Random search sites

Hi,

Earlier today I removed ANTI-VIRUS PROTECTION with Malwarebytes Anit-Malware and it seemed to get rid of it, 4 files to be exact. However since then whenever I try to click on a link that's not entered directly into the address bar, several random search sites come up. Also, every once in a while I completely random website pops up, mostly, but not all of the time, it is a random pornography site. Please help! Here are my OTL logs:

OTL logfile created on: 4/30/2011 11:36:55 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\EricaUlrie\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 78.08 Gb Free Space | 69.91% Space Free | Partition Type: NTFS

Computer Name: ERICAULRIE-PC | User Name: EricaUlrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 23:36:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\EricaUlrie\Downloads\OTL.com
PRC - [2011/04/30 17:12:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/01 17:07:43 | 000,442,024 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2011/04/01 17:07:39 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/27 22:29:18 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011/03/27 22:29:18 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/03/27 22:29:17 | 002,216,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/03/24 13:50:04 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/14 09:56:38 | 004,904,232 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010/11/25 01:38:00 | 015,234,928 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpyWareTerminator.exe
PRC - [2010/05/21 01:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 23:36:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\EricaUlrie\Downloads\OTL.com
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/27 22:29:18 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/26 08:09:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/27 22:29:18 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 B0 EB 90 27 06 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: casechanger@plugin:2.0.0.15


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 18:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 18:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/24 13:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 17:12:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 18:47:41 | 000,000,000 | ---D | M]

[2011/03/24 09:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Extensions
[2010/10/25 07:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Firefox\Profiles\jwi6nfga.default\extensions
[2011/04/29 13:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Firefox\Profiles\wclu79st.default\extensions
[2010/12/26 20:31:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Firefox\Profiles\wclu79st.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/22 16:43:51 | 000,000,000 | ---D | M] (Case Changer) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Firefox\Profiles\wclu79st.default\extensions\casechanger@plugin
[2011/04/22 16:17:47 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\EricaUlrie\AppData\Roaming\Mozilla\Firefox\Profiles\wclu79st.default\extensions\chachaguidebar@chacha.com
[2011/04/22 16:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 14:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/26 20:31:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/18 18:41:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/18 18:41:16 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/03/24 13:50:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/12/26 20:31:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/25 12:58:18 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5

[2011/04/08 17:22:42 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 20:59:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/04/30 20:58:30 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/04/30 20:48:31 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\DriverNavigator Scheduled Scan.job
[2011/04/30 20:48:30 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\DriverNavigator.lnk
[2011/04/30 17:45:45 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gaicrcyu.sys
[2011/04/30 17:40:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 14:37:25 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/28 00:28:40 | 000,001,017 | ---- | C] () -- C:\Users\EricaUlrie\Desktop\CRON-O-METER.lnk
[2011/04/28 00:27:40 | 008,504,404 | ---- | C] () -- C:\Users\EricaUlrie\Desktop\CRONOMETER-setup-0.9.6.exe
[2011/04/25 00:14:29 | 000,002,261 | ---- | C] () -- C:\Users\EricaUlrie\Documents\My Movie.wlmp
[2011/04/20 17:03:58 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/04/20 17:01:44 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/04/20 17:01:28 | 000,000,020 | ---- | C] () -- C:\Windows\Xôª
[2011/04/08 17:22:42 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2011/03/27 22:29:18 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011/03/18 19:43:17 | 000,087,608 | ---- | C] () -- C:\Users\EricaUlrie\AppData\Roaming\inst.exe
[2011/03/18 19:43:17 | 000,007,887 | ---- | C] () -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.cat
[2011/03/18 19:43:17 | 000,001,144 | ---- | C] () -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.inf
[2011/03/18 19:38:54 | 000,001,044 | ---- | C] () -- C:\Users\EricaUlrie\AppData\Roaming\vso_ts_preview.xml
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,289,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 18:26:33 | 000,000,221 | -HS- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/28 00:28:08 | 008,504,404 | ---- | M] () -- C:\Users\EricaUlrie\Desktop\CRONOMETER-setup-0.9.6.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/30 17:12:12 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/30 17:12:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/30 17:12:13 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/30 17:12:14 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/27 18:09:49 | 000,000,402 | -HS- | M] () -- C:\Users\EricaUlrie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/26 20:31:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\Windows\System32\deployJava1.dll
[2011/03/16 18:16:43 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011/03/16 18:16:43 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 16:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/13 20:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 16:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 16:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 16:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 16:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 16:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 16:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 16:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 16:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 16:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 16:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 16:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 16:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 16:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 16:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2011/03/02 22:31:32 | 002,331,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/30 22:26:04 | 2312,110,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 22:26:04 | 3082,813,440 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2011/03/20 16:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\Actual Title Buttons
[2010/11/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/01/12 12:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Air Mouse
[2010/12/19 21:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/03/27 22:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/04/21 03:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Avidemux 2.5
[2011/04/29 14:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011/02/05 18:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2011/01/15 01:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/12/12 12:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\ChaCha MoneyTrack
[2011/04/30 23:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/03/16 18:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Computer Requirements
[2011/04/28 00:28:40 | 000,000,000 | ---D | M] -- C:\Program Files\CRON-O-METER
[2011/01/25 21:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Data Doctor Recovery - SIM Card (Demo)
[2011/04/30 18:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/14 02:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD

Maker
[2011/04/30 20:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Easeware
[2011/03/27 22:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/26 00:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2011/04/30 23:03:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/24 21:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/03/16 18:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/19 22:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/19 22:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/25 15:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\iWin
[2011/04/25 11:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\jahPlayer
[2011/01/13 14:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/01/13 14:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2011/04/30 19:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/14 02:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/04/22 00:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/04/20 17:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/25 18:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/30 17:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/04/24 03:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/04/25 11:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\OpenLibraries
[2011/01/13 14:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/19 21:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/03/04 11:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\RapidTyping
[2011/03/24 13:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/05 12:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Music 3
[2011/04/30 23:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Terminator
[2011/01/15 01:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Stanza
[2011/04/30 22:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/04/30 23:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2011/04/08 17:22:41 | 000,000,000 | ---D | M] -- C:\Program Files\Tracker Software
[2009/07/13 23:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/04 08:59:59 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/03/18 19:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 02:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/04/20 17:01:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/12/16 04:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/27 11:05:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/13 23:52:32 | 000,000,000 | ---D | M] -- C:\Program F

iles\Windows Portable Devices
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/02/03 09:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/10/30 19:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip

< %appdata%\*.* >
[2011/03/18 19:43:17 | 000,087,608 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\inst.exe
[2011/03/18 19:43:17 | 000,007,887 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.cat
[2011/03/18 19:43:17 | 000,001,144 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.inf
[2011/03/18 19:43:54 | 000,000,034 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.log
[2011/03/18 19:43:17 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\EricaUlrie\AppData\Roaming\pcouffin.sys
[2011/03/19 21:46:42 | 000,049,596 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\ReplayMusicLog.log
[2011/04/08 20:24:43 | 000,001,044 | ---- | M] () -- C:\Users\EricaUlrie\AppData\Roaming\vso_ts_preview.xml


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

OK, is there any other way for me to post my logs, it's not letting me post the full thing, sorry. It redirects me and says page cannot load or something. The only way I've been able to post is to cut and paste the message to get shorter. Sorry. Please help

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I am unable to run combofix, I renamed it but everytime I try to load it I get a blue screen and my system restarts.

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

Here it is:

aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 14:32:56
-----------------------------
14:32:56.881 OS Version: Windows 6.1.7600
14:32:56.882 Number of processors: 1 586 0xF0D
14:32:56.883 ComputerName: ERICAULRIE-PC UserName: EricaUlrie
14:32:57.925 Initialize success
14:33:15.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:33:15.247 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 11
14:33:17.250 Disk 0 MBR read successfully
14:33:17.253 Disk 0 MBR scan
14:33:17.256 Disk 0 TDL4@MBR code has been found
14:33:17.259 Disk 0 Windows 7 default MBR code found via API
14:33:17.265 Disk 0 MBR hidden
14:33:17.269 Disk 0 MBR [TDL4] **ROOTKIT**
14:33:17.275 Disk 0 trace - called modules:
14:33:17.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860d14f0]<<
14:33:17.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85316ac8]
14:33:17.290 3 CLASSPNP.SYS[8ab9959e] -> nt!IofCallDriver -> [0x85bee350]
14:33:17.295 5 ACPI.sys[8301b3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x85254908]
14:33:17.300 \Driver\atapi[0x85316890] -> IRP_MJ_CREATE -> 0x860d14f0
14:33:17.642 Scan finished successfully
14:34:04.206 Disk 0 MBR has been saved successfully to "C:\Users\EricaUlrie\Desktop\MBR.dat"
14:34:04.213 The log file has been saved successfully to "C:\Users\EricaUlrie\Desktop\aswMBR.txt"

Hello.
Do you have your XP disc?

I actually use windows 7 now, and I think I have it somewhere around here.

Sorry, meant w7, it was late last night and I thought it was XP.

Put the Windows 7 installation disc in the disc drive, and then reboot the computer, as we need to boot from the CD.

1, Press a key when you are prompted.
2. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
3. Click Repair your computer.
4. Click the operating system that you want to repair, and then click Next.
4. In the System Recovery Options dialog box, click Command Prompt.
5. Type in this command

bootrec.exe /fixmbr

Then press ENTER.
You may be prompted with a yes/no option, if so, type in yes (or Y) and hit enter again.

After that, reboot the machine again, take the CD out and back to the OS, and re-run aswMBR and lets see if that fixed it.

I did what you said and it said it was completed successfully. However now my computer won't even boot up, as soon as it starts it goes to the blue screen and shuts off. Looks like it may be time to start saving up for a new laptop *sigh*. At least I have my PC still.