Hi there,

My computer was infected with a virus yesterday. Using Malwarebytes and a variety of other anti-virus/spyware applications, I've managed to get rid of the virus as far as I can tell, however all of my browsers are randomly redirecting to pages and the Google search toolbar, if used, ends up using Gala Search, rather than Goggle. Any help would be much appreciated, and here is the log which Malwarebytes has just generated for me following a scan:

Malwarebytes' Anti-Malware 1.41
Database version: 3138
Windows 5.1.2600 Service Pack 3

11/11/2009 15:01
mbam-log-2009-11-11 (15-01-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 255865
Time elapsed: 35 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sorry to bump this, but I'm keen to try ComboFix and have been advised to wait for assistance...

Just realised that I need to post a HijackThis log (duh!). Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:34, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BT PC Backup v8\AgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\User\LOCALS~1\Temp\AVGDownloadManager\packages\65\setup.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080516
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080516
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...798/mcfscan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O23 - Service: McAfee Application Installer Cleanup (0010031257867622) (0010031257867622mcinstcleanup) - Unknown owner - C:\DOCUME~1\User\LOCALS~1\Temp\001003~1.EXE (file missing)
O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\BT PC Backup v8\AgentService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8879 bytes

Hi there,

Firstly, many thanks for your advice to run ComboxFix - it seems to have worked!

I'm just posting the log it produced however, as this is what I was advised to do:

ComboFix 09-11-16.05 - User 16/11/2009 10:09..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}
c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\Install.txt
c:\windows\run.log
c:\windows\system32\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-13 10:19 . 2009-11-13 10:19 -------- d-----w- C:\$AVG
2009-11-13 10:18 . 2009-11-13 10:18 -------- d-----w- c:\program files\AVG
2009-11-13 09:40 . 2009-11-13 09:40 -------- d-----w- c:\program files\Trend Micro
2009-11-11 12:13 . 2009-11-11 12:13 -------- d-----w- c:\windows\McAfee.com
2009-11-11 10:08 . 2009-11-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-11 09:12 . 2004-08-03 22:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-11-11 09:11 . 2001-08-17 13:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-11 09:10 . 2001-08-17 12:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-11 09:09 . 2001-08-17 12:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-11-11 09:08 . 2001-08-17 22:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2009-11-11 09:07 . 2001-08-17 13:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-11 09:06 . 2001-08-17 22:36 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-11-11 09:05 . 2001-08-17 14:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2009-11-11 09:04 . 2004-08-04 04:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2009-11-11 09:03 . 2001-08-17 13:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2009-11-11 09:02 . 2001-08-17 13:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2009-11-11 09:01 . 2001-08-17 22:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-11-11 09:00 . 2008-04-13 19:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2009-11-11 08:59 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-11 08:58 . 2001-08-17 14:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-11 08:58 . 2004-08-04 04:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-11-11 08:58 . 2004-08-04 04:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-11-11 08:58 . 2004-08-04 04:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-11-11 08:58 . 2004-08-04 04:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2009-11-11 08:58 . 2004-08-04 04:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-11 08:58 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2009-11-11 08:41 . 2009-11-11 08:41 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2009-11-10 17:06 . 2009-11-11 12:22 -------- d-----w- c:\program files\Free Window Registry Repair
2009-11-10 17:06 . 2009-11-10 17:06 -------- d-----w- c:\documents and settings\User\Application Data\Registry Mechanic
2009-11-10 16:18 . 2009-11-10 16:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 15:51 . 2009-11-13 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-10 15:49 . 2009-11-11 12:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-10 15:49 . 2009-11-11 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 13:37 . 2009-11-10 13:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-11-10 13:37 . 2009-11-10 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 12:19 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-10 12:19 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-10 12:19 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-10 12:19 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-10 12:19 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-10 12:19 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-10 12:19 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-10 12:19 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-10 12:19 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-10 12:19 . 2009-11-10 12:19 -------- d-----w- c:\program files\Alwil Software
2009-11-10 11:42 . 2009-11-10 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-10 11:24 . 2009-11-10 11:24 120 ----a-w- c:\windows\Tyehilahaca.dat
2009-11-10 11:24 . 2009-11-10 11:24 0 ----a-w- c:\windows\Xgavobacagayu.bin
2009-11-10 11:16 . 2009-11-10 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 11:15 . 2009-11-10 11:15 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-10 11:10 . 2009-11-10 14:19 -------- d-----w- c:\documents and settings\All Users\Defence
2009-11-09 16:33 . 2009-11-09 16:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2009-11-09 15:42 . 2009-11-09 15:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-09 10:28 . 2009-11-09 10:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-09 10:27 . 2009-11-09 10:27 -------- d-sh--w- c:\documents and settings\User\IETldCache
2009-11-09 09:47 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-09 09:47 . 2009-11-11 12:50 -------- d-----w- c:\windows\ie8updates
2009-11-09 09:45 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-09 09:45 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-09 09:43 . 2009-11-09 09:44 -------- dc-h--w- c:\windows\ie8
2009-11-09 09:38 . 2009-11-09 09:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-09 09:38 . 2009-11-09 09:38 -------- d-----w- c:\windows\system32\LogFiles
2009-11-09 09:37 . 2008-01-09 12:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-11-09 09:37 . 2009-11-09 09:37 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe2E.dll
2009-11-04 13:39 . 2009-11-04 13:40 -------- d-----w- c:\program files\Ultra AVI Converter
2009-11-04 13:31 . 2009-10-06 13:40 545280 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-11-04 13:31 . 2009-10-06 13:40 103424 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-11-04 13:31 . 2009-10-06 13:40 344064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-11-04 13:31 . 2009-10-06 13:40 153600 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-11-04 13:31 . 2009-10-06 13:40 4716544 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-11-03 16:05 . 2009-11-10 12:06 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-11-03 15:28 . 2009-11-09 15:26 -------- d-----w- C:\OutputFolder
2009-11-03 15:26 . 2006-09-26 13:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-11-03 15:26 . 2009-11-04 14:00 -------- d-----w- c:\program files\Ultra QuickTime Converter
2009-11-03 15:21 . 2009-11-03 15:26 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2009-11-03 14:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-03 14:59 . 2009-11-03 14:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-03 14:59 . 2009-11-03 14:59 -------- d-----w- c:\program files\AML Products
2009-11-03 14:36 . 2009-11-03 14:36 -------- d-----w- c:\program files\softendo.com
2009-11-03 13:39 . 2009-11-03 13:39 -------- d-----w- c:\documents and settings\User\Application Data\CopyTrans
2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\program files\WindSolutions
2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\documents and settings\User\Application Data\WindSolutions
2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-11-03 09:36 . 2009-11-12 16:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp
2009-11-03 09:36 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 09:36 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-30 13:39 . 2009-10-30 13:39 -------- d-----w- c:\program files\iPod
2009-10-30 13:39 . 2009-10-30 13:40 -------- d-----w- c:\program files\iTunes
2009-10-30 13:34 . 2009-10-30 13:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-30 13:30 . 2009-10-30 13:31 -------- d-----w- c:\program files\Safari
2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\scripting
2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\l2schemas
2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\en
2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\bits

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 10:19 . 2009-02-27 14:08 -------- d-----w- c:\program files\BT PC Backup v8
2009-11-13 17:27 . 2009-02-25 13:59 -------- d-----w- c:\program files\Sage Payroll
2009-11-13 16:05 . 2009-09-22 10:24 -------- d-----w- c:\documents and settings\User\Application Data\FileZilla
2009-11-12 17:06 . 2009-09-22 10:24 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-11 14:04 . 2008-05-16 01:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 12:32 . 2009-10-08 11:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 12:12 . 2008-05-16 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-11-11 10:09 . 2008-05-16 02:01 -------- d-----w- c:\program files\Google
2009-11-10 12:00 . 2008-05-20 10:04 -------- d-----w- c:\documents and settings\User\Application Data\Roxio
2009-11-10 11:21 . 2004-08-11 16:00 1033728 ----a-w- c:\windows\explorer.exe
2009-11-10 11:21 . 2009-11-10 11:21 0 ----a-w- c:\documents and settings\User\4A0.tmp
2009-11-10 11:21 . 2009-11-10 11:21 208384 ----a-w- c:\documents and settings\User\49B.tmp
2009-11-10 11:21 . 2009-11-10 11:21 212 ----a-w- c:\documents and settings\User\499.tmp
2009-11-10 11:15 . 2008-05-16 01:53 -------- d-----w- c:\program files\Java
2009-11-10 10:28 . 2009-09-23 16:40 -------- d-----w- c:\documents and settings\User\Application Data\Spotify
2009-11-09 09:37 . 2009-10-08 11:35 -------- d-----w- c:\program files\Sony Ericsson
2009-11-03 09:38 . 2009-09-22 13:52 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2009-11-03 09:36 . 2009-09-22 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-30 13:39 . 2009-09-22 13:49 -------- d-----w- c:\program files\Common Files\Apple
2009-10-22 12:29 . 2008-05-16 02:08 52840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 10:29 . 2004-08-11 16:14 87983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-09 14:33 . 2009-10-09 14:33 -------- d-----w- c:\documents and settings\User\Application Data\rockbox.org
2009-10-08 11:38 . 2009-10-08 11:36 -------- d-----w- c:\program files\Avanquest update
2009-10-08 11:36 . 2009-10-08 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-08 11:35 . 2009-10-08 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-10-06 10:39 . 2009-10-06 10:39 -------- d-----w- c:\documents and settings\User\Application Data\Office Genuine Advantage
2009-10-06 10:39 . 2009-10-06 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-05 08:39 . 2009-09-30 12:59 -------- d-----w- c:\program files\Steam
2009-10-01 08:18 . 2008-07-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sage
2009-09-27 08:39 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2009-09-23 16:40 . 2009-09-23 16:40 -------- d-----w- c:\program files\Spotify
2009-09-22 13:51 . 2009-09-22 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 13:51 . 2009-09-22 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-22 13:51 . 2009-09-22 13:51 -------- d-----w- c:\program files\Bonjour
2009-09-22 13:50 . 2009-09-22 13:50 -------- d-----w- c:\program files\QuickTime
2009-08-26 08:00 . 2004-08-11 16:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2002-04-16 10:27 . 2002-04-16 10:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-12 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-11 122368]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=
"c:\\Program Files\\BT PC Backup v8\\Agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/11/2009 12:19 114768]
R2 AgentService;AgentService;c:\program files\BT PC Backup v8\AgentService.exe [09/11/2008 20:38 6608192]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2009 12:19 20560]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [16/05/2008 01:35 98952]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [09/11/2009 09:37 27632]
S2 0010031257867622mcinstcleanup;McAfee Application Installer Cleanup (0010031257867622);c:\docume~1\User\LOCALS~1\Temp\001003~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\User\LOCALS~1\Temp\001003~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [09/11/2009 09:37 90112]
S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [01/08/2008 18:20 45384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-11 10:08]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1191282553-2944949144-565863707-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-12 16:20]

2009-11-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2009-11-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 21:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\User\LOCALS~1\Temp\TMP4352$.TMP 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A857170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
\Driver\iaStor -> iaStor.sys @ 0xb9e7e918
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d40bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d4da21
SendHandler -> NDIS.sys @ 0xb9d2b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldfcoms.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-16 10:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 10:26

Pre-Run: 264,847,269,888 bytes free
Post-Run: 265,510,809,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DDD68B5BE2B65D6136A325F123FDBC2D

Hi and welcome to Malwarebytes.

My apologies for the delay. Do you still need help?

-screen317

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!