|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
08-26-2008, 09:20 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 3
OS: Windows XP pro
|
”Constant pop ups – System Defender”
Hello.
I recently had a problem with a rogue spyware called Antivirus 2008 which i managed to rid myself of using only malware bytes and my avast. But now a new problem has come up and i cannot get rid of this one. Ever so often, an internet explorer window will ¨Pop-up¨ and System Defender try to tell me that my computer is at risk and i should download their software to protect myself. This was all to familiar to me seeing as i had already got peged by Antivirus 2008. i ran malware bytes which detected the System Defender, ran avast and tried to delet and/or quarentine but to no avail. i followed the 5 steps thread, downloaded all mentioned programs including Zonedout and ran the panda free online scan and performed the Hijackthis scan aswell. The logs are as follows 1: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:59, on 2008-08-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?1164bcd2dda14231bf18a9f284edfa7e O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?1164bcd2dda14231bf18a9f284edfa7e O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/f...on_3_0_1_1.cab O20 - AppInit_DLLs: nugtqc.dll O21 - SSODL: rqbmvpso - {DB6829C7-E313-4EF5-99BF-76ACF7667804} - C:\WINDOWS\rqbmvpso.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 0: Privacy Protection - (no file) O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 6573 bytes and for ActiveScan 2: ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-08-26 20:08:12 PROTECTIONS: 1 MALWARE: 28 SUSPECTS: 6 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@tradedoubler[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@mediaplex[1].txt 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@mysearch[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@com[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@xiti[1].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@toplist[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@burstnet[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@adtech[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@advertising[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@realmedia[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@bluestreak[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@adrevolver[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Carl Gautier\Cookies\carl gautier@smartadserver[1].txt 00505668 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL 01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll 03432009 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Carl Gautier\Local Settings\Temp\bb3.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location @ ;=================================================================================================================================================================================== Yes C:\Documents and Settings\Carl Gautier\Bureau\chtnitrn.exe @ Yes C:\Documents and Settings\Carl Gautier\Local Settings\Temp\Client20.1531.0.exe @ Yes C:\Documents and Settings\Carl Gautier\Local Settings\Temporary Internet Files\Content.IE5\0N8GDG75\Client20.1531.0[1].exe Yes C:\Program Files\AruaROSE\AruaX.ax @ Yes C:\Program Files\RebirthRO\GameGuard\npgmup.des @ Yes C:\Program Files\RebirthRO\GameGuard\npgmup.des.new @ ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description @ ;=================================================================================================================================================================================== 182048 HIGH MS07-069 @ 182043 HIGH MS07-064 @ 176382 HIGH MS07-057 @ 170907 HIGH MS07-046 @ 170906 HIGH MS07-045 @ 170904 HIGH MS07-043 @ 164913 HIGH MS07-033 @ 160623 HIGH MS07-027 @ 150253 HIGH MS07-016 @ 141030 HIGH MS06-072 @ 137568 HIGH MS06-067 @ 129976 MEDIUM MS06-052 @ 126083 HIGH MS06-042 @ 120814 HIGH MS06-021 @ 114664 HIGH MS06-013 @ 93394 HIGH MS05-050 @ ;=================================================================================================================================================================================== I hope this information is correct, i am new to this forum and i sencerly am grateful for any help i get concenrning this issue. Randy |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-04-2008, 08:05 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 714
OS: immune system, circulatory system, central nervous system, muscular system, skeletal system, digesti
|
Re: ”Constant pop ups – System Defender”
Hello OsmosXTRM,
Welcome to Tech Support Forum.  If you still need help, please post a new HijackThis log. Please also post the following log:
In your next reply, please post:
__________________
  Done your best? Really?
|
|
|
|
| Thread Tools | |
|
|
