Browser Bugs - Need someone to take a look

[superair210]

I am looking for some assistance with an ongoing internet explorer problem. I have had a number of problems with browser hijacking for which I have re-changed my home address under internet tools a number of times. I believe that there may have been something added to my registry file causing the problem to reoccur when I reboot. When searching a query, I would be redirected to another serch engine. If I simply cut and pasted the site I wanted, I had no problem. I have downloaded and run XoftSpy SE, Threatfire, Spyware Terminator, Malwarebytes, HJT, and run Zone Alarm as my firewall. Today, I tried accessing the internet via IE and it states it can't find server or DNS error. I also tried opening Firefox and it can't find the server. Here are both the HJT log and MWB log. Any direction would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:58 AM, on 4/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\WINNT\System32\dlbxcoms.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://verizon.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208544671592
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: dlbx_device - Dell - C:\WINNT\System32\dlbxcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 4177 bytes

__________________________________________________ ___________________

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 45505
Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Osiris]

Try going thru my guide since it has some extra things in there you didnt try yet...

[superair210]

Again, thank you for you assistance!

I have downloaded, installed, and updated the programs that are listed in your guide. The first step that you mentioned was to run "msconfig" however an error message pops up stating "cannot find the file 'msconfig' (or one of it's components) make sure the path and file name are correct and that all required libraries are available"

Any ideas?

[Osiris]

http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

Download the zip file and use msconfig that way till we get this all sorted out

[superair210]

Will do!

[superair210]

The file that you referenced me to states it only runs on XP. My OS is win 2000 on the infected pc.

[Osiris]

did you try it?

[superair210]

Yes, got an error stating that it only is supported by win xp...I downloaded version 5.1.2600.2180 configuration utility directly from MS website and I am now at the next step of the process in your guide. I will keep you posted. Thank you!

Are Adobe Flash Player Active X & Adobe Shock wave player 11 normally host downloads for malware?

[Osiris]

Not normally but possible

[superair210]

I had a small mishap running cleanup. When trying to run AVG, it stating that it can not find mfc80u.dll. I am trying to fix it by installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86). Hopefully this will do the trick. As soon as I get the log files, I will post...probably about 10 minutes.