I've ran SpyBot and the quick scan on Malwarebytes. Could you analyze my log file, attached and pasted below, from Hijackthis? - Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:52 AM, on 9/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sdman.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charlotteobserver.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.43 access.certc.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.42 access.tstsb.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-606747145-179605362-839522115-1000\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HelpAssistant')
O4 - S-1-5-21-606747145-179605362-839522115-1000 Startup: CleanupNortelVPN.bat (User 'HelpAssistant')
O4 - S-1-5-21-606747145-179605362-839522115-1000 User Startup: CleanupNortelVPN.bat (User 'HelpAssistant')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.agentware.net
O15 - Trusted Zone: *.cibt.com
O15 - Trusted Zone: *.etraveladisories.com
O15 - Trusted Zone: *.getthere.com
O15 - Trusted Zone: *.onthesnow.com
O15 - Trusted Zone: *.pathlore.net
O15 - Trusted Zone: *.portpromotions.com
O15 - Trusted Zone: *.sabre.com
O15 - Trusted Zone: *.sabreconsolidator.com
O15 - Trusted Zone: *.softvoyage.com
O15 - Trusted Zone: *.theluggageclub.com
O15 - Trusted Zone: *.travelpn.com
O15 - Trusted Zone: *.travisa.com
O15 - Trusted Zone: *.vacationstudio.net
O15 - Trusted Zone: *.vaxvacationaccess.com
O15 - Trusted Zone: *.virtuallythere.com
O15 - Trusted Zone: *.vtitin.com
O15 - Trusted Zone: *.wcities.com
O15 - Trusted Zone: *.wctravel.com
O15 - Trusted Zone: *.wellwishers.com
O15 - Trusted Zone: *.whatsonwhen.com
O15 - Trusted Zone: *.worktopia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://23touchpointssupport.webex.com/client/T27L10NSP11EP5/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
--
End of file - 8881 bytes
Malwarebytes. Update and run weekly to keep your system clean
