Browser Hijack IE and FF under Vista

[mowerguy]

My browser has a search results hijack going on. Performs search fine but when search results are found, sometimes you go to search result and other times, you are sent to random sites. Fails under both IE and Firefox.

I have run the utilities and here are the logs:

Thanks in advanced for the help.

DDS.TXT:

DDS (Ver_09-10-26.01) - NTFSx86
Run by mike at 18:03:32.07 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.1073 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SBC\update\SST.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\SCANJET\PrecisionScanPro\PrecisionScanPro\HPLamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\mike\Documents\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Lamp] c:\scanjet\precisionscanpro\precisionscanpro\HPLamp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\icf.dll
Trusted Zone: youtube.com\www
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BF978371-7CD4-469B-965F-DBDA18AC7D32} = 68.94.156.1,68.94.157.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ogvv5397.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-27 360584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-1-5 81920]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-24 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-1-5 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-24 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-5 112128]
S2 gupdate1c98d7f867fc4ec;Google Update Service (gupdate1c98d7f867fc4ec);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2009-2-5 68762]
S3 SaiHFF04;SaiHFF04;c:\windows\system32\drivers\SaiHFF04.sys [2007-5-1 132232]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2007-5-1 16256]

=============== Created Last 30 ================

2009-10-31 18:13:27 0 d-----w- c:\program files\Windows Portable Devices
2009-10-31 18:13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-31 18:13:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-31 18:11:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-31 18:11:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-31 18:11:26 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-31 17:39:08 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-31 17:39:07 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-24 21:01:53 0 d--h--w- C:\$AVG
2009-10-24 21:00:43 0 d-----w- c:\programdata\avg9
2009-10-24 19:44:33 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-24 19:44:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 02:35:22 0 d-----w- c:\programdata\WindowsSearch
2009-10-21 02:29:32 0 d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2009-10-21 02:29:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 02:29:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 02:29:26 0 d-----w- c:\programdata\Malwarebytes
2009-10-21 02:29:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 02:22:59 65536 --sha-w- c:\users\mike\ntuser.dat{6e66810e-bde7-11de-aebd-caa97db40c3b}.TM.blf
2009-10-21 02:22:59 524288 --sha-w- c:\users\mike\ntuser.dat{6e66810e-bde7-11de-aebd-caa97db40c3b}.TMContainer00000000000000000002.regtrans-ms
2009-10-21 02:22:59 524288 --sha-w- c:\users\mike\ntuser.dat{6e66810e-bde7-11de-aebd-caa97db40c3b}.TMContainer00000000000000000001.regtrans-ms
2009-10-20 22:24:00 65536 --sha-w- c:\users\mike\ntuser.dat{280129e2-bdc7-11de-bb52-8e3373fbaa18}.TM.blf
2009-10-20 22:24:00 524288 --sha-w- c:\users\mike\ntuser.dat{280129e2-bdc7-11de-bb52-8e3373fbaa18}.TMContainer00000000000000000002.regtrans-ms
2009-10-20 22:24:00 524288 --sha-w- c:\users\mike\ntuser.dat{280129e2-bdc7-11de-bb52-8e3373fbaa18}.TMContainer00000000000000000001.regtrans-ms
2009-10-16 01:50:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-16 01:50:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-16 01:50:21 0 d-----w- c:\program files\iPod
2009-10-16 01:50:19 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-16 01:50:19 0 d-----w- c:\program files\iTunes
2009-10-16 01:50:08 0 d-----w- c:\program files\Bonjour
2009-10-14 02:12:59 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 02:12:58 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 02:12:58 60928 ----a-w- c:\windows\system32\msasn1(82).dll
2009-10-13 00:03:26 0 d-----w- c:\program files\LEGO Media
2009-10-13 00:02:50 0 ----a-w- c:\windows\DXTEC62.tmp
2009-10-13 00:02:50 0 ----a-w- c:\windows\DXTEC61.tmp
2009-10-03 16:17:18 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-31 18:13:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-31 18:13:25 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 18:13:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-31 18:13:25 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-24 21:07:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 21:01:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 21:01:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 15:33:50 300248 ----a-w- c:\windows\system32\seinst.dll
2009-10-23 15:33:50 300240 ----a-w- c:\windows\system32\ICF.dll
2009-10-23 15:33:50 283864 ----a-w- c:\windows\sediag.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0(86).dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-02 08:09:24 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet(98).dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\system32\urlmon(95).dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\system32\iertutil(76).dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 01:45:15 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:44:40 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 00:23:06 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:44:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-08-04 12:34:19 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34:19 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-05 20:04:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:04:36.89 ===============

[mowerguy]

Bump for some help/feedback?

Thanks.

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick 'Run command' box > OK > Apply > OK.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

• Open Spybot Search & Destroy.
• In the Mode menu click Advanced mode if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
• In the File menu click Exit to exit Spybot Search & Destroy.

------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to Allow or Deny any changes, please Allow them all.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

[mowerguy]

Chemist,

Thanks for the reply. We ran the ComboFix program with all Antivirus turned off. The browser problem is still there. Please advise.

Thanks,

Dave

ComboFix 09-11-07.02 - mike 11/07/2009 21:53.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.1060 [GMT -6:00]
Running from: c:\users\mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
c:\$recycle.bin\S-1-5-21-738196743-4129716671-1176172436-500
C:\LOG3967.tmp
c:\windows\AUTOLNCH.REG
.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.
2009-11-08 04:00 . 2009-11-08 04:01 -------- d-----w- c:\users\mike\AppData\Local\temp
2009-11-08 04:00 . 2009-11-08 04:00 -------- d-----w- c:\users\Steven\AppData\Local\temp
2009-11-08 04:00 . 2009-11-08 04:00 -------- d-----w- c:\users\Nora\AppData\Local\temp
2009-11-08 04:00 . 2009-11-08 04:00 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2009-11-08 04:00 . 2009-11-08 04:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-08 03:22 . 2009-11-08 03:22 -------- d-----w- c:\users\mike\AppData\Roaming\AVG9
2009-10-31 18:13 . 2009-10-31 18:13 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-31 18:11 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-31 18:11 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-31 18:11 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-31 17:39 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-31 17:39 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-24 21:08 . 2009-10-24 21:01 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2009-10-24 21:07 . 2009-10-24 21:00 842520 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-10-24 21:07 . 2009-10-24 21:00 1656088 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-10-24 21:01 . 2009-10-24 21:04 -------- d-----w- C:\$AVG
2009-10-24 21:00 . 2009-11-08 03:49 4096 d-----w- c:\programdata\avg9
2009-10-24 19:44 . 2009-10-24 20:33 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-24 19:44 . 2009-10-24 19:44 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 01:34 . 2006-12-14 15:00 110592 ----a-w- c:\users\Jacob\AppData\Roaming\U3\temp\cleanup.exe
2009-10-24 01:32 . 2007-02-12 22:46 3096576 ---ha-w- c:\users\Jacob\AppData\Roaming\U3\temp\Launchpad Removal.exe
2009-10-24 01:32 . 2009-10-24 01:32 -------- d-----w- c:\users\Jacob\AppData\Roaming\U3
2009-10-23 19:00 . 2009-10-23 19:00 -------- d-----w- c:\users\Nora\AppData\Roaming\Malwarebytes
2009-10-21 02:35 . 2009-10-21 02:35 -------- d-----w- c:\programdata\WindowsSearch
2009-10-21 02:29 . 2009-10-21 02:29 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2009-10-21 02:29 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 02:29 . 2009-10-21 02:29 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 02:29 . 2009-10-21 02:29 -------- d-----w- c:\programdata\Malwarebytes
2009-10-21 02:29 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 01:51 . 2009-10-16 01:52 -------- d-----w- c:\users\mike\AppData\Roaming\Apple Computer
2009-10-16 01:50 . 2009-10-21 02:20 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-16 01:50 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-16 01:50 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-16 01:50 . 2009-10-16 01:50 -------- d-----w- c:\program files\iPod
2009-10-16 01:50 . 2009-10-21 02:20 4096 d-----w- c:\program files\iTunes
2009-10-16 01:50 . 2009-10-21 02:20 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-16 01:50 . 2009-10-21 02:20 4096 d-----w- c:\program files\Bonjour
2009-10-16 01:39 . 2009-10-16 01:39 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-14 02:12 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 02:12 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 02:12 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1(82).dll
2009-10-13 00:03 . 2009-10-13 00:03 -------- d-----w- c:\program files\LEGO Media
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 18:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-31 18:13 . 2009-10-31 18:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-31 18:13 . 2009-10-31 18:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-31 17:22 . 2009-01-09 00:27 4096 d-----w- c:\program files\Internet Content Filter
2009-10-30 22:29 . 2009-01-22 03:24 -------- d-----w- c:\users\mike\AppData\Roaming\U3
2009-10-24 21:00 . 2009-01-08 23:42 -------- d-----w- c:\program files\AVG
2009-10-23 15:33 . 2009-01-09 00:27 300248 ----a-w- c:\windows\system32\seinst.dll
2009-10-23 15:33 . 2009-01-09 00:27 300240 ----a-w- c:\windows\system32\ICF.dll
2009-10-23 15:33 . 2009-01-09 00:27 283864 ----a-w- c:\windows\sediag.exe
2009-10-21 03:14 . 2009-01-05 18:27 4096 d-----w- c:\program files\Java
2009-10-21 02:20 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-10-16 01:50 . 2009-09-30 20:43 4096 d-----w- c:\program files\Common Files\Apple
2009-10-16 01:50 . 2009-09-30 20:44 -------- d-----w- c:\programdata\Apple Computer
2009-10-14 02:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-13 00:45 . 2009-01-10 22:09 6080 ----a-w- c:\users\Steven\AppData\Local\d3d9caps.dat
2009-10-13 00:24 . 2009-01-08 14:54 6080 ----a-w- c:\users\mike\AppData\Local\d3d9caps.dat
2009-10-13 00:02 . 2009-10-13 00:02 0 ----a-w- c:\windows\DXTEC62.tmp
2009-10-13 00:02 . 2009-10-13 00:02 0 ----a-w- c:\windows\DXTEC61.tmp
2009-10-01 21:35 . 2009-10-01 21:35 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-01 15:29 . 2009-10-03 16:17 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02 . 2009-10-31 18:12 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-31 18:12 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-31 18:12 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-31 18:12 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-31 18:12 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-31 18:12 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-31 18:12 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-31 18:12 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-31 18:12 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-31 18:12 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-31 18:12 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-31 18:12 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-31 18:12 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-31 18:12 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-31 18:12 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-31 18:12 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-30 20:44 . 2009-09-30 20:44 4096 d-----w- c:\program files\QuickTime
2009-09-30 20:43 . 2009-09-30 20:43 4096 d-----w- c:\program files\Apple Software Update
2009-09-30 20:43 . 2009-09-30 20:43 -------- d-----w- c:\programdata\Apple
2009-09-28 22:45 . 2009-01-15 14:48 6080 ----a-w- c:\users\Nora\AppData\Local\d3d9caps.dat
2009-09-25 02:10 . 2009-10-31 18:12 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-31 18:12 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-31 18:12 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-31 18:12 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-31 18:12 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-31 18:12 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-31 18:12 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-31 18:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-31 18:12 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-31 18:12 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-31 18:12 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-31 18:12 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-31 18:12 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-31 18:12 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-31 18:12 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-31 18:12 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-31 18:12 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-31 18:12 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-31 18:12 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-31 18:12 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-31 18:12 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-31 18:12 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-31 18:12 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-31 18:12 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-31 18:12 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-31 18:12 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-31 18:12 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-11 01:29 . 2009-01-09 02:19 6080 ----a-w- c:\users\Jacob\AppData\Local\d3d9caps.dat
2009-09-10 16:48 . 2009-10-14 02:13 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48 . 2009-10-14 02:13 218624 ----a-w- c:\windows\system32\msv1_0(86).dll
2009-09-10 02:01 . 2009-10-31 18:12 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-10-31 18:12 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-10-31 18:12 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-09 21:35 . 2009-03-31 22:14 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-02 08:09 . 2009-09-02 08:09 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-29 00:27 . 2009-09-02 23:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 23:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 02:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:22 . 2009-10-14 02:13 916480 ----a-w- c:\windows\system32\wininet(98).dll
2009-08-27 05:22 . 2009-10-14 02:13 1208832 ----a-w- c:\windows\system32\urlmon(95).dll
2009-08-27 05:17 . 2009-10-14 02:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 02:13 1985536 ----a-w- c:\windows\system32\iertutil(76).dll
2009-08-27 05:17 . 2009-10-14 02:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 02:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 21:24 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 21:24 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 21:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 21:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 21:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 21:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 21:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 21:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 21:24 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 21:24 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 21:24 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-01-05 20:04 . 2009-01-05 20:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2009-10-23 1236712]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-10 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Lamp"="c:\scanjet\PRECISIONSCANPRO\PrecisionScanPro\HPLamp.exe" [1999-07-23 42496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ&inst=NwA5AC0AMQAyADkANQA2ADUAMwAxADcALQBUADEAMQAtAFUAOAA&prod=90&ver=9.0.698" [?]
c:\users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2009-1-24 36864]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):da,8a,95,7e,68,de,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-738196743-4129716671-1176172436-1000]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-738196743-4129716671-1176172436-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-738196743-4129716671-1176172436-1003]
"EnableNotificationsRef"=dword:00000001
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [1/5/2009 2:14 PM 81920]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [1/5/2009 12:27 PM 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/24/2009 1:44 PM 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [1/5/2009 2:14 PM 112128]
S2 gupdate1c98d7f867fc4ec;Google Update Service (gupdate1c98d7f867fc4ec);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 8:04 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:33 PM 21504]
S3 SaiHFF04;SaiHFF04;c:\windows\System32\drivers\SaiHFF04.sys [5/1/2007 4:06 PM 132232]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\System32\drivers\SaiIFF04.sys [5/1/2007 4:06 PM 16256]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - AvgLdx86
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:04]
2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:04]
2009-11-08 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-05 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\System32\icf.dll
Trusted Zone: youtube.com\www
TCP: {BF978371-7CD4-469B-965F-DBDA18AC7D32} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ogvv5397.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-HijackThis - c:\users\mike\Documents\HijackThis.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 22:01
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys >>UNKNOWN [0x874A9F61]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
.
Completion time: 2009-11-08 22:04
ComboFix-quarantined-files.txt 2009-11-08 04:04
Pre-Run: 160,595,443,712 bytes free
Post-Run: 160,778,006,528 bytes free
- - End Of File - - 315367AEBCC0A630FCAC1612AD469AB6

[chemist]

Hello, mowerguy.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
• Copy/paste the contents of the following codebox into the main textfield:
  
  Code:

   
  :filefind
  iaStor.sys

• Click the Look button to start the scan.
• When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

[mowerguy]

chemist,

Thanks again for the time. Here is the results from SystemLook.exe run as admin:3

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:11 on 08/11/2009 by mike (Administrator - Elevation successful)
========== filefind ==========
Searching for "iaStor.sys"
C:\Drivers\storage\R196209\IaStor.sys --a--- 324120 bytes [20:02 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys --a--- 402456 bytes [18:28 05/01/2009] [23:44 20/07/2008] FC28E90F2204D8FD147FA9BFA8A51C01
C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys --a--- 324120 bytes [18:28 05/01/2009] [23:44 20/07/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\drivers\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
-=End Of File=-

[chemist]

Hello again, mowerguy.

Open Notepad and copy/paste the entire contents of the quotebox below into Notepad:

Quote:

@echo off
Copy /y C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys c:\
quit

Save this Notepad file as replace.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on replace.bat to run it. A DOS window will open and close again, this is normal. Please delete the file afterwards.

------------------------------------------------------

• Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
• Copy/paste the contents of the following codebox into the main textfield:
  
  Code:

   
  :filefind
  iaStor.sys

• Click the Look button to start the scan.
• When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

[mowerguy]

Chemist,

Thanks for responding so quickly.

We built the replace.bat, ran it and then ran Systemlook again. Here is the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:48 on 08/11/2009 by mike (Administrator - Elevation successful)
========== filefind ==========
Searching for "iaStor.sys"
C:\Drivers\storage\R196209\IaStor.sys --a--- 324120 bytes [20:02 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\iaStor.sys --a--- 324120 bytes [03:42 09/11/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys --a--- 402456 bytes [18:28 05/01/2009] [23:44 20/07/2008] FC28E90F2204D8FD147FA9BFA8A51C01
C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys --a--- 324120 bytes [18:28 05/01/2009] [23:44 20/07/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
C:\Windows\System32\drivers\iaStor.sys --a--- 324120 bytes [20:14 05/01/2009] [08:41 19/08/2008] 707C1692214B1C290271067197F075F6
-=End Of File=-

[chemist]

Hello again, mowerguy.

Download The Avenger2 by Swandog46 from here

• Unzip/extract it to a folder on your desktop.
• Double-click on avenger.exe to run The Avenger
• Click OK
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy/paste the following text in the codebox below into the 'Input script here:' box.
  
  
  Code:

  FILES TO MOVE:
  C:\iastor.sys | C:\Windows\System32\drivers\iastor.sys

• Click Execute
• Click Yes
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?
• Click Yes
• Your PC will now be rebooted.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log in your next reply.

------------------------------------------------------

No matter how many times Avenger rebooted your computer, please reboot your machine once more. This is important.

------------------------------------------------------

[mowerguy]

Thanks again. Here is the log but I do see that the file copy failed. Not sure why access was denied.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!

Error: could not move file "C:\iastor.sys"
File move operation "C:\iastor.sys|C:\Windows\System32\drivers\iastor.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.
*******************
Finished! Terminate.

[chemist]

Hello again, mowerguy.

Avenger should have elevated privileges itself, but try this:

Right-click avenger.exe and choose 'Run as Administrator'.

Follow the rest of the instructions again for replacing that file.

I will be extremely busy the next 24 hours, so it may be awhile before my next reply.

------------------------------------------------------

[mowerguy]

OK thanks for the quick reply. We did run this as administrator but we will try again. If the results are different, I will post another log.

No problem on the delay in your response.

Dave

[mowerguy]

Chemist,

Thanks again. We ran this again and we were successful. Here is the log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\iastor.sys|C:\Windows\System32\drivers\iastor.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.

[chemist]

Hello again, mowerguy. Good job! Have the redirects stopped? Also, please let me know you manually rebooted the machine once more after Avenger completed it's run.

We need to submit a file for analysis. You should have a zipped file here > C:\Avenger\backup.zip

Please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Use the 'Browse' button to navigate to the backup.zip file, left-click the file, then click 'Open'.

and copy/paste this link into the 'Link to topic' box:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/428324-browser-hijack-ie-ff-under-vista.html#post2434364

Click 'Send File'.

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

[mowerguy]

Yes, we did manually reboot after Avenger completed. We will test the browser redirects and I will report back. I also will upload the zip file as requested.

Thanks for all your help. I will let you know once the file has been uploaded.

[mowerguy]

chemist,

Thanks again for the time and effort you put forth to resolve our issue. After some testing, it appears that the browser is no longer forwarding to unexpected places.

I have uploaded the zip file with the link to the site that you mentioned.

Dave

[chemist]

Hello again, Dave. You're welcome. Thank you for submitting the file.

------------------------------------------------------

We need to uninstall ComboFix.

Please disable AVG before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

Wait for a message saying 'ComboFix is uninstalled'.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs and Features):

Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 16

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Right-click ATF-Cleaner.exe and choose Run as Administrator to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

[mowerguy]

Chemist,

We have uninstalled combofix, ran ATF-Cleaner, and the Kaspersky Online Scanner. I will double check on uninstalling the other version of Java. No threats were found.

Dave

[chemist]

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

We need to uninstall Avenger.

Navigate to and right-click C:\cleanup.bat and choose 'Run as Administrator'.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Avenger"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Please re-enable TeaTimer:

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• How Did I Get Infected In The First Place? by TonyKlein
• How to Prevent Malware by miekiemoes

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an add-on available for both Firefox and IE.
  
• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  
• MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

[mowerguy]

Chemist,

We ran those last cleanup tasks and we have re-enabled anti-virus and anti-spyware.

Thanks again for all the help.

Dave