There's no such thing as a stupid question, but they're the easiest to answer.


Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: my way my web search pupsc


clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
21-Jan-2009, 07:35 AM #1
Question my way my web search pupsc
My system is Vista Home Premium with an Athlon Dual Core 4000+. I hope that is enough info and my problem is this. I ran Spybot S & D and after fixing most of the problems I was left with My Way My Web Search PUPSC. I found one "solution" by downloading Super AntiSpyware but that didn't solve the problem and am stuck with this nasty. Is there any way I can get rid of this that you know of. Would be much obliged.
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
21-Jan-2009, 07:36 AM #2
Sure.I understand and thank you in anticipation.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,601 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jan-2009, 08:34 AM #3
Download Malwarebytes Antimalware

Full instructions for use are shown here,5946.0.html

follow all instructions & post back its log & a new HJT log when finished

Please download Malwarebytes' Anti-Malware to your desktop
from HERE or HERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
22-Jan-2009, 07:00 AM #4
Malwarebytes' Anti-Malware 1.33
Database version: 1676
Windows 6.0.6001 Service Pack 1

22/01/2009 9:03:08 PM
mbam-log-2009-01-22 (21-03-08).txt

Scan type: Quick Scan
Objects scanned: 52486
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
Hello Derek, Many thanks for your help. I tried that malware site and scanned the system and it found a couple of "ask toolbar" entries which I duly rid myself of.
Alas when I ran a Spybot S&D scan the same old same old came into view. I checked on the report and it did say that sometimes when uninstalled My Way My Web Search leaves residual entries and they are probably there forever.
My log file is above. I hope this is what you wanted.
I used to live in Saffron Walden btw. Long time ago now.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,601 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jan-2009, 09:10 AM #5
Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
23-Jan-2009, 03:26 AM #6
Many thanks and I'll try it out and let you know how if it worked out.
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
24-Jan-2009, 03:26 AM #7
I tried downloading combofix but for some reason it wouldn't fully download. I kept getting messages about renaming with alphanumeric and some other gobbdlegook. I don't want to keep my computer at risk by closing everything down on a questionable download like this thanks. I'll live with the registry entries .
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
24-Jan-2009, 03:43 AM #8
In addition to problems downloading, I wasn't given the option of saving to the desk top and now I can't rid myself of the programme.
As I said before I'll just have to live with MyWay My Web Search.
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
24-Jan-2009, 04:18 AM #9
I did manage, after all, to run a check although I couldn't access the download via the desktop so I imagine this would invalidate any results. However I enclose a log file of the results. ComboFix 09-01-21.04 - Owner 2009-01-24 18:50:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1919.649 [GMT 10:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
FW: Webroot Internet Security Essentials *enabled*

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))

2009-01-22 20:52 . 2009-01-22 20:52 <DIR> d-------- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-01-22 20:51 . 2009-01-22 20:51 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-22 20:51 . 2009-01-22 20:51 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-22 20:51 . 2009-01-22 20:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 20:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-22 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\users\All Users\
2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\programdata\
2009-01-19 21:50 . 2009-01-19 21:50 <DIR> d-------- c:\users\Owner\AppData\Roaming\
2009-01-19 21:50 . 2009-01-20 11:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-19 21:49 . 2009-01-19 21:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-19 20:57 . 2009-01-19 20:57 <DIR> d-------- C:\VundoFix Backups
2009-01-15 23:05 . 2009-01-15 23:05 <DIR> d--h----- c:\program files\Temp
2009-01-15 21:20 . 2009-01-15 21:20 <DIR> d-------- c:\program files\TechTracker
2009-01-14 09:13 . 2008-12-16 12:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-01-24 08:32 --------- d---a-w c:\programdata\TEMP
2009-01-24 06:44 --------- d-----w c:\programdata\Google Updater
2009-01-23 08:26 --------- d-----w c:\users\Owner\AppData\Roaming\Skype
2009-01-21 23:30 --------- d-----w c:\program files\McAfee
2009-01-19 10:17 --------- d-----w c:\users\Owner\AppData\Roaming\MiniDm
2009-01-19 10:17 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-19 09:53 --------- d-----w c:\programdata\NVIDIA
2009-01-15 13:05 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-15 13:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 11:45 --------- d-----w c:\users\Owner\AppData\Roaming\VersionTracker Pro
2009-01-15 11:34 --------- d-----w c:\program files\Secunia
2009-01-13 23:27 --------- d-----w c:\program files\Windows Mail
2008-12-26 05:15 --------- d-----w c:\programdata\WinZip
2008-12-18 13:00 --------- d-----w c:\users\Owner\AppData\Roaming\Webroot
2008-12-16 12:01 --------- d-----w c:\program files\Safari
2008-12-16 12:01 --------- d-----w c:\program files\Bonjour
2008-12-12 01:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 01:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-10 14:17 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2008-12-05 13:15 --------- d-----w c:\users\Owner\AppData\Roaming\Uniblue
2008-12-05 13:15 --------- d-----w c:\program files\Uniblue
2008-12-05 08:23 --------- d-----w c:\program files\CATraxx
2008-12-03 09:19 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-03 06:47 --------- d-----w c:\program files\DVDneXtCOPY2
2008-12-03 06:47 --------- d-----w c:\program files\Common Files\DistributeShield
2008-12-03 06:33 --------- d-----w c:\users\Owner\AppData\Roaming\SystemRequirementsLab
2008-12-03 06:33 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-03 06:12 --------- d-----w c:\program files\java
2008-11-27 10:08 --------- d-----w c:\programdata\Media Manager
2008-11-27 10:08 --------- d-----w c:\program files\Media Manager
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-26 12:45 --------- d-----w c:\program files\Machinist2DLL
2008-11-26 11:58 --------- d-----w c:\program files\Common Files\DVDnextCOPY2
2008-11-26 11:17 --------- d-----w c:\program files\CyberLink
2008-11-26 00:40 --------- d-----w c:\programdata\Apple Computer
2008-11-26 00:40 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:40 --------- d-----w c:\program files\iTunes
2008-11-26 00:40 --------- d-----w c:\program files\iPod
2008-11-26 00:40 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 23:25 --------- d-----w c:\program files\QuickTime
2008-11-19 06:27 164 ----a-w C:\install.dat
2008-11-13 07:11 1,553,272 ----a-w c:\windows\WRSetup.dll
2008-11-09 19:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-02 22:40 16,307,608 ----a-w c:\users\Owner\&filename=jre-6u10-windows-i586-p-s.exe
2008-09-26 07:33 7,334,496 ----a-w c:\users\Owner\Firefox Setup 3.0.3.exe
2008-08-18 12:54 10,509,024 ----a-w c:\users\Owner\catraxx_update_setup.exe
2008-07-16 13:33 61,424 ----a-w c:\users\Owner\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-01 03:36 174 --sha-w c:\program files\desktop.ini

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL" [2008-08-14 66912]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-14 12:04 66912 --a------ c:\program files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Picasa Media Detector"="c:\program files\Picasa2\PICASAMEDIADETECTOR.EXE" [2008-08-21 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]
"WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2008-10-10 333120]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-25 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-27 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2008-10-10 333120]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-11-13 6273400]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRCons umerService]

"TCP Query User{BA04C13F-693D-4BA5-82B8-8FA599CF049A}c:\\program files\\firefly 2\\firefly.exe"= UDP:c:\program files\firefly 2\firefly.exe:Firefly 2
"UDP Query User{3871CA0A-D9B9-41A4-9FF7-91F60D074122}c:\\program files\\firefly 2\\firefly.exe"= TCP:c:\program files\firefly 2\firefly.exe:Firefly 2
"TCP Query User{85BDCB4A-68DB-4104-8105-E97C2C625E43}c:\\program files\\firefly 3\\freshtelip.exe"= UDP:c:\program files\firefly 3\freshtelip.exe:Firefly 3.0 Beta
"UDP Query User{D2300406-EA4A-453F-A250-0FDC7AF55806}c:\\program files\\firefly 3\\freshtelip.exe"= TCP:c:\program files\firefly 3\freshtelip.exe:Firefly 3.0 Beta
"TCP Query User{51860643-A930-421F-8CE9-495CDA51E67A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3DD8BCAD-939B-41C9-B3AD-052DF5DB8851}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{9E7CB854-AFDF-4174-9C45-B50037BCB249}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C9A1050A-AFCE-4D8D-AB7B-B793C7156F49}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B4AE2B63-A68B-4126-BB05-529764690B84}c:\\users\\owner\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.e xe"= UDP:c:\users\owner\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{CB0C8F5B-0759-4E37-B9FA-89CB2A84CE95}c:\\users\\owner\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.e xe"= TCP:c:\users\owner\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{2E9806CC-2E0E-49A8-B730-B8CC8A39D722}c:\\users\\owner\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.e xe"= UDP:c:\users\owner\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{EC1B2996-208A-4EE8-B1EB-78670AAE530A}c:\\users\\owner\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.e xe"= TCP:c:\users\owner\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{C97D38B1-618A-44D7-B731-9CA3F6B30150}c:\\users\\owner\\appdata\\local\\temp\\ixp002.tmp\\smwinvnc.e xe"= UDP:c:\users\owner\appdata\local\temp\ixp002.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{AF57A208-0F9B-4850-BF43-5B4814CD7FC1}c:\\users\\owner\\appdata\\local\\temp\\ixp002.tmp\\smwinvnc.e xe"= TCP:c:\users\owner\appdata\local\temp\ixp002.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{282ACFCB-2343-488D-A4D7-0DDABCE3C2F7}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D0FA29D4-511B-4F00-8B55-09D27A926F62}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{9D729025-3243-4A05-85F3-44D1695C604A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6550C752-6684-4DFF-BA0F-D4159286BF6A}"= UDP:d:\catraxx\CATraxx.exe:CATraxx
"{FF90FEEA-2C61-4F90-B697-4E40E5839278}"= TCP:d:\catraxx\CATraxx.exe:CATraxx
"TCP Query User{D5002F57-A2DD-4402-86EC-84E9434111B1}c:\\program files\\infogrames interactive\\scrabble complete\\scrabblecomplete.exe"= UDP:c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe:Scrabble Complete
"UDP Query User{69FA6F86-037E-416E-8693-79397C354B06}c:\\program files\\infogrames interactive\\scrabble complete\\scrabblecomplete.exe"= TCP:c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe:Scrabble Complete
"{40178B4D-A353-4E99-AB17-02DF268D3A0A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5352BA0B-2283-4206-B927-99890EA80120}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{033D7017-99F8-4C74-9257-FD82A48BC762}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{23A44B31-8893-4BB1-A768-E89D80D57327}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7D8AD193-0543-490D-A9D2-59E5866C8762}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{3A9CD02C-FBD4-4E12-BC93-7719BE053610}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{351E44C5-DF20-4DDF-B794-911A1A72133E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-08-17 111184]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-11 7808]
R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-08-17 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-08-17 51792]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-07-24 206096]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-08-11 810320]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-11-19 1086840]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\Google Desktop Search\GoogleDesktop.exe [2008-03-02 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-22 38496]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{7dc7cfe1-0b54-11dd-aa77-001bfc35cf50}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b7947634-2210-11dd-a475-001bfc35cf50}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{DCB031DF-9652-49EF-BE9F-BCE7384007BA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 17:33]

2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue SpeedUpMyPC - (no file)

------- Supplementary Scan -------
uStart Page = hxxp://
uDefault_Search_URL = hxxp://
uSearch Bar = hxxp://
mSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://
uSearchURL,(Default) = hxxp://
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxps://
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iqo5h90k.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-01-24 19:02:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)

- - - - - - - > 'Explorer.exe'(3468)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
------------------------ Other Running Processes ------------------------
c:\program files\alwil software\Avast4\aswUpdSv.exe
c:\program files\alwil software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Secunia\PSI\psi.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\iPod\bin\iPodService.exe
Completion time: 2009-01-24 19:10:46 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-24 09:10:33

Pre-Run: 232,033,406,976 bytes free
Post-Run: 231,896,760,320 bytes free

266 --- E O F --- 2009-01-24 06:44:05
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,601 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Jan-2009, 09:51 AM #10
no sign of it there so they are just harmless left overs that only spybot worries about

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then *RUN*
* Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.

Turn off system restore by following instructions here
for XP
or for Vista

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

go here for info on how to tighten your security settings and how to help prevent future attacks.

and scan here for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
25-Jan-2009, 06:59 PM #11
Hi, I looked at the bleeping computers site but couldn't find anything there relating to turning off "system restore". I got as far as uninstalling combo fix but no further. Is there a simple way of turning off system restore?None of the manuals on Vista mention anything about turning it off and on.
Thanks for the help so far.
clentfer's Avatar
clentfer clentfer is offline
Computer Specs
Junior Member with 9 posts.
Join Date: Jan 2009
Experience: Beginner
25-Jan-2009, 08:07 PM #12
resolved at last
Updating my last panic reaction. I enroled at the site and found the answer I needed concerning system restore. Have done all that you recommended and am now back to normal. Many, many thanks for your help, understanding and patience. It was much appreciated.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

You Are Using: Server ID
Trusted Website Back to the Top ↑