Having issues with my browser and some type of malware

[jholland1964]

After the reboot I got two rundll errors for two separate entries,

do you know the full wording of those errors?
This computer really is or was (hopefully much of it is gone) full of nasty stuff. The errors may be to some of those removed.

Do this, update MBA-M again and reboot to safe mode and run a full scan with it. Allow it to fix what ever is found. Save the log and post it back here.

[pyl2os]

Ok I will do that and I am also getting a security warning on McAfree, my virus protector, that warns against a potentially unwanted program that is called Tool-NirCmd. Do you know anything about this program and is it actually harmful or only being picked up as harmful because I did a little search and it didn't seem like it was. Anyway I am going to run that scan and I will post it for you in the morning. Thanks again.

[jholland1964]

Ok I will do that and I am also getting a security warning on McAfree, my virus protector, that warns against a potentially unwanted program that is called Tool-NirCmd. Do you know anything about this program and is it actually harmful or only being picked up as harmful because I did a little search and it didn't seem like it was. Anyway I am going to run that scan and I will post it for you in the morning. Thanks again.

Don't worry about that it is a false positive probably citing combofix.

Once you complete the MBA-M scan. Reboot the computer and come there and post that log.

Then run HiJackThis again.
Place check marks next to the following entries if they still exist:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan. Post back here with that log.

[pyl2os]

Ok here is the MWB log you requested:

Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 3

12/9/2008 7:29:50 AM
mbam-log-2008-12-09 (07-29-50).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Objects scanned: 186716
Time elapsed: 1 hour(s), 56 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Also I didn't get those rundll errors nor that McAfree alert again on reboot. I will run HJT now and post it back to you as soon as I can...I have to go to work though so hopefully sometime after 3EST