Page 2 of 10 FirstFirst 123456 ... LastLast
Results 11 to 20 of 97

Thread: Search redirect problem

  1. #11
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    FYI, I double checked the log entries to the original txt file and it is all there over the multiple posts.

  2. #12
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    I see that you have both AdWatch Antivirus and Avast running on your system. Having more than one antivirus is asking for problems such as conflicts, lack of protection and more. We need to remove one. Let me know which one you would like to remove and I will provide the tool to do so.
    ----------

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      ClearJavaCache::
      
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "9999:UDP"=-
      "2804:TCP"=-
      
      RegLock::
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

  3. #13
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    Hi Jeff,

    I thought Ad-Aware was a different program than Avast and that Avast was the antivirus. Told ya I don't a lot. I suppose I will keep Avast, unless you can disagree with conviction that I should keep the Ad-Aware because it doesn't matter to me I don't know if one is "better" than the other. I do like the Ad-Aware toolbar at the top of the page. I have only seen it turn red when I went to the "redirected page" and the first time I am sure I might not have noticed it.

    Something happened this morning, I am not able to refresh and connect to the iTunes radio - it gives a pop up window with "opening URL" and the green meter runs, but it doesn't do anything after that. There has been for some time another window that opens which I took a picture of, it is attached – I have clicked OK and then I can open iTunes so it never bothered me-I can burn CD’s on a USB burner, the DVD drive has not work ever that I remember.

    Anyway I know you are just dealing with the issue. I only mention this as it might be related. Thanks!


    Log:

    ComboFix 12-04-22.01 - Owner 04/23/2012 7:20.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.524 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-21 17:31 . 2012-04-21 17:31 -------- d-----w- c:\program files\ERUNT
    2012-04-21 02:45 . 2012-04-21 02:45 -------- d-----w- c:\program files\PC Tools
    2012-04-21 02:30 . 2012-04-21 03:23 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-04-21 02:30 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-04-21 02:30 . 2012-04-21 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-04-21 02:30 . 2012-04-21 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
    2012-03-30 02:19 . 2012-03-30 02:19 -------- d-----w- c:\program files\iPod
    2012-03-30 02:19 . 2012-03-30 02:20 -------- d-----w- c:\program files\iTunes
    2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 22:56 . 2010-12-27 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-06 23:15 . 2011-06-11 12:26 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-06-11 12:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:03 . 2011-06-14 22:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:03 . 2011-06-14 22:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2011-06-14 22:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-03-06 23:01 . 2011-06-14 22:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-06-14 22:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-03-06 23:01 . 2011-06-14 22:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-03-06 23:01 . 2011-06-14 22:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-06 22:58 . 2011-06-14 22:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-03-01 11:01 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-21 05:56 . 2011-05-14 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-13 05:51 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-03-18 20:06 . 2011-03-23 18:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-22_20.07.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-23 13:23 . 2012-04-23 13:23 16384 c:\windows\Temp\Perflib_Perfdata_8d4.dat
    + 2008-06-05 23:52 . 2012-04-23 13:26 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-05 23:52 . 2012-04-16 06:34 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-05 23:52 . 2012-04-23 13:26 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-06-05 23:52 . 2012-04-16 06:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-04-23 13:26 . 2012-04-23 13:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2011-06-23 22:00 . 2012-04-16 06:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-04-23 13:23 . 2012-04-23 13:23 311296 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000002\UsrClass.dat
    + 2012-04-23 13:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-23-2012\ERDNT.EXE
    + 2012-04-23 13:23 . 2012-04-23 13:23 33021952 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000001\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-9-23 49254]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\adawaretb\\dtUser.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/3/2011 1:06 PM 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2011 3:17 PM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2011 3:17 PM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2011 3:17 PM 20696]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152152]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
    S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2008 1:55 PM 2944]
    S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2008 1:52 PM 61952]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2008 1:55 PM 11008]
    S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2008 1:55 PM 10368]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
    S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
    S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
    S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
    S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
    S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
    S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
    S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [6/5/2008 4:56 PM 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [6/5/2008 4:57 PM 362944]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - uphcleanhlp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
    .
    2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: microsoft.com\office
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-23 07:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2108)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-04-23 07:37:58
    ComboFix-quarantined-files.txt 2012-04-23 14:37
    ComboFix2.txt 2012-04-22 20:12
    ComboFix3.txt 2011-06-21 19:46
    .
    Pre-Run: 48,071,524,352 bytes free
    Post-Run: 48,043,524,096 bytes free
    .
    - - End Of File - - 8C08749B0393E36D9B3A415B31A59BDB

  4. #14
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    Jeff,

    No way to edit the post and I forgot the screenshot and I don't know how to insert or attach a .bmp file --- it says:

    The registry settings used by the iTunes drivers for importing and
    burning CDs and DVDs are missing, This can happen as a result
    of installing other CD burning software. Please reinstall iTunes.



    Thank you,

    Michael

  5. #15
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    We can work on the iTunes problem once we get the malware problems resolved.
    ----------

    Good choice on keeping Avast. That is the antivirus that I use myself. Go ahead and remove the Ad-Watch Live using Start >> Control Panel >> Add/Remove Programs.
    ----------

    I see that you have Malwarebytes on your computer. Please open Malwarebytes, update it and then run a Quick Scan. There will be a log created that I will need in your next reply.
    ----------

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on:
    • [quote]Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    ----------

    In your next reply please post the logs made by Malwarebytes and ESET online scanner.

  6. #16
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    Hi Jeff,

    Okay wow! That took some time. Just as a matter of mentioning, I have Windows firewall and there is a fire wall on the "community" router. Don't know if that is any good or not. Here are the logs you ask for, again thank you very much!

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.23.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: MICHAEL-9L4P8YF [administrator]

    4/23/2012 5:40:36 PM
    mbam-log-2012-04-23 (17-40-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235373
    Time elapsed: 16 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=713eb54ce34de54aafdef6c252c9d5f4
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-04-24 02:53:27
    # local_time=2012-04-23 07:53:27 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 68874138 68874138 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=100573
    # found=3
    # cleaned=0
    # scan_time=5457
    C:\Documents and Settings\Owner\Desktop\csps42full.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I

  7. #17
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    The firewall I don't believe is a problem.
    ----------

    LOL!! Sometimes the online scans will take some time to finish.
    ----------

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      File::
      C:\Documents and Settings\Owner\Desktop\csps42full.exe	
      C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe	
      C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    In your next reply post the log made by ComboFix and let me know how your system is running now.

  8. #18
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    Hi,

    Ok that scan was a little quicker!!!

    Here is the log:

    ComboFix 12-04-22.01 - Owner 04/24/2012 9:28.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.394 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\documents and settings\Owner\Desktop\csps42full.exe"
    "c:\documents and settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe"
    "c:\documents and settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-21 17:31 . 2012-04-21 17:31 -------- d-----w- c:\program files\ERUNT
    2012-04-21 02:45 . 2012-04-21 02:45 -------- d-----w- c:\program files\PC Tools
    2012-04-21 02:30 . 2012-04-21 03:23 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-04-21 02:30 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-04-21 02:30 . 2012-04-21 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-04-21 02:30 . 2012-04-21 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
    2012-03-30 02:19 . 2012-03-30 02:19 -------- d-----w- c:\program files\iPod
    2012-03-30 02:19 . 2012-03-30 02:20 -------- d-----w- c:\program files\iTunes
    2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 22:56 . 2010-12-27 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-06 23:15 . 2011-06-11 12:26 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-06-11 12:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:03 . 2011-06-14 22:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:03 . 2011-06-14 22:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2011-06-14 22:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-03-06 23:01 . 2011-06-14 22:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-06-14 22:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-03-06 23:01 . 2011-06-14 22:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-03-06 23:01 . 2011-06-14 22:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-06 22:58 . 2011-06-14 22:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-03-01 11:01 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-21 05:56 . 2011-05-14 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-13 05:51 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-03-18 20:06 . 2011-03-23 18:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-22_20.07.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-24 12:57 . 2012-04-24 12:57 16384 c:\windows\Temp\Perflib_Perfdata_460.dat
    + 2008-06-05 23:52 . 2012-04-23 13:26 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-05 23:52 . 2012-04-16 06:34 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-05 23:52 . 2012-04-23 13:26 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-06-05 23:52 . 2012-04-16 06:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-04-24 13:04 . 2012-04-24 13:04 311296 c:\windows\ERDNT\AutoBackup\4-24-2012\Users\00000002\UsrClass.dat
    + 2012-04-24 13:04 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-24-2012\ERDNT.EXE
    + 2012-04-23 13:23 . 2012-04-23 13:23 311296 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000002\UsrClass.dat
    + 2012-04-23 13:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-23-2012\ERDNT.EXE
    + 2012-04-24 13:04 . 2012-04-24 13:04 33021952 c:\windows\ERDNT\AutoBackup\4-24-2012\Users\00000001\ntuser.dat
    + 2012-04-23 13:23 . 2012-04-23 13:23 33021952 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000001\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-9-23 49254]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\adawaretb\\dtUser.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/3/2011 1:06 PM 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2011 3:17 PM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2011 3:17 PM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2011 3:17 PM 20696]
    S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2008 1:55 PM 2944]
    S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2008 1:52 PM 61952]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2008 1:55 PM 11008]
    S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2008 1:55 PM 10368]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
    S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
    S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
    S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
    S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
    S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
    S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
    S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [6/5/2008 4:56 PM 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [6/5/2008 4:57 PM 362944]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - uphcleanhlp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: microsoft.com\office
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-24 09:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(960)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-04-24 09:45:55
    ComboFix-quarantined-files.txt 2012-04-24 16:45
    ComboFix2.txt 2012-04-23 14:37
    ComboFix3.txt 2012-04-22 20:12
    ComboFix4.txt 2011-06-21 19:46
    .
    Pre-Run: 48,264,740,864 bytes free
    Post-Run: 48,236,412,928 bytes free
    .
    - - End Of File - - AD73269132D541192CAD91EE69D08FC7

  9. #19
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    So how is your system running?

  10. #20
    Member
    Join Date
    Apr 2012
    Posts
    63

    Default

    bingo!

    Searches yeild the correct links with a click! I am back home. Thank you thank you thank you!!!

    I still can not log onto iTunes radio -this morning I tried a few other means to get Internet radio and none of them work either -

    Any suggestions?

    FWIW, I am really amazed how you do this stuff, it is just amazing!

    Michael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •