mine have no add-ons and only my basic programs are being auto updated. If its update time Ill manually do it. My housemate had that on her netbook, had to fix it by going into the registry. Was not fun. lol me too hence why im stumped think im overlooking something my add ons and program list seem fine im wondering if its some programs backhanded way of advertising tbh Oh! lol Only other thing I can suggest is that it's in the registry. In which case you will need to find a guide on the net to remove it. I has to be on your computer somewhere to be able to load firefox. Have you checked your start up programs to see if it's in there? Use the run "msconfig" way and check that to see if there is anything in there. Link to comment Share on other sites More sharing options...
BiffSplitkins Posted December 18, 2012 #13 Share Posted December 18, 2012 Download and run ComboFix.exe from this link http://www.bleepingcomputer.com/download/combofix/ Let run it's course. If it gives a warning about your antivirus running and possibly interfering I never worry about that. The log file will look confusing if you don't know what it actually means. I've seen this tool take up to 1 1/2 hrs to fully run so be patient. I use this tool to fix some of my client's pc's that don't want to spend the extra $$ on a full wipe and restore to factory new. It works wonders. Link to comment Share on other sites More sharing options...
AsteroidX Posted December 18, 2012 #14 Share Posted December 18, 2012 Did you check to see if your default page get changed ? O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe Sometimes they like to do wonky advertising for peeps through the auto updater Ive noticed. Thats where I beleive the add pop up got added to my pc itleast Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #15 Share Posted December 18, 2012 tried combo fixer same result just finished a virus scan in safe mode it removed cookies an that was it...oddly its not shown on this boot so ill wait to see on next boot if it does it again an yea checked msconfig too but nuttin out the ordinary, baffled by it tbh Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #16 Share Posted December 18, 2012 CCleaner by pirisoft is also a great little free util that corrects registry erorrs and generally cleans everything up. 1 Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #17 Share Posted December 18, 2012 right got it its a program called motioninjoy which is a driver to let me use my ps3 controller on the pc for some odd reason its doin this too Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #18 Share Posted December 18, 2012 (edited) right got it its a program called motioninjoy which is a driver to let me use my ps3 controller on the pc for some odd reason its doin this too Heh, I see. I use a 360 wired gamepad on my pc, MS put out their own drivers though. Maybe the ps3 software...when you installed it, also installed 3rd party software? Alot of times stuff like that is automatically checked off when you do an install. Have to watch every step of the install closely. Good job on finding out what it was though! Edited December 18, 2012 by WoIverine Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #19 Share Posted December 18, 2012 hmm well a deeper google search says its quite suspicious Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #20 Share Posted December 18, 2012 (edited) What happens when you uninstall it? You could take a look at the files in it's install directory...there may be additional bundled exes in there, unless they're compiled into the program's actual setup file. Also, clear our your C:/users/'youruser'/AppData/Local/Temp folder. I've seen malware stick files there before. Edited December 18, 2012 by WoIverine Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #21 Share Posted December 18, 2012 just takes you to there forums with links to reinstall an such i removed and ran a registry clean up now Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #22 Share Posted December 18, 2012 ah damn never thought bout goin thru the folder i just deleted it DOH Link to comment Share on other sites More sharing options...
WoIverine Posted December 18, 2012 #23 Share Posted December 18, 2012 Heh, brings back fond memories of the old hex editing days. Make those executables do what you want them to do. Kneel before Zod! lol Link to comment Share on other sites More sharing options...
chromefox Posted December 18, 2012 Author #24 Share Posted December 18, 2012 well seems be fixed now (touch wood) lol zod was epic Link to comment Share on other sites More sharing options...
Orcseeker Posted December 18, 2012 #25 Share Posted December 18, 2012 Download and run malwarebytes just to ensure everything is good. It is one of the best virus scanners out there. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now