Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Spyware Softstop, Taskmgr disabled, re-occuring infection notices
   
BullGuard Antivirus Forum > General Security > Spyware > Spyware Softstop, Taskmgr disabled, re-occuring infection notices  
Forum Quick Jump
 
New Topic Post reply to : Spyware Softstop, Taskmgr disabled, re-occuring infection notices Printable version of : Spyware Softstop, Taskmgr disabled, re-occuring infection notices
[ << Previous Thread | Next Thread >> ]

AREdwards
New Member


Date Joined Sep 2007
Total Posts : 3
  		   Posted 9-28-2007 2:08 (GMT +1)    Quote: Spyware Softstop, Taskmgr disabled, re-occuring infection noticesAlert an admin about: Spyware Softstop, Taskmgr disabled, re-occuring infection notices
Description/Symptoms
 
Taskmgr gets disabled.
Desktop picture gets changed to a spyware warning.
IE7 and other programs get shutdown on critical errors with a splash screen requesting I send in Error Reports.
IE7 splash window that says it cant find a C:\*\.htm file that opens and closes so fast I cant see what it is trying to hijack my browser to...
PC Tools Spyware Doctor (paid version) says that it sees Spyware Softstop and claims to remove it but it keeps coming back
Display Control panel will not allow me to change my desktop picture to anything, but I can open my picture in paint and let it reset my desktop image.
 
So far I have:
PC Pitstop Exterminate to reactivate taskmgr and remove the annoyance.
CCleaner to remove all temp files and to remove unknown entries in startup menu
I have run combofix, rootchk, vundofix, hijackthis
 
Trojan-pws.tanspy was just removed by Spyware Doctor
 
Please help me prevent my browser, desktop, computer from being reinfected by this virus/spyware/malware.
 
I am using paid version Spyware Doctor as my antivirus software and paid version Bullguard as my firewall.
 
LOGS:
Logfile of HijackThis v1.99.1
Scan saved at 19:04, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\AOL\1153744232\ee\AOLSoftware.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\AOL\1153744232\ee\aolsoftware.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Arthur\Desktop\ANTI SPYWARE\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AKHelper.HelperBHO - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EF3446E8-FC32-4E55-9C56-0B8DA015FC10} - C:\WINDOWS\system32\GE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153744232\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} - http://courier.sigaba.com/courier624/couriercontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124543424812
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/be!!!eled2/popcaploader_v7.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
**************
ComboFix 07-09-21.2 - "Arthur" 2007-09-27 18:43:52.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.569 [GMT -5:00]
 * Created a new restore point
.
(((((((((((((((((((((((((   Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.
2007-09-27 18:44 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2007-09-27 18:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-27 18:02 <DIR> d-------- C:\VundoFix Backups
2007-09-26 18:21 6,176 --a------ C:\WINDOWS\system32\win321.exe
2007-09-26 18:21 31,094 --a------ C:\WINDOWS\system32\center2.exe
2007-09-26 18:21 226,166 --a------ C:\WINDOWS\system32\center.exe
2007-09-24 18:25 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-20 12:14 <DIR> d-------- C:\Program Files\CCleaner
2007-09-19 13:28 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-09-19 13:28 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-09-19 11:46 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-19 11:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 08:29 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-18 08:29 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-18 08:29 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-18 08:29 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-09-18 08:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-18 08:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-18 08:27 <DIR> d-------- C:\DOCUME~1\Arthur\APPLIC~1\PC Tools
2007-09-18 08:17 <DIR> d-------- C:\Program Files\AVPersonal
2007-09-17 21:57 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-17 21:49 <DIR> d-------- C:\Program Files\PCPitstop
2007-09-17 21:49 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-17 20:42 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-17 18:51 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-17 05:22 492,544 --a------ C:\WINDOWS\system32\HtBt.dll
2007-09-16 18:58 541,696 --a------ C:\WINDOWS\system32\GE.dll
2007-09-16 18:58 <DIR> d-------- C:\Program Files\SoftPortal
2007-09-16 18:10 76,800 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-16 18:10 1,590,784 --a------ C:\WINDOWS\system32\SoUI.dll
2007-09-16 13:24 1,659,017 --a------ C:\WINDOWS\system32\5778.exe
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 17:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-20 15:53 --------- d-------- C:\Program Files\PCFriendly
2007-09-20 15:32 --------- d-------- C:\Program Files\Yahoo!
2007-09-20 12:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 11:20 --------- d-------- C:\DOCUME~1\Arthur\APPLIC~1\BullGuard
2007-08-25 12:11 --------- d-------- C:\Program Files\Viewpoint
2007-08-25 12:11 --------- d-------- C:\Program Files\Common Files\Viewpoint
2007-08-25 12:11 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-25 12:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-11 13:47 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-11 13:45 --------- d-------- C:\Program Files\HoltPuzzlePro
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026B5895-3E8E-49A9-8EEE-B52A326DA962}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}]
2007-09-24 23:00 541696 --a------ C:\WINDOWS\system32\GE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"DXDllRegExe"="dxdllreg.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1153744232\ee\AOLSoftware.exe" [2006-09-25 19:52]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 16:59]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-09-10 09:03]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe" [2006-01-16 09:51]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE"
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 avgntdw;avgntdw;\??\C:\Program Files\AVPersonal\AVGNTDW.SYS
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 Reconn;BullGuard Mail Monitor;\??\C:\Program Files\BullGuard Software\BullGuard 5.0\reconn.sys
S3 FileSpy5;BullGuard File Monitor;\??\C:\Program Files\BullGuard Software\BullGuard 5.0\filespy5.sys
S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5 BGMainSvc BsFileSpy BsMailProxy BsFirewall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 22:33:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
C:\ComboFix\temp00
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 18:47:46
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-27 18:50:43
C:\ComboFix-quarantined-files.txt ... 2007-09-27 18:50
C:\ComboFix2.txt ... 2007-09-26 18:51
.
 --- E O F ---
 
*************
 
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
Thu 09/27/2007 18:38:50.65
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 18:38:52
Windows 5.1.2600 Service Pack 2
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
detected NTDLL code modification:
ZwClose
scanning hidden services & system hive ...
detected NTDLL code modification:
ZwClose
scanning hidden registry entries ...
detected NTDLL code modification:
ZwClose
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
******************

VundoFix V6.5.9
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:02:37 PM 9/27/2007
Listing files found while scanning....
No infected files were found.
 
 
Back to Top
 

AREdwards
New Member


Date Joined Sep 2007
Total Posts : 3
  		   Posted 9-28-2007 3:11 (GMT +1)    Quote: Spyware Softstop, Taskmgr disabled, re-occuring infection noticesAlert an admin about: Spyware Softstop, Taskmgr disabled, re-occuring infection notices
Updated HijackThis log....
I deleted somethings that I suspected....
 
 
Logfile of HijackThis v1.99.1
Scan saved at 21:12, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1153744232\ee\AOLSoftware.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe
C:\Program Files\Common Files\AOL\1153744232\ee\aolsoftware.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Arthur\Desktop\ANTI SPYWARE\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AKHelper.HelperBHO - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153744232\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} - http://courier.sigaba.com/courier624/couriercontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124543424812
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/be!!!eled2/popcaploader_v7.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Back to Top
 
New Topic Post reply to : Spyware Softstop, Taskmgr disabled, re-occuring infection notices Printable version of : Spyware Softstop, Taskmgr disabled, re-occuring infection notices
 
Forum Information
Currently it is Thursday, November 20, 2008 10:28 PM (GMT +1)
There are a total of 63.947 posts in 15.823 threads.
In the last 3 days there were 33 new threads and 164 reply posts. View Active Threads
Who's Online
This forum has 27180 registered members. Please welcome our newest member, kpapetersson.
52 Guest(s), 2 Registered Member(s) are currently online.  Details
bizzaro, bmullenix
5 Latest Threads
Trojan horse SHeur2.FO help :( (3)20-11-2008 21:23:39 (bizzaro)
Bullguard quits scanning after 6200 files (0)20-11-2008 19:59:07 (Ruud Smit)
Virus issues- please help (7)20-11-2008 19:16:52 (digi)
Malware.Trace / Trojan.Vundo - PLEASE HELP CAN'T REMOVE!! (6)20-11-2008 19:07:37 (patel121)
Internet Redircet Virus on Vista (9)20-11-2008 19:02:33 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard