BleepingComputer.com: Windows Internet Explorer: Cannot find the 'file:///"...

I do not use Iolo. I tried to delete the program a long time ago, but didn't know how to get it off completely. Prior to your first response, I disabled some start-up programs which has improved the speed. The window about Internet Explorer (which I don't use, I use Firefox) still came up when the computer restarted after the mbam scan. I think I disabled the teatimer thing correctly: when the black window came up it said something like teatimer and spybot must be stopped. Press any key to continue. I pressed a key, it said it was finished, and then I closed the window.

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 5.1.2600 Service Pack 2

6/29/2009 9:36:55 PM
mbam-log-2009-06-29 (21-36-55).txt

Scan type: Quick Scan
Objects scanned: 89356
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\tsc\tsc.exe (Rogue.Total.Security) -> Quarantined and deleted successfully.
c:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

Quote

It has changed some file associations and a couple of entries which effect both startup and internet connection. We need to remove them but before removing them one by one I would like to see the uninstall is a complete one.

Can you install and uninstall it via Add/Remove programs or you have already done that?

I uninstalled it through add/remove programs a long time ago, so it doesn't show up there, and the original disk is long gone.

OK we will remove them manually.

Please perform the steps fully and in the order they are written.

• Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.
  
  sc stop ioloDMV
  sc delete ioloDMV
  
  A window will flash, it is normal.
  
  
  
• Download ComboFix from one of these locations:
  
  Link 1
  Link 2
  Link 3
  
  * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    
  • Double click on ComboFix.exe & follow the prompts.
    
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    
  • Let's run ComboFix. Please run it just once. Download ComboFix from one of these locations:
    
    Link 1
    Link 2
    Link 3
    
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
      
    • Double click on ComboFix.exe & follow the prompts.
      
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    
    
    
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    
    
    
    Click on Yes, to continue scanning for malware.
    
    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.
    
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  
  
  
  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  Click on Yes, to continue scanning for malware.
  
  When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.
  
  
  
• Download LSPFix.zip to a convenient location and unzip the file.
  • Please double-click LSPFix.exe.
    
  • Under Keep section select only iFW_Xfilter.dll and press >> to to move it to Remove section.
    
  • Check the "I know what I'm doing" button.
    
  • click "Finish>>" then reboot your computer.

Edited: Added download link for LSPFix.

I have a new problem. I can't run ComboFix because Norton Antivirus will not open for me to disable it and there is no right-click option to disable it. I've come at it a hundred different directions and it won't open. When I googled "Norton Antivirus won't open" I found that this is a common problem. Should I uninstall it? I don't have the NortonAV disc anymore in order to reinstall it, but I guess I could install AVG instead? Thanks

It could be the work of malware. We will keep Norton.

Please run ComboFix with this command. If you get a notification make sure you allow ComboFix to connect to internet to download the Recovery Console.
The ComboFix should be located on your desktop.

Go to Start => Run => Copy and paste the following in the run box and click OK.

"%userprofile%\desktop\combofix.exe" /killall

When it gives you the notification about Norton click Yes to continue.

Here is the combofix log.

ComboFix 09-06-29.07 - Compaq_Owner 06/30/2009 20:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.216 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\desktop\combofix.exe
Command switches used :: /killall
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: iolo Personal Firewall® *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-06-30 01:24 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 01:24 . 2009-06-30 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 01:24 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 20:36 . 2009-06-29 20:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-29 00:57 . 2009-06-29 00:57 1685856 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-06-27 21:03 . 2009-06-27 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-24 01:19 . 2009-06-23 04:25 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-23 18:40 . 2009-06-04 20:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-23 18:40 . 2009-06-23 18:40 -------- d-----w- C:\NVIDIA
2009-06-23 18:33 . 2009-06-23 18:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 18:27 . 2009-06-23 18:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-23 18:09 . 2009-06-23 18:09 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2009-06-23 17:59 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-23 17:59 . 2009-06-23 17:59 -------- d-----w- c:\windows\ie8updates
2009-06-23 17:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-23 17:57 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-23 17:54 . 2009-06-23 17:57 -------- dc-h--w- c:\windows\ie8
2009-06-23 04:26 . 2009-06-23 04:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-23 04:24 . 2009-06-23 04:24 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-23 04:24 . 2009-06-23 04:24 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-23 04:21 . 2009-06-23 20:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-23 04:21 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-23 03:37 . 2009-06-23 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-23 03:25 . 2009-06-23 03:25 -------- d-----w- c:\program files\filehippo.com
2009-06-23 03:12 . 2009-06-23 03:12 -------- d-----w- c:\program files\Safari
2009-06-23 03:08 . 2009-06-23 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 03:03 . 2009-06-23 03:04 -------- d-----w- c:\program files\QuickTime
2009-06-23 02:54 . 2009-06-23 02:54 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-22 04:06 . 2009-06-22 04:06 -------- d-----w- c:\program files\Enigma Software Group
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-29 00:57 4183416 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 23:14 . 2007-11-03 13:43 -------- d-----w- c:\program files\Norton Security Scan
2009-06-30 23:14 . 2006-05-06 21:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-30 01:36 . 2007-04-10 18:59 -------- d-----w- c:\program files\tsc
2009-06-29 03:22 . 2007-07-15 05:21 36192 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-06-29 00:57 . 2009-05-13 22:22 127872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\uninstall.exe
2009-06-29 00:57 . 2007-03-29 00:49 -------- d--h--w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-06-27 21:29 . 2007-05-15 23:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue
2009-06-27 20:46 . 2007-10-09 04:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 04:53 . 2007-08-24 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 03:36 . 2007-08-24 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 02:30 . 2006-05-06 21:18 -------- d-----w- c:\program files\Real
2009-06-24 02:30 . 2006-05-06 21:18 -------- d-----w- c:\program files\Common Files\Real
2009-06-24 02:00 . 2006-08-05 19:36 -------- d-----w- c:\program files\Trend Micro
2009-06-23 18:32 . 2006-05-06 20:59 -------- d-----w- c:\program files\Java
2009-06-23 04:20 . 2007-01-05 16:57 -------- d-----w- c:\program files\Lavasoft
2009-06-23 03:37 . 2008-08-19 21:28 -------- d-----w- c:\program files\RegCure
2009-06-23 03:32 . 2008-02-27 04:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-06-23 03:28 . 2008-01-30 19:33 -------- d-----w- c:\program files\CCleaner
2009-06-23 03:09 . 2008-10-29 22:03 -------- d-----w- c:\program files\iTunes
2009-06-23 03:09 . 2008-02-27 04:33 -------- d-----w- c:\program files\iPod
2009-06-23 03:09 . 2008-06-02 13:05 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 10:03 . 2006-05-06 21:10 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2006-05-06 21:10 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2006-05-06 21:10 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2006-05-06 21:10 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2006-05-06 21:10 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2006-05-06 21:10 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2006-05-06 21:10 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-07 03:45 . 2009-05-27 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-05-27 19:43 . 2009-05-27 19:26 140839968 ----a-w- c:\documents and settings\All Users\Application Data\Rosetta Stone\Updates\Download\Update.exe
2009-05-27 17:28 . 2009-05-27 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-27 17:27 . 2009-05-27 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-27 17:25 . 2009-05-27 17:25 -------- d-----w- c:\program files\Rosetta Stone
2009-05-17 16:16 . 2009-05-17 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comcast
2009-05-13 22:22 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-13 16:07 . 2009-05-13 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-13 16:05 . 2009-05-13 16:02 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-05-13 16:04 . 2009-05-13 16:04 -------- d-----w- c:\program files\Comcast
2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\program files\ComcastUI
2009-05-13 05:15 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 14:50 . 2008-12-06 15:37 -------- d-----w- c:\program files\NCH Swift Sound
2009-05-09 14:48 . 2007-04-16 23:16 -------- d-----w- c:\program files\LimeWire
2009-05-07 15:44 . 2004-08-04 04:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2004-08-04 04:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 04:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-04-16 23:12 . 2007-04-16 23:12 359112 -c--a-w- c:\program files\LimeWireWin.exe
2007-04-15 21:31 . 2007-04-15 21:31 260239 ----a-w- c:\program files\hhctrl.zip
2007-04-10 18:59 . 2007-04-10 18:59 2185609 ----a-w- c:\program files\tsc.zip
2007-01-27 02:07 . 2007-01-27 02:07 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-01-05 16:56 . 2007-01-05 16:56 2855080 ----a-w- c:\program files\aawsepersonal.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-23 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Compaq_Owner\Application Data\iolo\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MrHealthyService"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ioloDMV"=2 (0x2)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ADVService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/23/2009 12:26 AM 64160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:01 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [1/25/2008 9:47 PM 149864]
S4 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:25]

2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2009-06-24 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-06-28 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-06-30 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]

2009-07-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-01 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZUfox000
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7n4ren08.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 21:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-01 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 01:15

Pre-Run: 90,150,023,168 bytes free
Post-Run: 90,177,011,712 bytes free

274 --- E O F --- 2009-06-28 15:24

Well done.

• iolo has changed your BootExecute and we need to repair it. Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
  Copy and paste the text in code box into it.
  
  

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
  00,00
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\list]
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\list]

  • Save the file to the desktop as regfix.reg
    
  • Make sure the Save as type field says All files.
    
  • Locate regfix.reg on the desktop and double-click on it and confirm.
    
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    
  • You get another window popup saying that regfix.reg successfully added to the registry.
  Note: You have to turn off any registry protector software you have in order the changes to be taken place.
  
  
  
• Again iolo has changed some file associations. To repair them ownload System Repair Engineer (SREng2.zip)
  • Extract it to Desktop and double click SREngLdr.EXE to run it
    
  • Select System Repair from the left pane.
    
  • Click on File Association
    
  • Select all entries that has an Error status click [Repair]
    
  • Refer to this image for an example:
    
    
    
  • In your case, it would be .JS
    
  • Close SREng now.
  
  
  
• You have the latest version of Java (6 update 14) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
  Click "start" and then "Control Panel" icon.
  Doubleclick the "Add or Remove Programs" icon
  A list of programs installed will be "populated" this may take a bit of time.
  Uninstall the following by clicking on the following entries and selecting "remove":
  
  Java™ 6 Update 2
  Java™ 6 Update 3
  Java™ SE Runtime Environment 6 Update 1
  
  
  
  
• Please copy and paste a fresh Hijackthis log to your reply. Tell me also how is you computer running.

Edit: Repaired the link.

Thank you for the fixes. I am still having a box pop-up titled Windows Internet Explorer that says "Cannot find the 'file:///". Make sure the path or Internet address is correct. Do you know why it is doing that? Otherwise, the computer is running smoothly now. Here is my new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:06 AM, on 7/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZUfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5979 bytes