Windows Internet Explorer: Cannot find the 'file:///"...

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

1 2 3 >

Windows Internet Explorer: Cannot find the 'file:///"...

Options

Kodie71448 View Member Profile	Jun 23 2009, 09:55 PM Post #1
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	I hope this is the right forum. Help with this will be greatly appreciated. Every time I turn on the computer a box titled Windows Internet Explorer displays the following message "Cannot find the 'file:\\\". Make sure the path or Internet Address correct." In addition, I am receiving error messages that state " (program) has encountered a problem and needs to close." The programs include RegCure, IE, and AdAware. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:04 PM, on 6/23/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Search - ?p=ZUfox000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 9406 bytes

sempai View Member Profile	Jun 27 2009, 02:11 PM Post #2
Bleepin Pinoy Group: HJT Senior Classmen Posts: 1,501 Joined: 30-June 06 From: 3 Stars and the Sun Member No.: 74,094	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- He that can have PATIENCE can have what he will. - Benjamin Franklin Please don't PM asking for support. Post on the Forums instead.

Kodie71448 View Member Profile	Jun 27 2009, 09:54 PM Post #3
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	I am still having the same message when I turn on the computer. It is very slow loading, but once it gets on the internet, it's ok. If I try to open more than 3 things it freezes. Here is the notepad document from DDS. DDS (Ver_09-06-26.01) - NTFSx86 Run by Compaq_Owner at 22:40:21.50 on Sat 06/27/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.157 [GMT -4:00] AV: Norton AntiVirus On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: iolo AntiVirus® On-access scanning disabled (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014} FW: Norton AntiVirus enabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: iolo Personal Firewall® disabled {38254411-9AEC-4967-913E-F892C2A4DF89} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe" mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRunOnce: [symPCCheckup] IE: &Search - ?p=ZUfox000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\7n4ren08.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071500000347.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-23 64160] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090627.006\NAVENG.SYS [2009-6-27 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090627.006\NAVEX15.SYS [2009-6-27 876144] R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-25 149864] R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-25 149864] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344] R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-25 149864] R4 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?] R4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-20 1245064] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] SUnknown MyWebSearchService;MyWebSearchService; [x] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-06-27 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner 2009-06-27 17:02 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0 2009-06-23 21:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-06-23 14:40 457,248 a------- c:\windows\system32\NVUNINST.EXE 2009-06-23 14:40 <DIR> --d----- C:\NVIDIA 2009-06-23 14:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-23 14:09 <DIR> --dsh--- c:\documents and settings\compaq_owner\IETldCache 2009-06-23 13:59 102,912 -------- c:\windows\system32\dllcache\iecompat.dll 2009-06-23 13:59 <DIR> --d----- c:\windows\ie8updates 2009-06-23 13:58 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-23 13:54 <DIR> -cd-h--- c:\windows\ie8 2009-06-23 00:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-06-23 00:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-22 23:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure 2009-06-22 23:25 <DIR> --d----- c:\program files\filehippo.com 2009-06-22 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-22 00:06 <DIR> --d----- c:\program files\Enigma Software Group 2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll 2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll 2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll 2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe 2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe 2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll 2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml 2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll 2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll 2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin 2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll 2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll 2009-05-28 23:52 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys 2009-05-28 23:52 59,264 a------- c:\windows\system32\dllcache\usbaudio.sys ==================== Find3M ==================== 2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll 2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 06:03 8,087,712 a------- c:\windows\system32\dllcache\nv4_mini.sys 2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll 2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll 2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe 2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll 2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll 2009-06-04 23:45 36,204 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll 2009-05-07 11:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 17:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2009-04-28 05:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys 2009-04-17 05:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 11:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll 2007-04-16 19:12 359,112 ac------ c:\program files\LimeWireWin.exe 2007-04-15 17:31 260,239 a------- c:\program files\hhctrl.zip 2007-04-10 14:59 2,185,609 a------- c:\program files\tsc.zip 2007-01-26 22:07 774,144 ac------ c:\program files\RngInterstitial.dll 2007-01-05 12:56 2,855,080 a------- c:\program files\aawsepersonal.exe ============= FINISH: 22:41:46.53 =============== Should I attach the second notepad document that says, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT" ? Thanks.

farbar View Member Profile	Jun 29 2009, 12:56 PM Post #4
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi Kodie71448, Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem. Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult. QUOTE Should I attach the second notepad document that says, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT" ? Thanks. Yes please copy and paste the content instead of attaching it. -------------------- This is a voluntary free service. However, if you would like to donate click on

farbar View Member Profile	Jun 29 2009, 05:31 PM Post #6
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Thanks for the log. You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds. First disable TeaTimer: Run Spybot-S&D Go to the Mode menu, and make sure Advanced Mode is selected On the left hand side, choose Tools -> Resident Uncheck Resident TeaTimer and OK any prompts Restart your computer. Instruction is also here: How to disable TeaTimer during HijackThis Cleanup Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As"). Doubleclick ResetTeaTimer.exe and let it run. Note: The Teatimer should be kept disabled until I give you the clean sign. Please download Malwarebytes' Anti-Malware from one of these locations: malwarebytes.org majorgeeks.com Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the MBAM log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. I see iolo System Mechanic and firewall entries on the log, but I don't see any iolo product on the program list. Tell me if you are still using iolo system Mechanic or firewall. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kodie71448 View Member Profile	Jun 29 2009, 08:50 PM Post #7
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	I do not use Iolo. I tried to delete the program a long time ago, but didn't know how to get it off completely. Prior to your first response, I disabled some start-up programs which has improved the speed. The window about Internet Explorer (which I don't use, I use Firefox) still came up when the computer restarted after the mbam scan. I think I disabled the teatimer thing correctly: when the black window came up it said something like teatimer and spybot must be stopped. Press any key to continue. I pressed a key, it said it was finished, and then I closed the window. Malwarebytes' Anti-Malware 1.38 Database version: 2353 Windows 5.1.2600 Service Pack 2 6/29/2009 9:36:55 PM mbam-log-2009-06-29 (21-36-55).txt Scan type: Quick Scan Objects scanned: 89356 Time elapsed: 7 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\tsc\tsc.exe (Rogue.Total.Security) -> Quarantined and deleted successfully. c:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

farbar View Member Profile	Jun 30 2009, 12:43 AM Post #8
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	QUOTE I do not use Iolo. I tried to delete the program a long time ago, but didn't know how to get it off completely. It has changed some file associations and a couple of entries which effect both startup and internet connection. We need to remove them but before removing them one by one I would like to see the uninstall is a complete one. Can you install and uninstall it via Add/Remove programs or you have already done that? -------------------- This is a voluntary free service. However, if you would like to donate click on

Kodie71448 View Member Profile	Jun 30 2009, 02:20 PM Post #9
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	I uninstalled it through add/remove programs a long time ago, so it doesn't show up there, and the original disk is long gone.

farbar View Member Profile	Jun 30 2009, 02:50 PM Post #10
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	OK we will remove them manually. Please perform the steps fully and in the order they are written. Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line. sc stop ioloDMV sc delete ioloDMV A window will flash, it is normal. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE) Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Let's run ComboFix. Please run it just once. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE) Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply. Download LSPFix.zip to a convenient location and unzip the file. Please double-click LSPFix.exe. Under Keep section select only iFW_Xfilter.dll and press >> to to move it to Remove section. Check the "I know what I'm doing" button. click "Finish>>" then reboot your computer. Edited: Added download link for LSPFix. This post has been edited by farbar: Jun 30 2009, 06:47 PM -------------------- This is a voluntary free service. However, if you would like to donate click on

Kodie71448 View Member Profile	Jun 30 2009, 06:45 PM Post #11
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	I have a new problem. I can't run ComboFix because Norton Antivirus will not open for me to disable it and there is no right-click option to disable it. I've come at it a hundred different directions and it won't open. When I googled "Norton Antivirus won't open" I found that this is a common problem. Should I uninstall it? I don't have the NortonAV disc anymore in order to reinstall it, but I guess I could install AVG instead? Thanks

farbar View Member Profile	Jun 30 2009, 06:55 PM Post #12
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	It could be the work of malware. We will keep Norton. Please run ComboFix with this command. If you get a notification make sure you allow ComboFix to connect to internet to download the Recovery Console. The ComboFix should be located on your desktop. Go to Start => Run => Copy and paste the following in the run box and click OK. "%userprofile%\desktop\combofix.exe" /killall When it gives you the notification about Norton click Yes to continue. This post has been edited by farbar: Jun 30 2009, 06:56 PM -------------------- This is a voluntary free service. However, if you would like to donate click on

Kodie71448 View Member Profile	Jun 30 2009, 08:23 PM Post #13
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	Here is the combofix log. ComboFix 09-06-29.07 - Compaq_Owner 06/30/2009 20:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.216 [GMT -4:00] Running from: c:\documents and settings\Compaq_Owner\desktop\combofix.exe Command switches used :: /killall AV: iolo AntiVirus® On-access scanning disabled (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014} AV: Norton AntiVirus On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: iolo Personal Firewall® disabled {38254411-9AEC-4967-913E-F892C2A4DF89} FW: Norton AntiVirus enabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf D:\Desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 ))))))))))))))))))))))))))))))) . 2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-06-30 01:24 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-30 01:24 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-29 20:36 . 2009-06-29 20:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-29 00:57 . 2009-06-29 00:57 1685856 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe 2009-06-27 21:03 . 2009-06-27 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-06-24 01:19 . 2009-06-23 04:25 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-23 18:40 . 2009-06-04 20:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-23 18:40 . 2009-06-23 18:40 -------- d-----w- C:\NVIDIA 2009-06-23 18:33 . 2009-06-23 18:33 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-23 18:27 . 2009-06-23 18:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-23 18:09 . 2009-06-23 18:09 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache 2009-06-23 17:59 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-23 17:59 . 2009-06-23 17:59 -------- d-----w- c:\windows\ie8updates 2009-06-23 17:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-23 17:57 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-23 17:54 . 2009-06-23 17:57 -------- dc-h--w- c:\windows\ie8 2009-06-23 04:26 . 2009-06-23 04:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-23 04:24 . 2009-06-23 04:24 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-23 04:24 . 2009-06-23 04:24 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-23 04:21 . 2009-06-23 20:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-23 04:21 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-23 03:37 . 2009-06-23 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2009-06-23 03:25 . 2009-06-23 03:25 -------- d-----w- c:\program files\filehippo.com 2009-06-23 03:12 . 2009-06-23 03:12 -------- d-----w- c:\program files\Safari 2009-06-23 03:08 . 2009-06-23 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-23 03:03 . 2009-06-23 03:04 -------- d-----w- c:\program files\QuickTime 2009-06-23 02:54 . 2009-06-23 02:54 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-22 04:06 . 2009-06-22 04:06 -------- d-----w- c:\program files\Enigma Software Group 2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-06-16 06:35 . 2009-06-29 00:57 4183416 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-30 23:14 . 2007-11-03 13:43 -------- d-----w- c:\program files\Norton Security Scan 2009-06-30 23:14 . 2006-05-06 21:52 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 01:36 . 2007-04-10 18:59 -------- d-----w- c:\program files\tsc 2009-06-29 03:22 . 2007-07-15 05:21 36192 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2009-06-29 00:57 . 2009-05-13 22:22 127872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\uninstall.exe 2009-06-29 00:57 . 2007-03-29 00:49 -------- d--h--w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks 2009-06-27 21:29 . 2007-05-15 23:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue 2009-06-27 20:46 . 2007-10-09 04:28 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 04:53 . 2007-08-24 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-25 03:36 . 2007-08-24 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-24 02:30 . 2006-05-06 21:18 -------- d-----w- c:\program files\Real 2009-06-24 02:30 . 2006-05-06 21:18 -------- d-----w- c:\program files\Common Files\Real 2009-06-24 02:00 . 2006-08-05 19:36 -------- d-----w- c:\program files\Trend Micro 2009-06-23 18:32 . 2006-05-06 20:59 -------- d-----w- c:\program files\Java 2009-06-23 04:20 . 2007-01-05 16:57 -------- d-----w- c:\program files\Lavasoft 2009-06-23 03:37 . 2008-08-19 21:28 -------- d-----w- c:\program files\RegCure 2009-06-23 03:32 . 2008-02-27 04:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer 2009-06-23 03:28 . 2008-01-30 19:33 -------- d-----w- c:\program files\CCleaner 2009-06-23 03:09 . 2008-10-29 22:03 -------- d-----w- c:\program files\iTunes 2009-06-23 03:09 . 2008-02-27 04:33 -------- d-----w- c:\program files\iPod 2009-06-23 03:09 . 2008-06-02 13:05 -------- d-----w- c:\program files\Common Files\Apple 2009-06-10 10:03 . 2006-05-06 21:10 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 10:03 . 2006-05-06 21:10 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 10:03 . 2006-05-06 21:10 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 10:03 . 2006-05-06 21:10 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 10:03 . 2006-05-06 21:10 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 10:03 . 2006-05-06 21:10 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 10:03 . 2006-05-06 21:10 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-07 03:45 . 2009-05-27 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2009-05-27 19:43 . 2009-05-27 19:26 140839968 ----a-w- c:\documents and settings\All Users\Application Data\Rosetta Stone\Updates\Download\Update.exe 2009-05-27 17:28 . 2009-05-27 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-05-27 17:27 . 2009-05-27 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-05-27 17:25 . 2009-05-27 17:25 -------- d-----w- c:\program files\Rosetta Stone 2009-05-17 16:16 . 2009-05-17 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comcast 2009-05-13 22:22 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll 2009-05-13 16:07 . 2009-05-13 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2009-05-13 16:05 . 2009-05-13 16:02 -------- d-----w- c:\program files\Common Files\SupportSoft 2009-05-13 16:04 . 2009-05-13 16:04 -------- d-----w- c:\program files\Comcast 2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\program files\ComcastUI 2009-05-13 05:15 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 14:50 . 2008-12-06 15:37 -------- d-----w- c:\program files\NCH Swift Sound 2009-05-09 14:48 . 2007-04-16 23:16 -------- d-----w- c:\program files\LimeWire 2009-05-07 15:44 . 2004-08-04 04:00 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 09:58 . 2004-08-04 04:00 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-04 04:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-04-16 23:12 . 2007-04-16 23:12 359112 -c--a-w- c:\program files\LimeWireWin.exe 2007-04-15 21:31 . 2007-04-15 21:31 260239 ----a-w- c:\program files\hhctrl.zip 2007-04-10 18:59 . 2007-04-10 18:59 2185609 ----a-w- c:\program files\tsc.zip 2007-01-27 02:07 . 2007-01-27 02:07 774144 -c--a-w- c:\program files\RngInterstitial.dll 2007-01-05 16:56 . 2007-01-05 16:56 2855080 ----a-w- c:\program files\aawsepersonal.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] "Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-23 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\documents and settings\Compaq_Owner\Application Data\iolo\\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] backup=c:\windows\pss\Compaq Connections.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Symantec Core LC"=3 (0x3) "sprtsvc_ddoctorv2"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "NVSvc"=2 (0x2) "MrHealthyService"=2 (0x2) "MDM"=2 (0x2) "LiveUpdate Notice"=2 (0x2) "LiveUpdate"=3 (0x3) "Lavasoft Ad-Aware Service"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "ioloDMV"=2 (0x2) "IDriverT"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Automatic LiveUpdate Scheduler"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ADVService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/23/2009 12:26 AM 64160] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:01 PM 101936] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344] S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [1/25/2008 9:47 PM 149864] S4 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:25] 2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job - c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 14:05] 2009-06-24 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job - c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10] 2009-06-28 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job - c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10] 2009-06-30 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] 2009-07-01 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-07-01 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-06-23 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] . . ------- Supplementary Scan ------- . uStart Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - ?p=ZUfox000 LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7n4ren08.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-30 21:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1568) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\HPZipm12.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2009-07-01 21:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-01 01:15 Pre-Run: 90,150,023,168 bytes free Post-Run: 90,177,011,712 bytes free 274 --- E O F --- 2009-06-28 15:24

farbar View Member Profile	Jul 1 2009, 01:37 AM Post #14
Bleeping Curious Group: HJT Team Posts: 7,102 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Well done. iolo has changed your BootExecute and we need to repair it. Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected. Copy and paste the text in code box into it. CODE REGEDIT4 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ 00,00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\list] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\list] Save the file to the desktop as regfix.reg Make sure the Save as type field says All files. Locate regfix.reg on the desktop and double-click on it and confirm. A window pops up asking if you are sure to add the file to the registry. Click Yes. You get another window popup saying that regfix.reg successfully added to the registry. Note: You have to turn off any registry protector software you have in order the changes to be taken place. Again iolo has changed some file associations. To repair them ownload System Repair Engineer (SREng2.zip) Extract it to Desktop and double click SREngLdr.EXE to run it Select System Repair from the left pane. Click on File Association Select all entries that has an Error status click [Repair] Refer to this image for an example: In your case, it would be .JS Close SREng now. You have the latest version of Java (6 update 14) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components: Click "start" and then "Control Panel" icon. Doubleclick the "Add or Remove Programs" icon A list of programs installed will be "populated" this may take a bit of time. Uninstall the following by clicking on the following entries and selecting "remove": Java™ 6 Update 2 Java™ 6 Update 3 Java™ SE Runtime Environment 6 Update 1 Please copy and paste a fresh Hijackthis log to your reply. Tell me also how is you computer running. Edit: Repaired the link. This post has been edited by farbar: Jul 1 2009, 11:01 AM -------------------- This is a voluntary free service. However, if you would like to donate click on

Kodie71448 View Member Profile	Jul 1 2009, 10:27 AM Post #15
Member Group: Members Posts: 18 Joined: 22-June 09 Member No.: 344,625	Thank you for the fixes. I am still having a box pop-up titled Windows Internet Explorer that says "Cannot find the 'file:///". Make sure the path or Internet address is correct. Do you know why it is doing that? Otherwise, the computer is running smoothly now. Here is my new HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:06 AM, on 7/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\RegCure\RegCure.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Search - ?p=ZUfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5979 bytes

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 08:43 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides