Ran through all 6 steps.. Antivirus is still finding problems

I am working on my husband's computer. I'll just say it now to get it out of the way.. sometimes he looks at porn and I think that is how he gets infected! He is also a very fast clicker and very slow reader. He usually just clicks through pop up windows until they go away!

I think I got involved in his issues around 6/2009 (I got this date by looking at MalwareBytes logs). At that time his desktop picture changed to a very threatening all uppercase, bold red text notice stating that his boss, wife, kids and God were all going to find out that he was looking at porn if he didn't buy some kind of software RIGHT NOW!! I installed MalwareBytes and Spybot at that time. The scans found some issues (Rogue.Multiple.H, Trojan.Agent, Rogue.SystemSecurity) and cleaned them up nicely.

- Everything looked fine until 1/19/2010. Avira found this:
The file 'C:\WINDOWS\apptune1020.exe'
contained a virus or unwanted program 'TR/Dldr.Murlo.drj' [trojan]
- Then on 1/21/2010:
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\spool\prtprocs\w32x86\000047ee.tmp.
- That same day I started to notice that google searches were being redirected. I would type "test" in at google.com, select a link and I would be redirected to another page. I hit the back button and selected the same link, and it would take me to the page I wanted.

Then on 1/22/2010 fortune smiled upon me and I found your website. You guys rock!

I believe that I completed all of the steps. I hope I did because I don't want to waste your time! Unfortunately I had to do it all over a period of a few days because my access to the computer is limited. When I started the steps Combofix was in and I ran it. Now it is out! I'll attach the log anyways.

.
.
.
SUPERAntiSpyware and Malwarebytes ran to completion. I've attached the logs.

Combofix ran and detected Rootkit activity. I had to restart the computer. After that it ran to completion.

RootRepeal had some problems.
1) The first error read something like:
Attempt to read error:
RP2401
or something along those lines. I apologize for not getting the exact error.
2) I clicked OK and then saw:
Error-on-disk corruption detected-run chkdsk!
3)There was also a window on the bottom right corner that said:
Windows - delayed write failed "Windows was unable to save all the data for the file F:/$mft.
4) That's when I realized this problem was related to my external Seagate FreeAgent backup drive. I looked over at it and noticed that it had shut itself off. I went ahead and unplugged it and and am planning on completely reformatting it and starting over with the backups later once this problem is solved unless you have some other suggestions. I don't want to get reinfected later so let me know if this is a problem!
5) After I shut the F drive off, I reran RootRepeal on the C Drive... no problems
6) BUT! Roxio Media Manager is now popping up constantly trying to install or configure. I try to cancel out of it but it keeps popping up. It gets stuck on a screen that says:
Roxio Media Manager
The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'Roxio Media Manager.msi' in the box below.

When I cancel out of that I get this window:
Please wait while Windows configures Roxio Media Manager.

I've tried restarting the computer to no avail. It keeps on trying to configure or install Roxio!

MGtools ran to completion.
.
.
.

The redirecting of google searches has stopped after I completed all of the steps. Yay! I figured that I was done and didn't need to contact you, but Avira has found a few problems during the scan last night and the scan that I forced today. (TR/Drop.Agent.blby, TR/Trash.Gen, TR/Patched.Gen) I've attached the Avira log through 1/18. Interesting, I just noticed that TR/Drop.Agent.blby is on the C:/MGtools.exe file so maybe this isn't a problem afer all! Not sure what the other two detections are.

Something I noticed that isn't in your steps... you don't ask us to make sure all of our Windows Updates are complete! I tried to update his computer, but it has problems with this update:

Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windwos Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (K..) and unfortunately I can't read the rest. More information can be found at http://go.microsoft.com/fwlink/?LinkID=127769

It doesn't really give me much information about why it can't be installed!

All right, I think that is all I have got. Work your voodoo Major Geek!

Muah!
Marcia

 

Sorry I didn't do post the rest last night. My thread wasn't showing up in my CP and I had to go to bed!

 

It doesn't look like these were attached to my first post so I am resending.

 

Ok thank you for your help!!

 

Kestrel13! thank you so much for your help!

I've downloaded new copies of ComboFix and MGTools and attached the requested logs. Sorry for the delay.

Marcia

 

Sorry for the delay. I have limited access to this computer.

I completed steps 1 -3. Avira runs a scan every night and has not discovered any other problems. My webpages are no longer being redirected. Everything looks good!

I am going to start implementing the "How to protect yourself from malware" sticky now.

Thank you so much for your help!! You - :major - are awesome!
Marcia