1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

my way my web search pupsc

Discussion in 'Virus & Other Malware Removal' started by clentfer, Jan 21, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    My system is Vista Home Premium with an Athlon Dual Core 4000+. I hope that is enough info and my problem is this. I ran Spybot S & D and after fixing most of the problems I was left with My Way My Web Search PUPSC. I found one "solution" by downloading Super AntiSpyware but that didn't solve the problem and am stuck with this nasty. Is there any way I can get rid of this that you know of.[​IMG] Would be much obliged.
     
  2. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    Sure.I understand and thank you in anticipation.
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Download Malwarebytes Antimalware

    Full instructions for use are shown here
    http://thespykiller.co.uk/index.php/topic,5946.0.html

    follow all instructions & post back its log & a new HJT log when finished


    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE or HERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform quick scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     
  4. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    Malwarebytes' Anti-Malware 1.33
    Database version: 1676
    Windows 6.0.6001 Service Pack 1

    22/01/2009 9:03:08 PM
    mbam-log-2009-01-22 (21-03-08).txt

    Scan type: Quick Scan
    Objects scanned: 52486
    Time elapsed: 3 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    Hello Derek, Many thanks for your help. I tried that malware site and scanned the system and it found a couple of "ask toolbar" entries which I duly rid myself of.
    Alas when I ran a Spybot S&D scan the same old same old came into view. I checked on the report and it did say that sometimes when uninstalled My Way My Web Search leaves residual entries and they are probably there forever.
    My log file is above. I hope this is what you wanted.
    I used to live in Saffron Walden btw. Long time ago now.
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns
     
  6. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    Many thanks and I'll try it out and let you know how if it worked out.
     
  7. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    I tried downloading combofix but for some reason it wouldn't fully download. I kept getting messages about renaming with alphanumeric and some other gobbdlegook. I don't want to keep my computer at risk by closing everything down on a questionable download like this thanks. I'll live with the registry entries .
     
  8. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    In addition to problems downloading, I wasn't given the option of saving to the desk top and now I can't rid myself of the programme. [​IMG]
    As I said before I'll just have to live with MyWay My Web Search.
     
  9. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    I did manage, after all, to run a check although I couldn't access the download via the desktop so I imagine this would invalidate any results. However I enclose a log file of the results. ComboFix 09-01-21.04 - Owner 2009-01-24 18:50:33.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1919.649 [GMT 10:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    FW: Webroot Internet Security Essentials *enabled*
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
    .

    2009-01-22 20:52 . 2009-01-22 20:52 <DIR> d-------- c:\users\Owner\AppData\Roaming\Malwarebytes
    2009-01-22 20:51 . 2009-01-22 20:51 <DIR> d-------- c:\users\All Users\Malwarebytes
    2009-01-22 20:51 . 2009-01-22 20:51 <DIR> d-------- c:\programdata\Malwarebytes
    2009-01-22 20:51 . 2009-01-22 20:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 20:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-01-22 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
    2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
    2009-01-19 21:50 . 2009-01-19 21:50 <DIR> d-------- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2009-01-19 21:50 . 2009-01-20 11:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2009-01-19 21:49 . 2009-01-19 21:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
    2009-01-19 20:57 . 2009-01-19 20:57 <DIR> d-------- C:\VundoFix Backups
    2009-01-15 23:05 . 2009-01-15 23:05 <DIR> d--h----- c:\program files\Temp
    2009-01-15 21:20 . 2009-01-15 21:20 <DIR> d-------- c:\program files\TechTracker
    2009-01-14 09:13 . 2008-12-16 12:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 08:32 --------- d---a-w c:\programdata\TEMP
    2009-01-24 06:44 --------- d-----w c:\programdata\Google Updater
    2009-01-23 08:26 --------- d-----w c:\users\Owner\AppData\Roaming\Skype
    2009-01-21 23:30 --------- d-----w c:\program files\McAfee
    2009-01-19 10:17 --------- d-----w c:\users\Owner\AppData\Roaming\MiniDm
    2009-01-19 10:17 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-01-19 09:53 --------- d-----w c:\programdata\NVIDIA
    2009-01-15 13:05 319,456 ----a-w c:\windows\DIFxAPI.dll
    2009-01-15 13:05 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-15 11:45 --------- d-----w c:\users\Owner\AppData\Roaming\VersionTracker Pro
    2009-01-15 11:34 --------- d-----w c:\program files\Secunia
    2009-01-13 23:27 --------- d-----w c:\program files\Windows Mail
    2008-12-26 05:15 --------- d-----w c:\programdata\WinZip
    2008-12-18 13:00 --------- d-----w c:\users\Owner\AppData\Roaming\Webroot
    2008-12-16 12:01 --------- d-----w c:\program files\Safari
    2008-12-16 12:01 --------- d-----w c:\program files\Bonjour
    2008-12-12 01:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 01:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-12-10 14:17 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
    2008-12-05 13:15 --------- d-----w c:\users\Owner\AppData\Roaming\Uniblue
    2008-12-05 13:15 --------- d-----w c:\program files\Uniblue
    2008-12-05 08:23 --------- d-----w c:\program files\CATraxx
    2008-12-03 09:19 --------- d-----w c:\program files\Common Files\Adobe AIR
    2008-12-03 06:47 --------- d-----w c:\program files\DVDneXtCOPY2
    2008-12-03 06:47 --------- d-----w c:\program files\Common Files\DistributeShield
    2008-12-03 06:33 --------- d-----w c:\users\Owner\AppData\Roaming\SystemRequirementsLab
    2008-12-03 06:33 --------- d-----w c:\program files\SystemRequirementsLab
    2008-12-03 06:12 --------- d-----w c:\program files\java
    2008-11-27 10:08 --------- d-----w c:\programdata\Media Manager
    2008-11-27 10:08 --------- d-----w c:\program files\Media Manager
    2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
    2008-11-26 12:45 --------- d-----w c:\program files\Machinist2DLL
    2008-11-26 11:58 --------- d-----w c:\program files\Common Files\DVDnextCOPY2
    2008-11-26 11:17 --------- d-----w c:\program files\CyberLink
    2008-11-26 00:40 --------- d-----w c:\programdata\Apple Computer
    2008-11-26 00:40 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-26 00:40 --------- d-----w c:\program files\iTunes
    2008-11-26 00:40 --------- d-----w c:\program files\iPod
    2008-11-26 00:40 --------- d-----w c:\program files\Common Files\Apple
    2008-11-25 23:25 --------- d-----w c:\program files\QuickTime
    2008-11-19 06:27 164 ----a-w C:\install.dat
    2008-11-13 07:11 1,553,272 ----a-w c:\windows\WRSetup.dll
    2008-11-09 19:43 410,984 ----a-w c:\windows\System32\deploytk.dll
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-10-02 22:40 16,307,608 ----a-w c:\users\Owner\&filename=jre-6u10-windows-i586-p-s.exe
    2008-09-26 07:33 7,334,496 ----a-w c:\users\Owner\Firefox Setup 3.0.3.exe
    2008-08-18 12:54 10,509,024 ----a-w c:\users\Owner\catraxx_update_setup.exe
    2008-07-16 13:33 61,424 ----a-w c:\users\Owner\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-04-01 03:36 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL" [2008-08-14 66912]

    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    2008-08-14 12:04 66912 --a------ c:\program files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Picasa Media Detector"="c:\program files\Picasa2\PICASAMEDIADETECTOR.EXE" [2008-08-21 443968]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]
    "WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2008-10-10 333120]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-25 160592]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-27 81000]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2008-10-10 333120]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-11-13 6273400]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=G

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{BA04C13F-693D-4BA5-82B8-8FA599CF049A}c:\\program files\\firefly 2\\firefly.exe"= UDP:c:\program files\firefly 2\firefly.exe:Firefly 2
    "UDP Query User{3871CA0A-D9B9-41A4-9FF7-91F60D074122}c:\\program files\\firefly 2\\firefly.exe"= TCP:c:\program files\firefly 2\firefly.exe:Firefly 2
    "TCP Query User{85BDCB4A-68DB-4104-8105-E97C2C625E43}c:\\program files\\firefly 3\\freshtelip.exe"= UDP:c:\program files\firefly 3\freshtelip.exe:Firefly 3.0 Beta
    "UDP Query User{D2300406-EA4A-453F-A250-0FDC7AF55806}c:\\program files\\firefly 3\\freshtelip.exe"= TCP:c:\program files\firefly 3\freshtelip.exe:Firefly 3.0 Beta
    "TCP Query User{51860643-A930-421F-8CE9-495CDA51E67A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{3DD8BCAD-939B-41C9-B3AD-052DF5DB8851}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{9E7CB854-AFDF-4174-9C45-B50037BCB249}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{C9A1050A-AFCE-4D8D-AB7B-B793C7156F49}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{B4AE2B63-A68B-4126-BB05-529764690B84}c:\\users\\owner\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\owner\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
    "UDP Query User{CB0C8F5B-0759-4E37-B9FA-89CB2A84CE95}c:\\users\\owner\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\owner\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
    "TCP Query User{2E9806CC-2E0E-49A8-B730-B8CC8A39D722}c:\\users\\owner\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= UDP:c:\users\owner\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
    "UDP Query User{EC1B2996-208A-4EE8-B1EB-78670AAE530A}c:\\users\\owner\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= TCP:c:\users\owner\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
    "TCP Query User{C97D38B1-618A-44D7-B731-9CA3F6B30150}c:\\users\\owner\\appdata\\local\\temp\\ixp002.tmp\\smwinvnc.exe"= UDP:c:\users\owner\appdata\local\temp\ixp002.tmp\smwinvnc.exe:smwinvnc.exe
    "UDP Query User{AF57A208-0F9B-4850-BF43-5B4814CD7FC1}c:\\users\\owner\\appdata\\local\\temp\\ixp002.tmp\\smwinvnc.exe"= TCP:c:\users\owner\appdata\local\temp\ixp002.tmp\smwinvnc.exe:smwinvnc.exe
    "TCP Query User{282ACFCB-2343-488D-A4D7-0DDABCE3C2F7}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{D0FA29D4-511B-4F00-8B55-09D27A926F62}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "{9D729025-3243-4A05-85F3-44D1695C604A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6550C752-6684-4DFF-BA0F-D4159286BF6A}"= UDP:d:\catraxx\CATraxx.exe:CATraxx
    "{FF90FEEA-2C61-4F90-B697-4E40E5839278}"= TCP:d:\catraxx\CATraxx.exe:CATraxx
    "TCP Query User{D5002F57-A2DD-4402-86EC-84E9434111B1}c:\\program files\\infogrames interactive\\scrabble complete\\scrabblecomplete.exe"= UDP:c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe:Scrabble Complete
    "UDP Query User{69FA6F86-037E-416E-8693-79397C354B06}c:\\program files\\infogrames interactive\\scrabble complete\\scrabblecomplete.exe"= TCP:c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe:Scrabble Complete
    "{40178B4D-A353-4E99-AB17-02DF268D3A0A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{5352BA0B-2283-4206-B927-99890EA80120}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{033D7017-99F8-4C74-9257-FD82A48BC762}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{23A44B31-8893-4BB1-A768-E89D80D57327}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{7D8AD193-0543-490D-A9D2-59E5866C8762}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{3A9CD02C-FBD4-4E12-BC93-7719BE053610}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{351E44C5-DF20-4DDF-B794-911A1A72133E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

    R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2008-11-12 29808]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-08-17 111184]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
    R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-11 7808]
    R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-08-17 20560]
    R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-08-17 51792]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-07-24 206096]
    R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-08-11 810320]
    R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-11-19 1086840]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\Google Desktop Search\GoogleDesktop.exe [2008-03-02 29744]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-22 38496]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc7cfe1-0b54-11dd-aa77-001bfc35cf50}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7947634-2210-11dd-a475-001bfc35cf50}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-24 c:\windows\Tasks\Ad-Aware Update (Daily).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

    2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{DCB031DF-9652-49EF-BE9F-BCE7384007BA}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 17:33]

    2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11]

    2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11]

    2009-01-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - A:\ []
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Uniblue SpeedUpMyPC - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://thundercloud.net/start/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://www.google.com/ie
    mSearch Bar =
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
    DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxps://membership.cyberlink.com/vista/prog/CLVistaGenie.cab
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iqo5h90k.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 19:02:52
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(756)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(3468)
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\alwil software\Avast4\aswUpdSv.exe
    c:\program files\alwil software\Avast4\ashServ.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\google\Common\Google Updater\GoogleUpdaterService.exe
    c:\windows\System32\rundll32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\program files\Secunia\PSI\psi.exe
    c:\windows\System32\conime.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Brother\ControlCenter3\BrccMCtl.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Brother\Brmfcmon\BrMfcMon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-24 19:10:46 - machine was rebooted [Owner]
    ComboFix-quarantined-files.txt 2009-01-24 09:10:33

    Pre-Run: 232,033,406,976 bytes free
    Post-Run: 231,896,760,320 bytes free

    266 --- E O F --- 2009-01-24 06:44:05
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    no sign of it there so they are just harmless left overs that only spybot worries about


    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click *START* then *RUN*
    * Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.
    [​IMG]


    then
    Turn off system restore by following instructions here
    for XP http://www.thespykiller.co.uk/index.php?page=8
    or for Vista http://www.bleepingcomputer.com/tutorials/tutorial143.html

    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  11. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    Hi, I looked at the bleeping computers site but couldn't find anything there relating to turning off "system restore". I got as far as uninstalling combo fix but no further. Is there a simple way of turning off system restore?None of the manuals on Vista mention anything about turning it off and on.
    Thanks for the help so far.
     
  12. clentfer

    clentfer Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    9
    Updating my last panic reaction. I enroled at the site and found the answer I needed concerning system restore. Have done all that you recommended and am now back to normal. Many, many thanks for your help, understanding and patience. It was much appreciated.
    Clentfer
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/792774