 Spyware Gaurd 2008 Infection, Infected, have unsuccessfully tried malwarebytes and smitfraudfix |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 23 2008, 07:54 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 23-December 08 Member No.: 273,351  |
DDS.txt : DDS (Version 1.1.0) - NTFSx86 Run by Michael Ciardullo at 19:42:34.45 on Tue 12/23/2008 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1393 [GMT -5:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Worm Protection *enabled* FW: Norton Internet Security *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Wireless Desktop\LgWDskTp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\winscenter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Spyware Guard 2008\spywareguard.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael Ciardullo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael Ciardullo\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\userinit.exe mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\michael ciardullo\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LgWDskTp] c:\program files\wireless desktop\LgWDskTp.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WINCINEMAMGR] c:\program files\intervideo\common\bin\WinCinemaMgr.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: ieModule - {CCD3AF94-7235-4BC5-AC88-3D1F3F86C264} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll SSODL: InternetConnection - {A3F57B8F-F72A-4B6B-A34F-B000A377658C} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ctwhkmxbde.dll SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-21 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\ccHPx86.sys [2008-12-21 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-21 274808] R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [] R2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.2.0.7\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.2.0.7\diMaster.dll" /prefetch:1 [] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2006-5-9 1119888] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-30 24652] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-5-13 33792] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-21 99376] R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcFltr.Sys [2006-3-30 15126] R3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081223.020\NAVENG.SYS [2008-12-23 89104] R3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081223.020\NAVEX15.SYS [2008-12-23 876112] R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408] S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\system32\drivers\ASPI32.sys [2006-12-27 16512] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [] S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2004-7-30 217472] S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 17277] S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2004-7-30 86648] =============== Created Last 30 ================ 2008-12-23 18:26 1,003,957 a------- c:\windows\sysexplorer.exe 2008-12-23 18:26 134,149 a------- c:\windows\reged.exe 2008-12-23 18:26 51,197 a------- c:\windows\spoolsystem.exe 2008-12-23 18:26 50,620 a------- c:\windows\sys.com 2008-12-23 18:26 47,872 a------- c:\windows\syscert.exe 2008-12-23 18:26 18,941 a------- c:\windows\vmreg.dll 2008-12-23 18:26 <DIR> --d----- c:\program files\Spyware Guard 2008 2008-12-23 18:08 3,520 a------- c:\windows\system32\tmp.reg 2008-12-23 18:07 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-23 18:07 87,552 a------- c:\windows\system32\VACFix.exe 2008-12-23 18:07 80,384 a------- c:\windows\system32\o4Patch.exe 2008-12-23 18:07 289,144 a------- c:\windows\system32\VCCLSID.exe 2008-12-23 18:07 288,417 a------- c:\windows\system32\SrchSTS.exe 2008-12-23 18:07 79,360 a------- c:\windows\system32\swxcacls.exe 2008-12-23 18:07 51,200 a------- c:\windows\system32\dumphive.exe 2008-12-23 18:07 25,600 a------- c:\windows\system32\WS2Fix.exe 2008-12-23 18:07 135,168 a------- c:\windows\system32\swreg.exe 2008-12-23 18:07 53,248 a------- c:\windows\system32\Process.exe 2008-12-22 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2008-12-22 22:19 <DIR> --d----- c:\program files\SUPERAntiSpyware 2008-12-22 22:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\SUPERAntiSpyware.com 2008-12-22 22:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2008-12-22 22:18 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes 2008-12-22 22:18 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-12-22 22:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-22 22:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2008-12-22 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2008-12-22 22:05 384,512 a------- c:\windows\system32\winscenter.exe 2008-12-22 20:57 1,661,209 ---sh--- c:\windows\system32\locdpclk.ini 2008-12-21 20:53 1,661,209 a--sh--- c:\windows\system32\mwaykfxa.ini 2008-12-21 01:16 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys 2008-12-21 01:15 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-21 01:15 60,808 a------- c:\windows\system32\S32EVNT1.DLL 2008-12-21 01:15 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-21 01:15 806 a------- c:\windows\system32\drivers\SYMEVENT.INF 2008-12-21 01:15 <DIR> --d----- c:\windows\system32\drivers\NIS 2008-12-21 01:15 <DIR> --d----- c:\program files\Norton Internet Security 2008-12-21 01:15 <DIR> --d----- c:\program files\NortonInstaller 2008-12-21 01:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8 2008-12-21 01:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2008-12-21 01:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2008-12-21 01:06 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files 2008-12-20 21:40 <DIR> --d----- c:\program files\Norton Security Scan 2008-12-20 15:10 1,661,209 a--sh--- c:\windows\system32\adnnjfku.ini ==================== Find3M ==================== 2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll 2008-10-07 18:44 139,264 a------- c:\windows\system32\hpzjrd01.dll 2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-28 21:37 326,711 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2006-12-29 00:59 1,734,081 a------- c:\program files\free-ipod-video-converter_v1.32.exe 2006-12-27 15:14 3,918,041 a------- c:\program files\x-dvd-to-ipod-converter.exe 2006-11-28 02:01 100,530,849 a------- c:\program files\Sony.ACID.Pro.v6.0.Incl.Keygen-SSG.zip ============= FINISH: 19:43:23.18 ===============
Attached File(s)
|
 |
 
|
|
Dec 23 2008, 07:59 PM
Post
#2
|
|
|
New Member Group: Members Posts: 2 Joined: 23-December 08 Member No.: 273,351 |
I forgot to mention, Norton Internet Security also often pops up with a warning that it blocks Trojan.Vundo, I'm not sure if this information helps at all.
|
|
|
|
|
Jan 2 2009, 11:32 AM
Post
#3
|
|
 Distinguished Member Group: HJT Senior Classmen Posts: 739 Joined: 27-March 05 From: Part of a breeding programme in a conservation zoo Member No.: 15,484 |
Hi nevermind2357 , Welcome to Bleeping Computer Forums!
I am The Gorilla, and will be helping you with this log It may assist you to save this page as a favourite for easy recall in the future. Can I draw your attention to the following: I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. These fixes are specific to your problem and should only be used for this issue on this machine. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes. Please reply to this thread. Do not start a new topic. Please give me some time to look over your log and I will get back to you as soon as possible. There may be a short delay in replying to you as all my posts to your need to be checked over by a HJT Expert. Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you still require assistance please can you post a new DDS log. -------------------- If I am helping you and I have not replied inside 48 hours please PM me.  Malware Beater |
|
|
|
|
Jan 8 2009, 12:55 PM
Post
#4
|
|
 Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Microsoft MVP Consumer Security
  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:14 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.