suspected nasties - please take a look @ log

[cduval04]

Hi I am fairly good at keeping my computer clean..infact kind of obsessive about it..I am a 5th year IT major so I like to uphold my reputation and keep my computers tidy .but I think I may have a few nasties that are going undetected and causing ie to crash.

right now ie crashing is my only symptom (only ie firefox works fine). I am thinking maybe just a malicious add on? I tried running ie with no add ons and that worked for a few minutes but then crashed again. it crashes right when I open the browser. After that I tried upgrading from ie 7 to 8 .I scanned with windows defender, superantispyware, and nod32. Yes all these malware programs are installed on my computer, but only one has realtime protection, the other 2 are just used as scanners, since one program doesn't always pick up everything.

so could someone out there with malware detection experience please help me and take a look at my log below?

any help would be appreciated. thanks!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Carlie at 0:18:50.21 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2442 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Carlie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {1C67BD5F-A9EA-4FD0-A1D8-0AD71E86D48A} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [updateMgr] c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
uRun: [AutoplayDevice] regsvr32 /s /u "c:\users\carlie\appdata\local\autoplay\AutoplayDevice.dll"
uRun: [PrinterQueueViewClass] regsvr32 /s /u "c:\users\carlie\appdata\local\printerqueueview\PrinterQueueViewClass.dll"
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\carlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {8203C137-0225-4E8B-9533-7660BBE26B9C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: IASAttribute - {a24f7021-26f6-4dd6-96EC-049F4764aba5} - c:\program files\common files\ias\IASAttribute.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\carlie\appdata\roaming\mozilla\firefox\profiles\3n1xbgdu.default\
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2ba5baa4\AEstSrv.exe [2008-9-23 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-2-29 1053944]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-2-29 548352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-9-25 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-23 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-23 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-23 277624]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-06-29 23:57 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 23:02 <DIR> --d----- c:\users\carlie\appdata\roaming\CleanMyPC Software
2009-06-29 23:02 <DIR> --d----- c:\program files\CleanMyPC
2009-06-29 21:42 1,852,416 a------- c:\windows\system32\wisoutlit.dll
2009-06-29 21:42 <DIR> --d----- c:\program files\wisco
2009-06-29 20:45 <DIR> --d----- c:\users\carlie\appdata\roaming\R-Mail for Outlook
2009-06-29 20:45 <DIR> --d----- c:\program files\R-Mail for Outlook
2009-06-29 20:42 <DIR> --d----- c:\program files\MunSoft
2009-06-29 19:52 <DIR> --d----- c:\users\carlie\appdata\roaming\GetRightToGo
2009-06-29 19:12 <DIR> --d----- c:\program files\common files\IAS
2009-06-29 13:10 <DIR> --d----- c:\program files\Recovery Toolbox for Excel
2009-06-29 12:59 <DIR> --d----- c:\program files\MSECache
2009-06-29 03:12 2,048 a------- c:\windows\system32\tzres.dll
2009-06-28 17:42 <DIR> --d----- c:\program files\BodyMedia
2009-06-28 17:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-28 17:30 <DIR> a-d----- c:\programdata\TEMP
2009-06-28 15:27 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-28 15:27 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-28 15:27 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-28 15:27 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-28 15:27 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-28 15:23 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-28 15:23 296,960 a------- c:\windows\system32\gdi32.dll
2009-06-28 15:23 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-28 15:23 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-28 15:23 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-28 15:23 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-06-28 15:23 38,912 a------- c:\windows\system32\xolehlp.dll
2009-06-28 15:23 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-06-28 15:23 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-28 15:23 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-06-28 15:21 2,868,736 a------- c:\windows\system32\mf.dll
2009-06-28 15:21 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-28 15:21 94,720 a------- c:\windows\system32\logagent.exe
2009-06-28 15:21 1,645,568 a------- c:\windows\system32\connect.dll
2009-06-28 15:21 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-28 15:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-28 15:12 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-28 15:12 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-28 15:12 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-28 15:12 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-28 17:42 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-28 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-06-28 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2008-09-24 20:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:19:11.75 ===============

[Ried]

Hello and welcome,

HijackThis is no longer the preferred initial scanning tool in this forum. With today's malware, more comprehensive set of logs is required to determine the presence of malware.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

[cduval04]

I did realize this and have edited my original post above with the appropriate logs in the sticky. thanks.

[Ried]

Ah, please don't edit. You edited while I was trying to reply, and I wouldn't have been notified of an edit.

I'll review your logs shortly.

[Ried]

Hi cduval04,

I'm not seeing any malware in the logs. Do you recall what was done on the system shortly before IE began the crashes? Was there a Windows Update or update of any software that you have installed?

If not, then let's see if an online scan picks up on anything. You can use Firefox for this scanner.

It can take some time, so please be patient and allow it to run it's full course:


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[cduval04]

sorry about the editing thing...just saw that..the kapersky scan did find a few things..dont know if they are related to the ie programs.

I have noticed another problem...someone else posted about the same problem recently..in firefox..about half my google searches, when I click on the result, redirects me to an advertising site, not the site a clicked on. it has happened in ie, but it happens a lot more in ff, which sux cuz firefox is my only useable browser right now. I have ff 3 and updated to ie 8 from 7 last night. (hoping it may fix things but no luck)

I also noticed in ff when I go to some sites it hangs forever while loading site site and down in the status bar it always says "transferring data from 74.55.39.45" no matter what site I go to. It never ends up loading.

I got the new windows malicious software removal tool during an update this morning and it said it removed Trojan:Win32/Alureon!inf. I looked up the info on it and one of the things it says it does is messes w/ your DNS settings. I tried ipconfig /flushdns in command prompt but it didn't seem to do anything.

so here is the log from the kapersky scan you requested:

thanks for all you people do!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 17:42:19
Records in database: 2406745
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 100089
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:52:22


File name / Threat name / Threats count
C:\Users\Carlie\Documents\install files2\General & App cleanup\PC-Decrapifier-1.8.3.exe Infected: Trojan.Win32.Starter.et 1
C:\Users\Carlie\Documents\install files2\multimedia\converters\FLV2Video_Install.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\Users\Carlie\Documents\install files2\multimedia\converters\FLV2Video_Install.exe Infected: Constructor.Win32.Lmir.ac 1
C:\Users\Carlie\Documents\install files2\multimedia\converters\FLV2Video_Install.exe Infected: Backdoor.Win32.Sheldor.aw 1

The selected area was scanned.

[Ried]

Hi cduval04,

Download HostsXpert.

• Unzip HostsXpert to it's own folder.
• Run HostsXpert.exe
• Click "Restore MS Hosts file" and then click OK.
• Close HostsXpert.
• Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

Any improvement?

[cduval04]

nope...did what you said and nothing...ie still crashes upon opening..and search engines still redirect more than 50% of the time...

the ip address that I mentioned..its in my history too..but when I go to it..it just takes me to a microsoft site...I would assume that site was the site I WANTED to go to when I searched for it, but it took me to some ad site instead..

i did a whois lookup on that ip and it is registered to planet internet services in houston tx...never heard of them..but I think they may be the partial or full cause of my redirects..

any other suggestions?? I really don't want to format...I have reimaged my hd a couple times from which I thought was a squeaky clean image...it is an image I created after a clean format and installed just a few programs (office, etc.) before making the image..I just made it so I could have my windows settings the way I like them and wouldn't have windows as "naked" upon formatting. have restored from this image in the past and never had a problem.

I do however, after reimaging or formatting..restore all of my recent files that I have modified since the last image from a couple removable usb hard drive..and one of the viruses that MS removed was a trojan that spreads through removable drives. maybe this is how I keep getting the problem after reimaging? should I try scanning my external HD's and see if anything is detected?

any other suggestions? thanks so much!

[Ried]

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

[cduval04]

here you go...

GooredFix by jpshortstuff (30.06.09)
Log created at 12:31 on 01/07/2009 (Carlie)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:57 30/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:38 30/06/2009]

-=E.O.F=-

thanks again!

[Ried]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Reboot the machine if ComboFix did not automatically reboot for you.

Please include the C:\ComboFix.txt in your next reply for further review.

[cduval04]

here you are...btw I don't know why it says that windows defender was enabled. I disabled it through system services before running the scan.

also..right after running combofix I lost my internet connection...it said "local access only" so I am doing a system restore for the time being..but the log produced after it scanned is below

ComboFix 09-07-01.01 - Carlie 07/01/2009 16:51.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2333 [GMT -4:00]
Running from: c:\users\Carlie\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 20:53 . 2009-07-01 20:53 -------- d-----w- c:\users\Carlie\AppData\Local\temp
2009-06-30 10:43 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 10:43 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-30 06:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-30 06:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-30 06:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-30 06:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-30 06:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-30 06:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-30 06:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-30 06:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-30 06:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-30 06:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-30 06:30 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-30 06:30 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-30 06:20 . 2009-06-30 06:20 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-30 05:27 . 2009-06-30 05:27 -------- d-----w- c:\windows\Sun
2009-06-30 03:58 . 2009-06-30 03:58 -------- d-----w- c:\users\Carlie\AppData\Local\Mozilla
2009-06-30 03:57 . 2009-06-30 03:57 -------- d-----w- c:\program files\Trend Micro
2009-06-30 03:02 . 2009-06-30 03:02 -------- d-----w- c:\users\Carlie\AppData\Roaming\CleanMyPC Software
2009-06-30 03:02 . 2009-06-30 03:02 -------- d-----w- c:\program files\CleanMyPC
2009-06-30 01:42 . 2008-02-29 15:18 1852416 ----a-w- c:\windows\system32\wisoutlit.dll
2009-06-30 01:42 . 2009-06-30 01:42 -------- d-----w- c:\program files\wisco
2009-06-30 00:45 . 2009-06-30 00:45 -------- d-----w- c:\users\Carlie\AppData\Roaming\R-Mail for Outlook
2009-06-30 00:45 . 2009-06-30 00:45 -------- d-----w- c:\users\Carlie\AppData\Local\R-Mail for Outlook
2009-06-30 00:45 . 2009-06-30 00:45 -------- d-----w- c:\program files\R-Mail for Outlook
2009-06-30 00:42 . 2009-06-30 00:42 -------- d-----w- c:\program files\MunSoft
2009-06-30 00:41 . 2009-06-30 00:41 -------- d-----w- c:\users\Carlie\AppData\Local\PrinterQueueView
2009-06-30 00:08 . 2009-06-30 00:09 4 ----a-w- c:\windows\vx86036.dat
2009-06-30 00:08 . 2006-03-01 01:10 69632 ----a-w- c:\windows\system32\Crypserv.exe
2009-06-30 00:08 . 2006-01-10 02:47 31846 ----a-w- c:\windows\system32\Ckldrv.sys
2009-06-30 00:08 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe
2009-06-30 00:08 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe
2009-06-30 00:08 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll
2009-06-30 00:08 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2009-06-29 23:52 . 2009-06-29 23:52 -------- d-----w- c:\users\Carlie\AppData\Roaming\GetRightToGo
2009-06-29 23:12 . 2009-06-29 23:12 -------- d-----w- c:\program files\Common Files\IAS
2009-06-29 23:12 . 2009-06-29 23:12 -------- d-----w- c:\users\Carlie\AppData\Local\Autoplay
2009-06-29 17:10 . 2009-06-29 17:10 -------- d-----w- c:\program files\Recovery Toolbox for Excel
2009-06-29 16:59 . 2009-06-29 16:59 -------- d-----w- c:\program files\MSECache
2009-06-29 07:12 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-28 21:42 . 2009-06-28 21:42 -------- d-----w- c:\program files\BodyMedia
2009-06-28 21:41 . 2009-06-28 21:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 21:40 . 2009-06-28 21:40 -------- d-----w- c:\program files\Java
2009-06-28 19:27 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-28 19:27 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-28 19:23 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-06-28 19:23 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-06-28 19:23 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-28 19:23 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-28 19:23 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-28 19:23 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-28 19:23 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-28 19:23 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-28 19:23 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-28 19:23 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-06-28 19:21 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-06-28 19:21 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-06-28 19:21 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-06-28 19:21 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2009-06-28 19:21 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-28 19:21 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-06-28 19:12 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-28 19:12 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-28 19:12 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-28 19:12 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-28 19:12 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-28 19:12 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-28 19:12 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-28 19:12 . 2008-10-16 18:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-28 19:12 . 2008-10-16 17:56 31232 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 20:36 . 2008-09-25 00:06 -------- d-----w- c:\users\Carlie\AppData\Roaming\SUPERAntiSpyware.com
2009-07-01 20:36 . 2008-09-25 00:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-01 07:06 . 2008-09-25 12:53 836 ----a-w- c:\windows\bthservsdp.dat
2009-06-30 14:38 . 2008-09-23 23:35 100256 ----a-w- c:\users\Carlie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-30 06:43 . 2008-09-24 22:45 -------- d-----w- c:\programdata\Microsoft Help
2009-06-30 06:41 . 2008-09-24 22:48 -------- d-----w- c:\program files\Microsoft Works
2009-06-30 01:41 . 2008-09-24 22:40 -------- d-----w- c:\users\Carlie\AppData\Roaming\Azureus
2009-06-29 23:03 . 2008-09-26 17:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-29 07:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 21:42 . 2008-09-24 00:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-23 12:42 . 2009-06-28 19:22 636928 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"AutoplayDevice"="c:\users\Carlie\AppData\Local\Autoplay\AutoplayDevice.dll" [2009-06-29 118784]
"PrinterQueueViewClass"="c:\users\Carlie\AppData\Local\PrinterQueueView\PrinterQueueViewClass.dll" [2009-06-30 110592]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2007-09-28 450816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-12 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-14 442460]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]

c:\users\Carlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-6-20 1221928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-26 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-17 1207376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"IASAttribute"= {a24f7021-26f6-4dd6-96EC-049F4764aba5} - c:\program files\Common Files\IAS\IASAttribute.dll [2009-06-29 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F7626AA1-DE93-41BA-A5E5-2F0FEB6C155E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{16E4B1BC-A796-475A-8472-4DA76984FF53}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{0921E506-BC09-4F63-8736-35EE42C54162}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DC68B5D3-D365-411E-BEDC-592A4ACA2451}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6C8C6E25-F7CE-434F-9079-C014F5957584}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{115598D0-52FA-4665-B77A-782AC4D05916}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{855EC2FF-707D-4841-ACB7-EA89F1AC3CBB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E05D243-E4B3-45BD-8B9B-C4DC4FFEF3D5}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{852312F9-AB3D-428F-BBFE-C1F4D43740EA}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{4B2D0C7B-4C74-490F-A557-F705C05089EE}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D8DA9F46-4B58-4A5A-A777-F0AD51AF23E2}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{C9B30E0A-E389-4FDE-823F-F9DF8AF8B815}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{2D7E5C77-1E14-4959-815E-BDF94C8E398C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [8/18/2008 1:27 PM 34312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe [9/23/2008 8:48 PM 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 4:37 AM 1053944]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 2:09 PM 161048]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/18/2008 1:25 PM 468224]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [2/29/2008 10:15 AM 548352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [9/25/2008 8:53 AM 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [9/23/2008 8:21 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [1/29/2008 8:08 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [9/23/2008 8:41 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [9/23/2008 8:41 PM 277624]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WINDEFEND
*Deregistered* - SASENUM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{F954578A-F49F-4C6B-A67F-C33097894F67}.job
- c:\windows\system32\msfeedssync.exe [2009-06-30 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {8203C137-0225-4E8B-9533-7660BBE26B9C} = 192.168.1.1
FF - ProfilePath - c:\users\Carlie\AppData\Roaming\Mozilla\Firefox\Profiles\3n1xbgdu.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 16:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(3916)
c:\users\Carlie\AppData\Local\PrinterQueueView\PrinterQueueViewClass.dll
c:\users\Carlie\AppData\Local\Autoplay\AutoplayDevice.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-07-01 16:54
ComboFix-quarantined-files.txt 2009-07-01 20:54
ComboFix2.txt 2009-07-01 20:46
ComboFix3.txt 2009-07-01 20:41

Pre-Run: 122,985,168,896 bytes free
Post-Run: 122,960,912,384 bytes free

215 --- E O F --- 2009-07-01 07:01

[cduval04]

ya it seems it was combo fix that messed up my internet..just restored to before scan and it is fine...any way to fix this? is it a common problem??

[Ried]

No, it's not common occurrence at all. Did you reboot the system after ComboFix ran?

[Ried]

Based on what you told me earlier,

Quote:

I got the new windows malicious software removal tool during an update this morning and it said it removed Trojan:Win32/Alureon!inf. I looked up the info on it and one of the things it says it does is messes w/ your DNS settings. I tried ipconfig /flushdns in command prompt but it didn't seem to do anything.

Open the command prompt and type in ipconfig /all. Post what it lists. If you are concerned about privacy, PM me the info.

[cduval04]

you know what...I was just getting so ticked off I did a reinstall of windows from the cd..if you dont format the hd..and just do the new install over the old one..it just puts all your user files in a folder called windows.old and installs a clean copy of windows..I then just moved my user files from windowd.old to the approprate folders. This seems to have solved the redirect issue and the broswer crash issue. I will post if anything goes wrong but I think it is all set.......

I just thought this was an easier option..didn't think of it till this morning...

thanks so much for all you help....you guys are great!

[Ried]

I understand, cduval04. Thanks for letting me know.