BleepingComputer.com: Spyware Gaurd 2008 Infection

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Spyware Gaurd 2008 Infection Infected, have unsuccessfully tried malwarebytes and smitfraudfix

#1 User is offline   nevermind2357 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 23-December 08

Posted 23 December 2008 - 07:54 PM

Hi, my computer has been infected with spyware gaurd 2008 and I cannot get rid of it. It loads immediately at the start of windows. I've tried using malwarebytes and smitfraudfix, and in addition I am running norton internet security and have done a full system scan, but it hasn't helped. additional symptoms that my computer is having include popups that come up even if no browser window is open, and the windows security center warnings popping up on the taskbar telling me I have no virus protection/firewall installed. Please advise. Thanks in advance for any help you can provide.

DDS.txt :


DDS (Version 1.1.0) - NTFSx86
Run by Michael Ciardullo at 19:42:34.45 on Tue 12/23/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1393 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael Ciardullo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\michael ciardullo\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LgWDskTp] c:\program files\wireless desktop\LgWDskTp.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WINCINEMAMGR] c:\program files\intervideo\common\bin\WinCinemaMgr.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: ieModule - {CCD3AF94-7235-4BC5-AC88-3D1F3F86C264} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {A3F57B8F-F72A-4B6B-A34F-B000A377658C} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ctwhkmxbde.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS []
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-21 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\ccHPx86.sys [2008-12-21 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-21 274808]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB []
R2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.2.0.7\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2006-5-9 1119888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-30 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-5-13 33792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-21 99376]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcFltr.Sys [2006-3-30 15126]
R3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081223.020\NAVENG.SYS [2008-12-23 89104]
R3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081223.020\NAVEX15.SYS [2008-12-23 876112]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\system32\drivers\ASPI32.sys [2006-12-27 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB []
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2004-7-30 217472]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 17277]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2004-7-30 86648]

=============== Created Last 30 ================

2008-12-23 18:26 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-23 18:26 134,149 a------- c:\windows\reged.exe
2008-12-23 18:26 51,197 a------- c:\windows\spoolsystem.exe
2008-12-23 18:26 50,620 a------- c:\windows\sys.com
2008-12-23 18:26 47,872 a------- c:\windows\syscert.exe
2008-12-23 18:26 18,941 a------- c:\windows\vmreg.dll
2008-12-23 18:26 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-23 18:08 3,520 a------- c:\windows\system32\tmp.reg
2008-12-23 18:07 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-23 18:07 87,552 a------- c:\windows\system32\VACFix.exe
2008-12-23 18:07 80,384 a------- c:\windows\system32\o4Patch.exe
2008-12-23 18:07 289,144 a------- c:\windows\system32\VCCLSID.exe
2008-12-23 18:07 288,417 a------- c:\windows\system32\SrchSTS.exe
2008-12-23 18:07 79,360 a------- c:\windows\system32\swxcacls.exe
2008-12-23 18:07 51,200 a------- c:\windows\system32\dumphive.exe
2008-12-23 18:07 25,600 a------- c:\windows\system32\WS2Fix.exe
2008-12-23 18:07 135,168 a------- c:\windows\system32\swreg.exe
2008-12-23 18:07 53,248 a------- c:\windows\system32\Process.exe
2008-12-22 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-22 22:19 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-22 22:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\SUPERAntiSpyware.com
2008-12-22 22:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-22 22:18 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2008-12-22 22:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 22:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 22:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 22:05 384,512 a------- c:\windows\system32\winscenter.exe
2008-12-22 20:57 1,661,209 ---sh--- c:\windows\system32\locdpclk.ini
2008-12-21 20:53 1,661,209 a--sh--- c:\windows\system32\mwaykfxa.ini
2008-12-21 01:16 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-21 01:15 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-21 01:15 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-21 01:15 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-21 01:15 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-21 01:15 <DIR> --d----- c:\windows\system32\drivers\NIS
2008-12-21 01:15 <DIR> --d----- c:\program files\Norton Internet Security
2008-12-21 01:15 <DIR> --d----- c:\program files\NortonInstaller
2008-12-21 01:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-21 01:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2008-12-21 01:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2008-12-21 01:06 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2008-12-20 21:40 <DIR> --d----- c:\program files\Norton Security Scan
2008-12-20 15:10 1,661,209 a--sh--- c:\windows\system32\adnnjfku.ini

==================== Find3M ====================

2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-07 18:44 139,264 a------- c:\windows\system32\hpzjrd01.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-28 21:37 326,711 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2006-12-29 00:59 1,734,081 a------- c:\program files\free-ipod-video-converter_v1.32.exe
2006-12-27 15:14 3,918,041 a------- c:\program files\x-dvd-to-ipod-converter.exe
2006-11-28 02:01 100,530,849 a------- c:\program files\Sony.ACID.Pro.v6.0.Incl.Keygen-SSG.zip

============= FINISH: 19:43:23.18 ===============

Attached File(s)


#2 User is offline   nevermind2357 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 23-December 08

Posted 23 December 2008 - 07:59 PM

I forgot to mention, Norton Internet Security also often pops up with a warning that it blocks Trojan.Vundo, I'm not sure if this information helps at all.

#3 User is offline   The Gorilla 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 766
  • Joined: 27-March 05
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo

Posted 02 January 2009 - 11:32 AM

Hi nevermind2357 , Welcome to Bleeping Computer Forums!

I am The Gorilla, and will be helping you with this log

It may assist you to save this page as a favourite for easy recall in the future.

Can I draw your attention to the following:
I will be handling your log and helping you, please do not make any system changes yet.
The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
These fixes are specific to your problem and should only be used for this issue on this machine.
If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible. There may be a short delay in replying to you as all my posts to your need to be checked over by a HJT Expert.



Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.


If you still require assistance please can you post a new DDS log.

#4 User is offline   Shaba 

  • Koutsi
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 7,310
  • Joined: 08-July 06
  • Gender:Male
  • Location:Finland

Posted 08 January 2009 - 12:55 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users