funky issues

Status
Not open for further replies.
PanzerKammander

PanzerKammander

TeH ViZarD
Messages
652
Location
Pittsburgh, PA
No long story here fellers, bascilly picked up some sort of adware/malware that affected only Firefox, I reformatted from Vista to Windows 7 erased my main drive, left my other two seperate drives intact. And the issue is still there. Now I've noticed that my download speeds are slightly lower, and there seems to be a few sites that ALWAYS open an extra ad window when they never did before hand. Is it possible my other two drives are infected as well? Being one is only a media/music drive and the other is my Steam drive.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:04:43 PM, on 11/9/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\Ctxfihlp.exe
D:\Program Files\Steam\Steam.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
When you reinstalled did you install any programs from your other hard drive or did you download everything fresh? If you did install from your hard drive then its possible one of your installers has a virus of some kind. I would recommend running malware bytes first in safe mode and then again logged in as normal. If that does nothing then i would say try uninstalling firefox and all data clear temp folder and then reinstall newest version of firefox.
 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"

That is not a legit entry. Adobe Updater should not be listed at all times, only when an update is available. I would check that out.

Remember that HiJack This is only a tool to remove entries from starting up. It is not a complete removal tool. You will need to run MBAM since Combofix doesnt run with Windows 7.
 
It doesnt run on 64 Bit. But HiJack This doesnt differentiate between 32 Bit and 64 Bit so we would have to ask every time which version was run in order to know if we can suggest it.
 
I figured it out with some good old trial and error. Removed my two other drives, ran my main drive in safe mode, ran malware bytes/avg both came up clean. So I figured the only other thing it could be is something changed my router's DNS settings. Cleared those and it's back to normal. ^_^ Silly malware.

Thanks for the help anyway guys.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
C
Hacked by malware
2
Replies
10
Views
9K
PP Mguire
PP Mguire
Back
Top Bottom