Walmart/Facebook Gift Virus

I have the Walmart Gift virus that pops up on both Firefox and IE. As well, I'm unable to access the Windows Update website anymore. I've run OTL and have included the Mediafire links to the OTL & Extras logs. What do I have to do to fix this?

Extras.txt: http://www.mediafire.com/?7reh4or0xo3ndny

OTL.txt: http://www.mediafire.com/?obm8cssff8hutrd

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6308

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2011 8:02:15 AM
mbam-log-2011-04-08 (08-02-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 263204
Time elapsed: 51 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 11-04-14.03 - Anson 04/15/2011 18:53:51.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1750 [GMT -4:00]
Running from: c:\documents and settings\Anson\Desktop\Combo-Fix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Adobe Systems
c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses\B2B86000.dat
c:\documents and settings\Anson\WINDOWS
C:\Install.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\muzapp.exe
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 22:17 . 2011-04-15 22:24 -------- d-----w- C:\Combo-Fix
2011-04-09 23:42 . 2011-04-09 23:42 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 10:43 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 10:42 . 2011-04-08 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 10:42 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 23:37 . 2011-04-07 23:37 -------- d-----w- c:\program files\ESET
2011-04-04 01:19 . 2011-04-04 01:19 -------- d-----w- c:\documents and settings\Anson\Local Settings\Application Data\AVG Security Toolbar
2011-04-04 01:13 . 2011-04-04 01:13 -------- d-----w- c:\documents and settings\Anson\Application Data\AVG10
2011-04-04 01:09 . 2011-04-15 21:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-04 01:09 . 2011-04-04 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-04 00:50 . 2011-04-04 00:50 163270584 ----a-w- c:\temp\AVG\avg_isct_x86_all_2011_1209a3533.exe
2011-04-04 00:49 . 2011-04-04 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-04 00:32 . 2011-04-04 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2011-04-04 00:07 . 2011-04-04 00:09 -------- dc-h--w- c:\windows\ie8
2011-04-03 20:59 . 2011-04-03 21:00 125832448 ----a-w- c:\temp\Ad-Aware90Install_2011-04-01.exe
2011-04-03 20:58 . 2011-04-15 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-03 20:58 . 2011-04-03 20:58 -------- d-----w- c:\program files\STOPzilla!
2011-04-03 20:58 . 2011-04-03 20:58 -------- d-----w- c:\program files\Common Files\iS3
2011-04-02 19:59 . 2011-04-02 19:59 -------- d-----w- c:\documents and settings\Anson\Local Settings\Application Data\Mozilla
2011-04-02 12:59 . 2011-04-04 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-02 12:53 . 2011-04-02 12:53 -------- d-----w- c:\documents and settings\Anson\Application Data\Malwarebytes
2011-04-02 12:53 . 2011-04-02 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-01 22:26 . 2011-04-01 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 20:13 . 2011-03-31 20:13 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-03-31 20:13 . 2011-03-31 20:13 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-03-31 20:13 . 2011-03-31 20:13 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-03-31 20:13 . 2011-03-31 20:13 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-03-31 20:13 . 2011-03-31 20:13 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-03-31 20:13 . 2011-03-31 20:13 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-03-31 20:13 . 2011-03-31 20:13 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-03-31 20:13 . 2011-03-31 20:13 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-03-31 20:13 . 2011-03-31 20:13 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-03-31 20:13 . 2011-03-31 20:13 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-03-31 20:13 . 2011-03-31 20:13 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-03-31 20:13 . 2011-03-31 20:13 738768 ----a-r- c:\windows\system32\IS3Base5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 00:34 . 2010-09-26 17:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-04-22 13:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2007-07-08 01:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2007-01-16 22:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 04:16 . 2011-01-30 04:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-01-29 22:00 . 2011-03-06 01:50 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-29 22:00 . 2011-01-29 22:00 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 22:00 . 2011-01-29 22:00 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 22:00 . 2011-01-29 22:00 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-01-29 22:00 . 2011-01-29 22:00 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-01-29 22:00 . 2011-01-29 22:00 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 22:00 . 2011-01-29 22:00 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-01-29 22:00 . 2011-01-29 22:00 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-01-29 22:00 . 2011-01-29 22:00 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-01-29 22:00 . 2011-01-29 22:00 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-29 22:00 . 2011-01-29 22:00 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-01-29 22:00 . 2011-01-29 22:00 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-01-29 22:00 . 2011-01-29 22:00 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-01-29 22:00 . 2011-01-29 22:00 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-01-29 22:00 . 2011-01-29 22:00 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-01-29 22:00 . 2011-01-29 22:00 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-01-29 22:00 . 2011-01-29 22:00 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-01-29 22:00 . 2011-01-29 22:00 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-01-29 22:00 . 2011-01-29 22:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-01-29 22:00 . 2011-01-29 22:00 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-01-29 22:00 . 2011-01-29 22:00 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-01-29 22:00 . 2011-01-29 22:00 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-01-29 22:00 . 2011-01-29 22:00 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-01-29 22:00 . 2011-01-29 22:00 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-01-27 11:57 . 2007-01-16 22:16 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2004-10-01 20:00 . 2007-01-16 23:09 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-03-18 17:53 . 2011-04-02 19:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-07-12 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-12 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-11 2048000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-05-22 151552]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-26 75048]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\Sierra\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Temp\\Progs\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 299984]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/12/20 17:45];c:\program files\CyberLink\PowerDVD8\000.fcl [8/28/2009 7:36 PM 87536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 26192]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
FF - ProfilePath - c:\documents and settings\Anson\Application Data\Mozilla\Firefox\Profiles\dhlbjqzv.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/?p=us
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d991af5&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
Notify-TPSvc - TPSvc.dll
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,b7,cb,5d,31,9c,fa,8f,2b,86,e9,4c,1c,46,68,b3,dc,0c,be,71,c6,85,0c,
df,98,3a,42,96,d5,37,03,67,9b,a0,c7,41,c9,8b,40,87,98,f3,cc,56,05,43,10,ec,\
"??"=hex:fc,bb,e5,89,2d,1d,22,f4,e3,c5,b3,6c,8c,bf,99,19
.
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3b,03,fa,7e,7c,dd,be,62,be,ab,65,57,fc,87,49,6e,d8,51,7e,76,f7,
87,1b,77,38,9a,3b,80,4c,1b,ad,96,aa,f0,2b,de,8e,2f,5e,6e,fb,c5,c1,c5,a9,01,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(452)
c:\windows\system32\NavLogon.dll
.
Completion time: 2011-04-15 19:02:22
ComboFix-quarantined-files.txt 2011-04-15 23:02
.
Pre-Run: 92,625,612,800 bytes free
Post-Run: 92,616,454,144 bytes free
.
- - End Of File - - 621A8776E837568BC15141E55682D8B7

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=62cca46d1ec9d6449ae8bd9a609279e5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-16 10:44:03
# local_time=2011-04-16 06:44:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 684608 684608 0 0
# scanned=106261
# found=0
# cleaned=0
# scan_time=3401

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Adobe Reader 9.4.3

Your Java needs updating!

• Please go to Start > Control Panel, click on Java.
  
• When the Java control panel opens, go into the Update tab.
  
• At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  
• Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  
• Untick the box for installing the Yahoo Toolbar when asked.
  

Then download and install Adobe Reader X

How is the machine running now?

Well, after running ComboFix, the computer is running fine now, except for the pop-up blocker not working. No more Walmart popups, no more Google hijacking. Java was just updated a day after the log.

Are you using Firefox + AdBlock Plus?

Haven't downloaded AdBlock Plus, I'll try it out