Yes this rogue extension “XULRunner” has cropped up before as a cause of redirection, etc. But essexboy has normally found that in the OTS log, but I don’t see any reference to XUL in his OTS fix.

Then again I don’t see any reference to UXL in your first attached OTS .txt file and I don’t know if combifix would detect it. What I did notice in the log was it appears you have a positively ancient version of avast and thunderbird. Are these versions reported in the registry correct, see below ?

HKLM\software\mozilla\Mozilla Firefox 3.0.11
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.18\

If the above are correct you aren’t doing yourself any favours as these old out of date version have vulnerabilities are exploited. So my recommendation is at the very earliest opportunity after you are clear to update to the latest versions.

So it looks like this may have occurred after the first OTS scan. I would suggest you download OTS again (to ensure you have the latest version and run it again and post the log.