Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page ”Constant pop ups – System Defender”
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 08-26-2008, 08:20 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 3
OS: Windows XP pro


”Constant pop ups – System Defender”
Hello.

I recently had a problem with a rogue spyware called Antivirus 2008 which i managed to rid myself of using only malware bytes and my avast.
But now a new problem has come up and i cannot get rid of this one.

Ever so often, an internet explorer window will ¨Pop-up¨ and System Defender try to tell me that my computer is at risk and i should download their software to protect myself. This was all to familiar to me seeing as i had already got peged by Antivirus 2008. i ran malware bytes which detected the System Defender, ran avast and tried to delet and/or quarentine but to no avail.

i followed the 5 steps thread, downloaded all mentioned programs including Zonedout and ran the panda free online scan and performed the Hijackthis scan aswell. The logs are as follows

1:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:59, on 2008-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?1164bcd2dda14231bf18a9f284edfa7e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?1164bcd2dda14231bf18a9f284edfa7e
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/f...on_3_0_1_1.cab
O20 - AppInit_DLLs: nugtqc.dll
O21 - SSODL: rqbmvpso - {DB6829C7-E313-4EF5-99BF-76ACF7667804} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6573 bytes

and for ActiveScan

2:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-26 20:08:12
PROTECTIONS: 1
MALWARE: 28
SUSPECTS: 6
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@mediaplex[1].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@mysearch[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@toplist[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@burstnet[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@adtech[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@realmedia[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@adrevolver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@smartadserver[1].txt
00505668 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
03432009 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Carl Gautier\Local Settings\Temp\bb3.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location @
;===================================================================================================================================================================================
Yes C:\Documents and Settings\Carl Gautier\Bureau\chtnitrn.exe @
Yes C:\Documents and Settings\Carl Gautier\Local Settings\Temp\Client20.1531.0.exe @
Yes C:\Documents and Settings\Carl Gautier\Local Settings\Temporary Internet Files\Content.IE5\0N8GDG75\Client20.1531.0[1].exe
Yes C:\Program Files\AruaROSE\AruaX.ax @
Yes C:\Program Files\RebirthRO\GameGuard\npgmup.des @
Yes C:\Program Files\RebirthRO\GameGuard\npgmup.des.new @
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description @
;===================================================================================================================================================================================
182048 HIGH MS07-069 @
182043 HIGH MS07-064 @
176382 HIGH MS07-057 @
170907 HIGH MS07-046 @
170906 HIGH MS07-045 @
170904 HIGH MS07-043 @
164913 HIGH MS07-033 @
160623 HIGH MS07-027 @
150253 HIGH MS07-016 @
141030 HIGH MS06-072 @
137568 HIGH MS06-067 @
129976 MEDIUM MS06-052 @
126083 HIGH MS06-042 @
120814 HIGH MS06-021 @
114664 HIGH MS06-013 @
93394 HIGH MS05-050 @
;===================================================================================================================================================================================

I hope this information is correct, i am new to this forum and i sencerly am grateful for any help i get concenrning this issue.

Randy
OsmosXTRM is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 08-28-2008, 01:23 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 3
OS: Windows XP pro


Re: ”Constant pop ups – System Defender”
5 days since i posted...still have the virus and no reply. Plz help.
OsmosXTRM is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-31-2008, 09:57 AM   #3 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 3
OS: Windows XP pro


Re: ”Constant pop ups – System Defender”
ok last bump then im giving up on you guys.
OsmosXTRM is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-04-2008, 07:05 AM   #4 (permalink)
Analyst, Security Team
 
ndmmxiaomayi's Avatar
 
Join Date: Jun 2006
Posts: 674
OS: immune system, circulatory system, central nervous system, muscular system, skeletal system, digesti


Re: ”Constant pop ups – System Defender”
Hello OsmosXTRM,

Welcome to Tech Support Forum.

If you still need help, please post a new HijackThis log.

Please also post the following log:
  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

In your next reply, please post:
  1. A new HijackThis log
  2. Uninstall List
__________________




Done your best? Really?
ndmmxiaomayi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:12 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84