This pop-up started yesterday when I was on myspace, I couldn't close it with Ctrl+Alt+Del, I used AVG, Malwarevytes anti malware and Spybot, Didn't find anything wrong.. it stopped but came back again this morning while on Facebook. It's a pop-up telling me I have a virus and asking me to download some anti-virus for a critical condition.. and it's a Software manager. I have included my HJT log, Thank you for your help, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:41 AM, on 26/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\OEM02Mon.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HTJA.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MyScreenCam] C:\Program Files\My Screen Cam\scrcam.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9190 bytes
Don't worry.. I do.. My friends probably put it there. What is the name of the software it wants you to download? (plenty of threads about this malware already).. it's the winAV2008 most likely... does it look something like this? http://i.my.afterdawn.com/standard/20623.jpg Looks like quite a bit of junk in your log.. but I don't do those any more. http://forums.afterdawn.com/thread_view.cfm/700486
@varnull Junk? I don't see any signs of infection on the computer. Hey anarkya 1. Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. Code: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Click on the button Fix checked NOTE:: Close all browsers before fixing anything. 2. Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hello cdavfrew, Thank you for helping me with this I deleted what you told me with HJT, Here's my combofix log, ComboFix 08-10-25.01 - Nadia 2008-10-27 4:05:11.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2450 [GMT -4:00] Running from: C:\Documents and Settings\Nadia\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))))) . 2008-10-10 09:50 . 2008-10-10 09:50 <DIR> d-------- C:\Documents and Settings\Nadia\Application Data\Plazmic 2008-10-10 09:50 . 2008-06-09 13:15 225,280 --a------ C:\WINDOWS\system32\net_rim_plazmic_flint_dialog.dll 2008-10-10 09:49 . 2008-10-10 09:49 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-10-10 09:49 . 2008-10-10 09:50 <DIR> d-------- C:\Program Files\Plazmic CDK 4.5 2008-10-10 09:38 . 2008-10-10 09:38 <DIR> d--h----- C:\Documents and Settings\Nadia\InstallAnywhere 2008-10-08 20:56 . 2008-10-08 20:57 <DIR> d-------- C:\Program Files\Plaz 2008-10-02 15:20 . 2008-10-03 02:18 256 --a------ C:\Documents and Settings\Nadia\pool.bin 2008-09-29 19:31 . 2008-09-29 19:31 <DIR> d-------- C:\Program Files\Research In Motion 2008-09-29 19:31 . 2008-09-29 19:31 <DIR> d-------- C:\Program Files\Common Files\Research In Motion . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 08:16 --------- d-----w C:\Program Files\Steam 2008-10-22 09:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-21 19:47 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-10-17 00:25 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-17 00:25 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-10-01 21:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-29 23:33 --------- d-----w C:\Program Files\Roxio 2008-09-29 23:33 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-09-29 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio 2008-09-28 19:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-09-25 07:28 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Blackberry Desktop 2008-09-25 07:19 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-25 06:55 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Research In Motion 2008-09-25 06:51 --------- d-----w C:\Program Files\iTunes 2008-09-25 06:51 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Apple Computer 2008-09-25 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-25 06:50 --------- d-----w C:\Program Files\QuickTime 2008-09-25 06:50 --------- d-----w C:\Program Files\iPod 2008-09-25 06:50 --------- d-----w C:\Program Files\Bonjour 2008-09-25 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-09-25 00:19 --------- d-----w C:\Program Files\World of Warcraft 2008-09-21 04:14 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-18 03:56 --------- d-----w C:\Program Files\Lavasoft 2008-09-18 03:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-05 06:49 --------- d-----w C:\Program Files\Soulseek 2008-08-29 15:25 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-01-29 04:18 60,968 ----a-w C:\Documents and Settings\Nadia\GoToAssistDownloadHelper.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 2183168] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-09 36864] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 8495104] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "NVHotkey"="nvHotkey.dll" [2007-11-17 C:\WINDOWS\system32\nvhotkey.dll] "nwiz"="nwiz.exe" [2007-11-17 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-01-28 23:49 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"= "C:\\Program Files\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\Steam\\steamapps\\anadia\\day of defeat\\hl.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 141376] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe Start=service [ ] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe HKLM-Run-MyScreenCam - C:\Program Files\My Screen Cam\scrcam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nadia\Application Data\Mozilla\Firefox\Profiles\ensfbpjz.default\ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-27 04:06:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-27 4:07:33 ComboFix-quarantined-files.txt 2008-10-27 08:07:12 Pre-Run: 170,946,494,464 bytes free Post-Run: 171,030,695,936 bytes free 165 --- E O F --- 2008-10-24 07:00:35
Hey anarkya Hmmm... interesting. Nothing to indicate malware. Could you take a screenshot of the popup? Best Regards
http://i36.tinypic.com/bj96aq.jpg The only picture I could take, When I click the window it disappear and goes in the tray next to my clock with the other icons, and when I click that icon, the only thing that loads is this half image.. And that's all I see.. I think this malware, virus, whatever it is is a lil shy Thanks again for your help, have a nice day!
Hi anarkya, The pop-up is from this line in your HJT Log: O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe It’s NOT malware, it’s a Software updater. Check this out: http://consumerdocs.installshield.com/selfservice/viewContent.do?externalId=Q111006&sliceId=1 you can turn it off if you desire… @cdavfrew, hey buddy long time no hear from… I been busy and I see you have also 2OG
HEY 2OLDGEEK!!! Where have you been? This section's been pretty quiet without you! Glad to see you're back Hmm... perhaps that is the problem, but how about the "It's a pop-up telling me I have a virus and asking me to download some anti-virus for a critical condition.. and it's a Software manager."? Cheers
@cdavfrew, Didn’t see anything about downloading an AV in the screenshot…… Maybe combofix got that part. I would remove the FLEXnet Service and just see what is left……. Since it is only a part of a pop-up, maybe the file has been damaged and it’s really not needed anyway.. You will have to remove it manually, that uninstaller just disables it from starting.. Only the Shadow knows… 2OG
Ooopps, I skipped that post. Yes indeed, it is as you say, 2oldgeek So, anarkya, follow the instructions on this page: http://consumerdocs.installshield.com/selfservice/viewContent.do?externalId=Q111006&sliceId=1 Also download http://www.neowin.net/forum/index.p...d4b87c4b17aa18&act=attach&type=post&id=169273 , unzip the file, and then run the file. This will remove the flexnet service, which is responsible for this problem. Your problem should go away. Best Regards
