|
|
|
Pop-up not detected by AVG MAM or SB
|
|
Junior Member
|
26. October 2008 @ 11:12 |
Link to this message
|
This pop-up started yesterday when I was on myspace, I couldn't close it with Ctrl+Alt+Del,
I used AVG, Malwarevytes anti malware and Spybot, Didn't find anything wrong..
it stopped but came back again this morning while on Facebook.
It's a pop-up telling me I have a virus and asking me to download some anti-virus for a critical condition.. and it's a Software manager.
I have included my HJT log,
Thank you for your help,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:41 AM, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HTJA.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyScreenCam] C:\Program Files\My Screen Cam\scrcam.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9190 bytes
|
|
Advertisement
|
|
|
|
|
varnull
Suspended permanently
|
26. October 2008 @ 14:16 |
Link to this message
|
|
Good to see the winAV myspace active flash exploit is now working as intended :)
|
Junior Member
|
26. October 2008 @ 15:06 |
Link to this message
|
Originally posted by varnull:
Good to see the winAV myspace active flash exploit is now working as intended :)
I'm sorry, I don't understand..
|
|
varnull
Suspended permanently
|
26. October 2008 @ 15:39 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 26. October 2008 @ 15:42
|
Junior Member
|
26. October 2008 @ 15:46 |
Link to this message
|
|
hopefully someone will wanna help with my log..
This message has been edited since posting. Last time this message was edited on 26. October 2008 @ 16:29
|
Senior Member
|
26. October 2008 @ 23:09 |
Link to this message
|
@varnull
Junk? I don't see any signs of infection on the computer.
Hey anarkya
1.
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
2.
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
27. October 2008 @ 04:16 |
Link to this message
|
Hello cdavfrew, Thank you for helping me with this :)
I deleted what you told me with HJT,
Here's my combofix log,
ComboFix 08-10-25.01 - Nadia 2008-10-27 4:05:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2450 [GMT -4:00]
Running from: C:\Documents and Settings\Nadia\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-10 09:50 . 2008-10-10 09:50 <DIR> d-------- C:\Documents and Settings\Nadia\Application Data\Plazmic
2008-10-10 09:50 . 2008-06-09 13:15 225,280 --a------ C:\WINDOWS\system32\net_rim_plazmic_flint_dialog.dll
2008-10-10 09:49 . 2008-10-10 09:49 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-10-10 09:49 . 2008-10-10 09:50 <DIR> d-------- C:\Program Files\Plazmic CDK 4.5
2008-10-10 09:38 . 2008-10-10 09:38 <DIR> d--h----- C:\Documents and Settings\Nadia\InstallAnywhere
2008-10-08 20:56 . 2008-10-08 20:57 <DIR> d-------- C:\Program Files\Plaz
2008-10-02 15:20 . 2008-10-03 02:18 256 --a------ C:\Documents and Settings\Nadia\pool.bin
2008-09-29 19:31 . 2008-09-29 19:31 <DIR> d-------- C:\Program Files\Research In Motion
2008-09-29 19:31 . 2008-09-29 19:31 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 08:16 --------- d-----w C:\Program Files\Steam
2008-10-22 09:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 19:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-17 00:25 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-17 00:25 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 21:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-29 23:33 --------- d-----w C:\Program Files\Roxio
2008-09-29 23:33 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-09-29 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-09-28 19:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-25 07:28 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Blackberry Desktop
2008-09-25 07:19 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-25 06:55 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Research In Motion
2008-09-25 06:51 --------- d-----w C:\Program Files\iTunes
2008-09-25 06:51 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Apple Computer
2008-09-25 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 06:50 --------- d-----w C:\Program Files\QuickTime
2008-09-25 06:50 --------- d-----w C:\Program Files\iPod
2008-09-25 06:50 --------- d-----w C:\Program Files\Bonjour
2008-09-25 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-25 00:19 --------- d-----w C:\Program Files\World of Warcraft
2008-09-21 04:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-18 03:56 --------- d-----w C:\Program Files\Lavasoft
2008-09-18 03:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-05 06:49 --------- d-----w C:\Program Files\Soulseek
2008-08-29 15:25 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-01-29 04:18 60,968 ----a-w C:\Documents and Settings\Nadia\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 2183168]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-09 36864]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"NVHotkey"="nvHotkey.dll" [2007-11-17 C:\WINDOWS\system32\nvhotkey.dll]
"nwiz"="nwiz.exe" [2007-11-17 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-28 23:49 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Steam\\steamapps\\anadia\\day of defeat\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe Start=service [ ]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-MyScreenCam - C:\Program Files\My Screen Cam\scrcam.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nadia\Application Data\Mozilla\Firefox\Profiles\ensfbpjz.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 04:06:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-27 4:07:33
ComboFix-quarantined-files.txt 2008-10-27 08:07:12
Pre-Run: 170,946,494,464 bytes free
Post-Run: 171,030,695,936 bytes free
165 --- E O F --- 2008-10-24 07:00:35
|
Senior Member
|
27. October 2008 @ 05:53 |
Link to this message
|
|
Hey anarkya
Hmmm... interesting. Nothing to indicate malware.
Could you take a screenshot of the popup?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
27. October 2008 @ 06:17 |
Link to this message
|
Originally posted by cdavfrew:
Hey anarkya
Hmmm... interesting. Nothing to indicate malware.
Could you take a screenshot of the popup?
Best Regards :D
http://i36.tinypic.com/bj96aq.jpg
The only picture I could take,
When I click the window it disappear and goes in the tray next to my clock with the other icons, and when I click that icon, the only thing that loads is this half image..
And that's all I see..
I think this malware, virus, whatever it is is a lil shy :)
Thanks again for your help, have a nice day!
|
AfterDawn Addict
|
27. October 2008 @ 06:46 |
Link to this message
|
Hi anarkya,
The pop-up is from this line in your HJT Log:
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
It?s NOT malware, it?s a Software updater.
Check this out:
http://consumerdocs.installshield.com/se...11006&sliceId=1
you can turn it off if you desire?
@cdavfrew, hey buddy long time no hear from? I been busy and I see you have also :)
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
27. October 2008 @ 07:24 |
Link to this message
|
|
HEY 2OLDGEEK!!!
Where have you been? This section's been pretty quiet without you! Glad to see you're back :)
Hmm... perhaps that is the problem, but how about the "It's a pop-up telling me I have a virus and asking me to download some anti-virus for a critical condition.. and it's a Software manager."?
Cheers :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
AfterDawn Addict
|
27. October 2008 @ 07:56 |
Link to this message
|
|
@cdavfrew,
Didn?t see anything about downloading an AV in the screenshot??
Maybe combofix got that part.
I would remove the FLEXnet Service and just see what is left??. Since it is only a part of a pop-up, maybe the file has been damaged and it?s really not needed anyway..
You will have to remove it manually, that uninstaller just disables it from starting..
Only the Shadow knows? ;)
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
27. October 2008 @ 08:03 |
Link to this message
|
Originally posted by 2oldgeek:
Only the Shadow knows? ;)
True true... :)
Hmm.. screenshot? where?
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
AfterDawn Addict
|
27. October 2008 @ 08:08 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 27. October 2008 @ 08:09
|
Senior Member
|
27. October 2008 @ 08:17 |
Link to this message
|
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Advertisement
|
|
|
AfterDawn Addict
|
27. October 2008 @ 08:36 |
Link to this message
|
Quote:
Yes indeed, it is as you say, 2oldgeek
Pretty tight for an old guy.. HUH? 
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
