jca2007 Posted November 14, 2007 Posted November 14, 2007 Lets just say I downloaded a torrent(I hope im allowed to say this, if not sorry.) I thought it was a windows update file for vista. Now I am constantly getting a Interactive Services Dialog Detection box popping up ever 5 seconds after I close it. It has an option to show me the message, when I click on it, brings up another window, because it says it has to display in its own window, and has IE adds that pop up when I click the Show me the message option. Does anyone know if this is some kind of virus/trojan/spyware? I ran a virus scanner, and spybot search&destroy, and ad-aware 2007, but it doesn't find anything.
PC_LOAD_LETTER Posted November 14, 2007 Posted November 14, 2007 downloadhttp://www.spywareinfo.com/~merijn/programs.php#hijackthisand post a log file and well take a look at it
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 Alright this is what i get:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:22 PM, on 11/13/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\UI0Detect.exeC:\Program Files\MySpace\IM\MySpaceIM.exeC:\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exeO23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exeO23 - Service: netpker - Unknown owner - C:\Program Files\Internet Explorer\svchost.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)--End of file - 5983 bytes
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 I wasn't really to sure about that gopher prefix, so I took action on that with the program.
PC_LOAD_LETTER Posted November 14, 2007 Posted November 14, 2007 unless im missing something, that logo looks clean.However your punkbuster might be the culpritO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeI realized what that software is but according to what i found, those service are new to a recent version and vista kinda changes a few rules related to services with its implementation of Interactive Services Dialog Detectionmy guess is its just a conflict between punkpuster and vistas ISDDid try shutting down those 2 punkbuster services and see if it resolves your problem
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 (edited) Hmmmm. thats odd, I have had punk buster for a while on my computer from playing video games obviously, it hasn't done that till now. I stopped those 2 services, but I am still getting it. Edited November 14, 2007 by jca2007
PC_LOAD_LETTER Posted November 14, 2007 Posted November 14, 2007 oh well then i swung and missed. I have to get some sleep. maybe someone else has some ideas?
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 oh well then i swung and missed. I have to get some sleep. maybe someone else has some ideas?NP man, good night, and thank you very much for trying to help.
cluberti Posted November 14, 2007 Posted November 14, 2007 If you're getting that warning, it means you have a SERVICE trying to interact with the desktop via a dialog box (worked in previous versions of Windows, but will not anymore with Vista/Server 2008. Check your services list (services.msc) to see if there's anything odd running there (and there should be).
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 Hmmm, im not seeing anything, here's some screen shots to show you:
jca2007 Posted November 14, 2007 Author Posted November 14, 2007 (edited) Sorry didn't mean to double post, darn it. Edited November 14, 2007 by jca2007
PC_LOAD_LETTER Posted November 14, 2007 Posted November 14, 2007 what is netpker -i didnt see anything on google about it
cluberti Posted November 14, 2007 Posted November 14, 2007 Can you also post a screenie of the actual error dialog?And a better way to give service output would be to open a command prompt and type "sc query > c:\services.txt", then open services.txt and paste that in here (the services.msc only shows user-mode services, it won't show kernel-mode or boot services).
jca2007 Posted November 15, 2007 Author Posted November 15, 2007 what is netpker -i didnt see anything on google about itThanks man, I believe that fixed it, I have no idea what the hell that was either, so I stopped it, and disabled it. Thanks man.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now