I looked at the processes running under ctrl-alt-del and noticed that the file "776546.exe" was usually running prior to a popup and taking about 7-14k of memory. This file now starts up whenever I start my computer, despite unchecking it under msconfig. For awhile a second file, "HV7-CE6F" or something would also come up after the pop up window had opened. AVG scans overlooked these files or sometimes caught them around the c:/documents and settings/win32 area but they never got removed from my system.
This has been going on for about 6 months now (I really should have taken care of this earlier, I know!). The popups don't come up any more after I blocked the site they were redirecting to in IE, but I am still really worried about what this might be doing to my computer.
My AVG has also uncovered and virus-vaulted other trojans like i-783.exe which I saw on another post in the forums.
I've also been having problems on my flash drive and external HD, which are both included in the OTS scan. I plugged my external HD into my friend's computer in order to watch some movies, and afterward she also had the 776546.exe running and the same popups occuring on her computer!
I really need to fix this for myself and for the wonderful girl whose computer I infected. Your help is greatly appreciated!
Here are my OTS and RootRepeal files. In the RootRepeal file, you can see Chinese characters in the file names of some of the harmful files.
Thanks a lot!