Multiple trojans, virus, and exploits , worst problem is search engine redirecti

I did another scan on Microsoft Security essentials, and it removed a trojan downloader, disinfected alureon.h, and removed an exploit from Java. However, I did a search again this morning, and it still redirected me to other sites, so that virus must be still hiding out somewhere.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 10-06-02.01 - Brenda 06/02/2010 17:10:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.408 [GMT -5:00]
Running from: c:\documents and settings\Brenda\Desktop\combo-fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brenda\Application Data\.#
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.oggc:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.5.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\Data

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-06-02 18:54 . 2010-06-02 18:58 -------- d-----w- C:\All other Misc files created before June 2010
2010-06-02 11:46 . 2010-06-02 11:47 -------- d-----w- C:\DECCHECK
2010-06-02 04:54 . 2010-06-02 04:54 36352 ----a-w- c:\windows\system32\drivers\pchbkwka.sys
2010-05-31 12:34 . 2010-05-31 12:34 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\PCHealth
2010-05-31 12:34 . 2010-05-31 12:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-05-29 23:19 . 2010-05-29 23:29 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\nos
2010-05-29 23:19 . 2010-05-29 23:19 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-29 22:46 . 2010-05-29 22:46 -------- d-----w- c:\program files\ESET
2010-05-29 22:39 . 2010-05-29 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 22:38 . 2010-05-29 22:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 22:36 . 2010-05-29 22:36 -------- d-----w- c:\program files\Java
2010-05-28 00:43 . 2010-05-28 00:43 23552 ----a-w- c:\windows\xobglu32.dll
2010-05-28 00:43 . 2010-05-28 00:43 63488 ----a-w- c:\windows\xobglu16.dll
2010-05-27 22:02 . 2010-05-27 22:02 -------- d-----w- C:\_OTL
2010-05-26 18:46 . 2010-05-27 02:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-26 18:28 . 2010-05-26 18:28 -------- d-----w- C:\7e96eceef3e83ddda1c06f471906d6
2010-05-26 18:11 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 02:08 . 2010-05-26 02:09 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-25 11:24 . 2010-05-25 11:24 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\The Weather Channel
2010-05-24 18:27 . 2010-05-26 18:10 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-24 12:42 . 2010-05-24 12:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-23 20:55 . 2010-05-23 20:55 -------- d-----w- C:\$AVG
2010-05-23 00:14 . 2010-05-23 00:19 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-05-23 00:14 . 2010-05-23 00:14 -------- d-----w- c:\program files\ATT
2010-05-22 22:14 . 2010-05-22 22:14 -------- d-----w- c:\program files\AVG
2010-05-22 22:13 . 2010-06-01 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-22 20:04 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 20:04 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 21:59 . 2010-05-21 21:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-17 20:12 . 2010-05-17 20:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:13 . 2009-02-06 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-29 23:21 . 2009-02-07 00:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-28 17:34 . 2007-05-09 12:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 16:52 . 2009-05-27 00:51 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-05-28 01:20 . 2006-11-29 02:16 -------- d-----w- c:\program files\Fizzball
2010-05-27 01:25 . 2007-03-11 17:06 36772214 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-25 00:30 . 2009-01-05 00:15 -------- d-----w- c:\program files\Paint.NET
2010-05-25 00:26 . 2007-05-18 17:52 -------- d--h--w- c:\documents and settings\Brenda\Application Data\Move Networks
2010-05-24 21:28 . 2010-01-27 20:50 -------- d-----w- c:\program files\Encore
2010-05-24 19:46 . 2009-01-02 18:57 -------- d-----w- c:\program files\RealArcade
2010-05-24 19:45 . 2007-01-10 23:49 -------- d-----w- c:\program files\Dolphin
2010-05-24 19:29 . 2005-05-25 21:22 -------- d-----w- c:\program files\The Learning Company
2010-05-24 19:19 . 2003-02-01 15:19 -------- d-----w- c:\program files\Hasbro Interactive
2010-05-23 11:43 . 2006-04-20 16:48 -------- d-----w- c:\program files\Common Files\Motive
2010-05-23 00:14 . 2006-04-20 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-05-22 21:37 . 2003-01-20 02:56 -------- d-----w- c:\program files\Yahoo!
2010-05-22 21:37 . 2006-04-20 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-05-22 21:27 . 2006-04-20 17:13 -------- d-----w- c:\program files\Common Files\Scanner
2010-05-21 21:48 . 2010-05-22 03:17 3886080 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-20 12:13 . 2006-04-20 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-14 00:58 . 2007-05-09 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-04-24 19:42 . 2007-11-19 15:42 32256 ---h--w- C:\~WRL2179.tmp
2010-04-24 19:42 . 2007-11-19 15:42 32768 ---h--w- C:\~WRL0256.tmp
2010-04-24 19:42 . 2007-11-19 15:42 32256 ---h--w- C:\~WRL0220.tmp
2010-03-27 15:10 . 2010-03-27 15:10 50354 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\uninstall.exe
2010-03-10 06:15 . 2002-02-26 20:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\npfbplugin_1_0_3.dll
2008-03-08 21:09 . 2008-03-08 21:09 0 ----a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-12-03 212992]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-08 77824]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-15 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\XEROX\\NWWIA\\XrxFTPLt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2003-01-03 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D320.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 15:38]

2002-11-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 00:12]

2010-06-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc825.mail.yahoo.com/mc/welcome?.partner=sbc&.gx=0&.tm=1246966300&.rand=3qt4e5hr8e06d
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
Trusted Zone: christianbook.com\dlm
Trusted Zone: christianbook.com\drm
Trusted Zone: christianbook.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.bigfishgames.com/en_fashion-dash/online/fashiondashweb.1.0.0.21.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.66.155.171.39.downloads.estara.com./as/OneCCDM.php?template=1302&sessionid=928213738_66.155.171.39_48602&=&req=1167233643281OneCC.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://www.shockwave.com/content/greatchocolatechase/sis/greatchocolatechaseweb.1.0.0.12.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} - hxxp://games.bigfishgames.com/en_butterflyescape/online/GenimoWebGamesControl.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/delish/zylomplayer.cab
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxps://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.bigfishgames.com/online/dinerdash/DinerDash.1.0.0.58.cab
FF - ProfilePath - c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\v8eddjxk.default\
FF - plugin: c:\documents and settings\Brenda\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x??? ???X??? ??????? ???P????(?w'(?w????????????(???u??????w????????????0????$?w7(?w?o?wS??w???w????????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-02 17:34:47
ComboFix-quarantined-files.txt 2010-06-02 22:34

Pre-Run: 48,665,714,688 bytes free
Post-Run: 51,149,467,648 bytes free

- - End Of File - - F964E673EFBF3F1F07504A841180CFE2

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

It got to the point that we were rarely able to get on the internet any longer, and my husband needed to check his email daily, so we had to do something urgently. On Thursday, we finally just backed up everything essential and reinstalled windows. The updates from the last 8 years since we bought the computer are still loading a full day later, but the internet pop ups and re-directing is completely resolved (although internet explorer closes randomly, but I think it may be due to the updates). I want to thank you SO much for all of the effort that you put into this matter and for most likely helping us avoid an identity theft from some of the viruses and trojans. I will definitely recommend this site to anyone who is having similar issues. Thanks again!