Solved Antispyware Safeguard virus

S

Sonny Chiba57

Member
This is for Jacee..Thanx so so so much for your help. I followed your instructions and I do believe I solved the problem. I can now use my task manager and open internet explorer. Combofix did give me a log on deleted files that seemed to be greek to me. Were these files deleted cause they were infected? What do I do with this log? Again thank you for your help.
 

My Computer

System One

I didn't do anything ... I didn't even see the combofix log! :confused:
If you still have it, please copy and paste it back here in your next reply.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Here it is..


Code: 
ComboFix 10-10-04.01 - sonnyc 10/05/2010  11:06:01.1.1 - x86
Running from: c:\documents and settings\sonnyc\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sonnyc\Application Data\Y.exe
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0009F3CD
c:\program files\MyWebSearch\bar\Cache\00A4ED88.bin
c:\program files\MyWebSearch\bar\Cache\09D0636E
c:\program files\MyWebSearch\bar\Cache\09D2FD27
c:\program files\MyWebSearch\bar\Cache\09D30CAF.bin
c:\program files\MyWebSearch\bar\Cache\09D316EF.bin
c:\program files\MyWebSearch\bar\Cache\09D31E04.bin
c:\program files\MyWebSearch\bar\Cache\09D3277B.bin
c:\program files\MyWebSearch\bar\Cache\09D32D77.bin
c:\program files\MyWebSearch\bar\Cache\09FD3257.bin
c:\program files\MyWebSearch\bar\Cache\09FD4A52.bin
c:\program files\MyWebSearch\bar\Cache\0EBA3076.bin
c:\program files\MyWebSearch\bar\Cache\0FD60238.bin
c:\program files\MyWebSearch\bar\Cache\0FD6110C.bin
c:\program files\MyWebSearch\bar\Cache\0FD615A9.bin
c:\program files\MyWebSearch\bar\Cache\0FD618DF
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\w.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_Ias
-------\Service_MyWebSearchService

(((((((((((((((((((((((((   Files Created from 2010-09-05 to 2010-10-05  )))))))))))))))))))))))))))))))
.
2010-10-05 06:41 . 2010-10-05 06:41 388096 ----a-r- c:\documents and settings\sonnyc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-05 06:41 . 2010-10-05 06:41 -------- d-----w- c:\program files\Trend Micro
2010-09-29 06:42 . 2010-09-29 06:42 17864 ----a-w- c:\documents and settings\sonnyc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 02:59 . 2010-09-29 02:59 -------- d-----w- c:\documents and settings\sonnyc\Application Data\Skinux
2010-09-26 19:22 . 2010-09-26 19:20 652288 ----a-w- c:\documents and settings\sonnyc\Application Data\hotfix.exe
2010-09-06 18:35 . 2010-09-06 18:35 258048 ----a-w- c:\windows\system32\mc46288.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 01:52 . 2008-10-30 16:14 -------- d-----w- c:\documents and settings\sonnyc\Application Data\OpenOffice.org2
2010-10-05 01:45 . 2008-10-30 16:16 1 ----a-w- c:\documents and settings\sonnyc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-09-26 22:17 . 2009-08-23 05:12 -------- d-----w- c:\documents and settings\sonnyc\Application Data\Skype
2010-09-26 22:09 . 2009-08-23 05:17 -------- d-----w- c:\documents and settings\sonnyc\Application Data\skypePM
2010-08-23 02:40 . 2010-08-12 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-16 18:56 . 2010-05-28 12:45 -------- d-----w- c:\program files\Error Fix
2010-08-16 18:55 . 2008-10-25 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-16 18:35 . 2010-07-14 14:04 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-12 01:49 . 2010-08-12 01:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-12 01:33 . 2010-08-12 01:29 -------- d-----w- c:\program files\Symantec
2010-08-12 01:33 . 2010-08-12 01:32 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-12 01:33 . 2010-08-12 01:32 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-12 01:33 . 2010-08-12 01:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-12 01:33 . 2010-08-12 01:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58A6E230-300B-33B0-8C00-A70B34979EAE}]
2010-09-06 18:35 258048 ----a-w- c:\windows\system32\mc46288.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet v series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sonnyc^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\sonnyc\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sonnyc^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\sonnyc\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-04 22:57 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 10:52 380928 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 08:42 144784 ----a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SBC Self Support Tool\\bin\\mad.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-12-02 23888]
S3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [2001-08-17 42112]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-15 102448]
S3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [2001-08-17 3840]
S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [2001-08-17 30720]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/*[URL="http://yahoo.sbc.com/dsl"]ATT.NET - Email, News, Sports, Entertainment and Games[/URL]
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*[URL="http://www.yahoo.com/ext/search/search.html"]Yahoo! SearchBar Home Page[/URL]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*[URL="http://www.yahoo.com"]Yahoo![/URL]
IE: Add to Windows &Live Favorites - [URL="http://favorites.live.com/quickadd.aspx"]Welcome to Windows Live[/URL]
DPF: Microsoft XML Parser for Java - [URL="file://c:%5Cwindows%5CJava%5Cclasses%5Cxmldso.cab"]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
SafeBoot-Symantec Antvirus
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-10-05  12:16:59 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-05 17:16
Pre-Run: 16,612,831,232 bytes free
Post-Run: 17,021,345,792 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FAE28525C5546512885C48B425E6D80B
 

My Computer

System One

Sonny Chiba57 said:
This is for Jacee..Thanx so so so much for your help. I followed your instructions and I do believe I solved the problem. I can now use my task manager and open internet explorer. Combofix did give me a log on deleted files that seemed to be greek to me. Were these files deleted cause they were infected? What do I do with this log? Again thank you for your help.
Click to expand...
Hi i have just ended up with this annoying virus and all these links appear free then after scanning and it tells you how many trojans or threats its found then says how much you have to pay. So can you tell me if this is the same and does it fully remove the virus not just store it till the trial expires then they come back!!!
 

My Computer

System One

  • Manufacturer/Model
    Acer ferrari laptop
You must log in or register to reply here.
Back
Top