Browser hijacked

Sorry for not getting back sooner.
Here's the results:

ComboFix 11-01-19.01 - Nicholas 01/24/2011 21:18:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.535 [GMT -5]
Running from: c:\documents and settings\Nicholas\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Nicholas\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\ijfhuyxl.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ijfhuyxl.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_syforamu


((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-19 23:32 . 2011-01-19 23:40 -------- d-----w- C:\Combo-Fix
2011-01-16 03:07 . 2011-01-16 03:07 -------- d-----w- C:\_OTL
2011-01-16 00:00 . 2011-01-16 00:00 -------- d-----w- c:\documents and settings\Administrator
2011-01-15 12:39 . 2011-01-15 12:39 64512 ----a-w- c:\windows\system32\drivers\SERIAL.SYS
2011-01-15 03:37 . 2011-01-15 03:37 388096 ----a-r- c:\documents and settings\Nicholas\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-15 03:37 . 2011-01-15 03:37 -------- d-----w- c:\program files\Trend Micro
2011-01-15 03:08 . 2011-01-15 03:08 -------- d-----w- C:\spoolerlogs
2011-01-15 02:45 . 2011-01-15 02:50 -------- d-----w- c:\documents and settings\Nicholas\Application Data\GetRightToGo
2011-01-15 02:10 . 2011-01-15 02:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-15 01:59 . 2011-01-15 12:39 -------- d-----w- c:\windows\system32\MpEngineStore
2011-01-12 03:47 . 2011-01-12 03:47 -------- d-----w- c:\program files\iPod
2011-01-12 03:47 . 2011-01-12 03:48 -------- d-----w- c:\program files\iTunes
2011-01-07 02:11 . 2011-01-07 02:11 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\CyberLink
2010-12-30 19:44 . 2010-12-30 19:44 -------- d-----w- c:\program files\Common Files\Java
2010-12-30 19:43 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-30 19:43 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-30 19:42 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-30 19:42 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-30 19:42 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-30 19:42 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-30 19:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-28 02:28 . 2010-12-29 15:45 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\CutePDF Writer
2010-12-27 19:00 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-27 19:00 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-27 19:00 . 2010-12-27 19:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-07-09 21:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-07-09 21:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2009-01-26 02:22 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 21:34 . 2009-01-31 19:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2002-08-29 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2002-08-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-01-26 02:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2002-08-29 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2009-01-26 02:51 389120 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2008-11-13 21:35 . 2009-01-31 19:39 525312 ----a-w- c:\program files\Everything Search Engine.exe
2008-06-19 15:37 . 2009-01-31 19:39 135168 ----a-w- c:\program files\ARDC Data Recovery Tools 1.1.exe
1999-10-31 03:54 . 2009-01-31 19:39 561152 ----a-w- c:\program files\Convert.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-19_23.39.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 02:23 . 2011-01-25 02:23 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-04 2937528]
"Google Update"="c:\documents and settings\Nicholas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-28 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-08-05 91432]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\Nicholas\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-27 3493264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 19:48 62760 ----a-w- c:\program files\Cyberlink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 22:32 87336 ------w- c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Documents and Settings\\Nicholas\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57463:TCP"= 57463:TCP:Pando Media Booster
"57463:UDP"= 57463:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/11/2009 8:58 PM 64288]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [4/5/2010 7:56 PM 33824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
S1 MpKsl32f06096;MpKsl32f06096;\??\c:\windows\system32\MpEngineStore\MpKsl32f06096.sys --> c:\windows\system32\MpEngineStore\MpKsl32f06096.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2010 9:26 PM 136176]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2011-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:58]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 22:21]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 22:21]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-796845957-725345543-1004Core.job
- c:\documents and settings\Nicholas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 22:21]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-796845957-725345543-1004UA.job
- c:\documents and settings\Nicholas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1<mpl=default<mplcache=2
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\6k9ojqm3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1<mpl=default<mplcache=2
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Nicholas\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 21:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-24 21:26:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-25 02:26
ComboFix2.txt 2011-01-19 23:40

Pre-Run: 34,837,434,368 bytes free
Post-Run: 34,767,097,856 bytes free

- - End Of File - - F25548EC155C285583135BFFD4E02898

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Here's the results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=c3fced4d3029524d8c273f82e84d9a9c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-26 03:25:01
# local_time=2011-01-25 10:25:01 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 28589 28589 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=61318
# found=0
# cleaned=0
# scan_time=3073

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 8.1.4
Coupon Printer for Windows

Then download and install Adobe Reader X