Yes sir and not what I was looking for. Gimmea few, just got home.

Sent from my iPhail eleventybillion

I must be really bad at this computer thing. I ran combofix, but the log never popped up like it said it would. I asked if I wanted to create a new log file and I click yes. Notepad opened, but nothing was in it.

When it was running, it said a few different things were found etc... Do I need to uninstall now that its done running or should I wait until we have this all worked out?

Well I went ahead and uninstalled it anyways. I think everything is fixed for right now. The computer is running back to normal and internet is as speedy as usual.

so for now, thanks for the help!!!

The log in on the root of C:

Go to Computer/My Computer, click on C: and look for Combofix.txt

Sent from my iPhail eleventybillion

ComboFix 12-01-13.05 - Administrator 01/13/2012 1956.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.502.99 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB5217$\3716251536
c:\windows\$NtUninstallKB5217$\788478622\@
c:\windows\$NtUninstallKB5217$\788478622\bckfg.tmp
c:\windows\$NtUninstallKB5217$\788478622\cfg.ini
c:\windows\$NtUninstallKB5217$\788478622\Desktop.i ni
c:\windows\$NtUninstallKB5217$\788478622\keywords
c:\windows\$NtUninstallKB5217$\788478622\kwrd.dll
c:\windows\$NtUninstallKB5217$\788478622\L\xadqgnn k
c:\windows\$NtUninstallKB5217$\788478622\lsflt7.ve r
c:\windows\$NtUninstallKB5217$\788478622\U\0000000 1.@
c:\windows\$NtUninstallKB5217$\788478622\U\0000000 2.$
c:\windows\$NtUninstallKB5217$\788478622\U\0000000 2.@
c:\windows\$NtUninstallKB5217$\788478622\U\0000000 4.@
c:\windows\$NtUninstallKB5217$\788478622\U\8000000 0.@
c:\windows\$NtUninstallKB5217$\788478622\U\8000000 4.@
c:\windows\$NtUninstallKB5217$\788478622\U\8000003 2.$
c:\windows\$NtUninstallKB5217$\788478622\U\8000003 2.@
c:\windows\Install
c:\windows\Install\Activate.exe
c:\windows\Install\DirectX-9c-DLL-Files-24-41.exe
c:\windows\Install\Everything-v1.2.1.371.exe
c:\windows\Install\Flash-v10.0.32.18-IE.exe
c:\windows\Install\Foxit-PDF-Reader-Pro-v3.0.1817.exe
c:\windows\Install\Launch Internet Explorer Browser.lnk
c:\windows\Install\START7.cmd
c:\windows\Install\Tweak.reg
c:\windows\Install\USRMSG.exe
c:\windows\Install\Watermark.exe
c:\windows\$NtUninstallKB5217$ . . . . Failed to delete
.
c:\windows\system32\drivers\csc.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 01:17 . 2012-01-14 01:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-14 01:17 . 2012-01-14 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 23:55 . 2012-01-13 23:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-13 04:03 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-13 04:03 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-13 04:03 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-13 04:03 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-13 04:03 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 03:56 . 2012-01-13 03:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebyte s
2012-01-13 03:54 . 2012-01-13 03:54 -------- d-----w- c:\programdata\Malwarebytes
2012-01-13 03:54 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 03:54 . 2012-01-13 03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 11:48 . 2012-01-12 06:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-12 06:26 . 2012-01-12 06:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-12 06:17 . 2012-01-12 06:17 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-12 06:17 . 2011-12-23 13:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-12 06:16 . 2012-01-12 06:16 -------- d-----w- c:\program files\Lavasoft
2012-01-12 06:16 . 2012-01-12 06:17 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2020-02-02 00:02 . 2009-08-30 06:44 48256 ----a-w- c:\windows\system32\drivers\jraid.sys
2011-11-29 23:29 . 2011-11-29 23:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 07:24 . 2012-01-13 04:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2010-11-30 . ED33264518DD8BC4030406602C857589 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"Everything"="c:\program files\Everything\Everything.exe" [2009-04-05 602624]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-01-13 135168]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2010-01-15 93032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"Start_ShowMyMusic"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R3 iaNvStor;iaNvStor;c:\windows\system32\DRIVERS\iaNv Stor.sys [2009-02-02 229400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2012-01-13 40776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-12 2152152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-12-10 20464]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2010-01-15 23152]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTI CH3.SYS [2009-07-13 242176]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 06:25]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1831307557-4269090565-2758153401-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update \GoogleUpdate.exe [2010-11-29 22:41]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1831307557-4269090565-2758153401-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update \GoogleUpdate.exe [2010-11-29 22:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Fir efox\Profiles\kvyd2m5r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.dfwmustangs.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,dd,ea ,ac,25,64,09,42,a4,a3,33,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,dd,ea ,ac,25,64,09,42,a4,a3,33,\
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1831307557-4269090565-2758153401-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Lavasoft\Ad-Aware\AWSC.exe
c:\program files\Lavasoft\Ad-Aware\AWSC.exe
c:\windows\system32\AUDIODG.EXE
.
************************************************** ************************
.
Completion time: 2012-01-13 1959 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-14 01:28
.
Pre-Run: 51,318,300,672 bytes free
Post-Run: 51,511,635,968 bytes free
.
- - End Of File - - D4689340B40BF3FDB6B34AE4250DD99A

You have a rootkit that CF can't handle. You're only 100% sure way to know that your lappy isn't compromised is to back up your data and do a format/reinstall.

Thats weird bc it seems to be running fine now.

this virus cannot be detected by most brand anti-virus software or malware mentioned above.
it hijacks the browser and DNS, very smart when you visit bestbuy, it pops-up bestbuy survey or giftcard offers/fake winner to try to steal your identity;
these sites will be re-directed to. (actully, all traffic sends to your DNS server,)
9newstoday.net
mygiftcarddeal.com
9newstoday.tv;

the virus also disabled "nslookup",