Help with random spyware add pop ups

my friend recommended me to this forum for help. i get random pop up adds for varius "antivirus" scanners that i know are spyware. and before, firefox wouldnt load anything. internet explorer loaded, but firefox didnt. this is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:35 PM, on 4/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\vsralgxq\dkxwzknc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\updater\explorer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Dubesinhower\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\xifclqne.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\Dubesinhower\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\DUBESI~1\AppData\Local\Temp\ir_ext_temp_51\autorun.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: {b1f980f0-da90-6eeb-8b24-9f11b68636c6} - {6c63686b-11f9-42b8-bee6-09ad0f089f1b} - C:\Windows\system32\vqkopffp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [967902d2] rundll32.exe "C:\Windows\system32\xxcfbdhh.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvvv.dll,#1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dubesinhower\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [cyymeexb] C:\Windows\system32\xifclqne.exe
O4 - HKLM\..\Policies\Explorer\Run: [NSIRngL25d] C:\ProgramData\vsralgxq\dkxwzknc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:\Users\Dubesinhower\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{070C09AC-E0C9-425E-8B99-29BDDE7D1E7D}: Domain = MSHOME.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C29D083-B367-4B5F-B940-41E773FFDB57}: NameServer = 68.87.71.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{070C09AC-E0C9-425E-8B99-29BDDE7D1E7D}: Domain = MSHOME.NET
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O21 - SSODL: omlbpkaw - {DF3A7B7B-7B27-4EDA-9F0E-DA19E5969826} - C:\Windows\omlbpkaw.dll
O21 - SSODL: pmsoarbf - {1C9DE080-4F6F-47CD-B8DA-86BE0738053F} - C:\Windows\pmsoarbf.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 9969 bytes

thanks for the help.

Welcome to Devshed

Please follow the steps HERE and post a new HJT log with the other logs you will have after you compleate the steps.

heres my mbam log. ill be running superantispyware now.

Malwarebytes' Anti-Malware 1.10
Database version: 586

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 208351
Time elapsed: 1 hour(s), 2 minute(s), 6 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
C:\Windows\System32\xifclqne.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\ProgramData\vsralgxq\dkxwzknc.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\luapvs.tchongabho (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msram.tchongabho (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\luapvs.TCHONGABHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msram.TCHONGABHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\xifclqne.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\vsralgxq\dkxwzknc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Dubesinhower\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
rundll32.exe (Trojan.Agent) -> Delete on reboot.

heres the sas log:

SUPERAntiSpyware Scan Log

Generated 04/19/2008 at 05:17 PM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1434

Scan type : Complete Scan
Total Scan Time : 00:22:45

Memory items scanned : 754
Memory threats detected : 0
Registry items scanned : 7689
Registry threats detected : 0
File items scanned : 22110
File threats detected : 5

Trojan.Multi-Dropper/Gen
C:\WINDOWS\NPQTSRAK.EXE
C:\WINDOWS\RTQMEKWG.EXE

Adware.Vundo-Variant/J
C:\WINDOWS\OMLBPKAW.DLL
C:\WINDOWS\PMSOARBF.DLL

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\GEBTSIXU.DLL

Doing good now on to the next step. Since you use Vista you need to start IE by right clicking on the IE icon and choosing 'Run as Administrator' for it to work.

I will be looking forward to the rest of your logs.

got the bd log:

BitDefender Online Scanner

Scan report generated at: Sat, Apr 19, 2008 - 18:46:34

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics

Time


01:17:28

Files


490854

Folders


20182

Boot Sectors


7

Archives


3492

Packed Files


20686







Results

Identified Viruses


2

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


3







Engines Info

Virus Definitions


1165724

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\Half Life\gearbox\DQ2249.ICD


Infected with: Trojan.Agent.AGVK

C:\Program Files\Half Life\gearbox\DQ2249.ICD


Deleted

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar=>Novation.Bass-Station.VSTi.v1.10-H2O\Setup.rar=>nbst11kg.exe


Infected with: Trojan.Packed.5294

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar=>Novation.Bass-Station.VSTi.v1.10-H2O\Setup.rar=>nbst11kg.exe


Deleted

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar=>Novation.Bass-Station.VSTi.v1.10-H2O\Setup.rar


Update failed

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar=>Novation.Bass-Station.VSTi.v1.10-H2O\nbst11kg.exe


Infected with: Trojan.Packed.5294

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar=>Novation.Bass-Station.VSTi.v1.10-H2O\nbst11kg.exe


Deleted

C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\2_Novation Bass-Station Vsti v1.10-h2O.rar


Update failed

and another hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:21 PM, on 4/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\updater\explorer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Users\Dubesinhower\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\Dubesinhower\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DUBESI~1\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [967902d2] rundll32.exe "C:\Windows\system32\xxcfbdhh.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dubesinhower\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [cyymeexb] C:\Windows\system32\xifclqne.exe
O4 - HKCU\..\Run: [odvpjmlx] C:\Windows\system32\bqxojylk.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [NSIRngL25d] C:\ProgramData\vsralgxq\dkxwzknc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:\Users\Dubesinhower\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - HKLM\System\CCS\Services\Tcpip\..\{070C09AC-E0C9-425E-8B99-29BDDE7D1E7D}: Domain = MSHOME.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C29D083-B367-4B5F-B940-41E773FFDB57}: NameServer = 68.87.71.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{070C09AC-E0C9-425E-8B99-29BDDE7D1E7D}: Domain = MSHOME.NET
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: omlbpkaw - {DF3A7B7B-7B27-4EDA-9F0E-DA19E5969826} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {1C9DE080-4F6F-47CD-B8DA-86BE0738053F} - C:\Windows\pmsoarbf.dll (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 10142 bytes

and finally the uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AGEIA PhysX v7.09.13
AIM 6
AIM MusicLink 2.0.0.4
America's Army
AMX Mod X Installer 1.8.0
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Aspell English Dictionary-0.50-2
AVerMedia A180 PCI ATSC AVerTVHD 3.5.0.56
AVerMedia AVerTVHD MCE A180 3.5.0.47
AVerTV
Azureus Vuze
CCleaner (remove only)
CDDRV_Installer
Classic Doom 3 1.3.1
Collab
Color LaserJet 2600n
Condition Zero
Condition Zero Deleted Scenes
Counter-Strike
Counter-Strike: Source
Crysis(R)
Day of Defeat
Day of Defeat: Source
Dedicated Server
DivX Content Uploader
DivX Web Player
Doom 3
EVEREST Ultimate v4.20.1241 + Corporate Edition + Debug Beta Re
FL Studio 8
Fraps
Futuremark SystemInfo
Garry's Mod
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
Host OpenAL (ADI)
IL Download Manager
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
JMB36X Raid Configurer
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
KhalInstallWrapper
LimeWire PRO 4.15.0
Logitech Desktop Messenger
Logitech SetPoint
Magic ISO Maker v5.4 (build 0256)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Halo
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Morrowind
Mozilla Firefox (2.0.0.12)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Nero 8 Demo
neroxml
NVIDIA Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.9
PeerGuardian 2.0
PoiZone
PowerISO
Project64 1.6
PunkBuster Services
Python 2.5.1
Quake
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Spybot - Search & Destroy
Steam(TM)
SUPERAntiSpyware Free Edition
System Requirements Lab
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
ToxicIII
UltraMon
Unofficial Oblivion Patch v2.2.0
Unreal Tournament 3
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
VCRedistSetup
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6d
WIDI Recognition System Pro 3.3 (remove only)
Winamp
WinRAR archiver
World of Warcraft
wxPython 2.8.7.1 (ansi) for Python 2.5
Xfire (remove only)
YouTube Uploader
ZDaemon (remove only)

Lets continue with repairs...

Open HJT"Rightclick and run as Administrator" and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
O4 - HKLM\..\Run: [967902d2] rundll32.exe "C:\Windows\system32\xxcfbdhh.dll",b
O4 - HKCU\..\Run: [cyymeexb] C:\Windows\system32\xifclqne.exe
O4 - HKCU\..\Run: [odvpjmlx] C:\Windows\system32\bqxojylk.exe
O21 - SSODL: omlbpkaw - {DF3A7B7B-7B27-4EDA-9F0E-DA19E5969826} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {1C9DE080-4F6F-47CD-B8DA-86BE0738053F} - C:\Windows\pmsoarbf.dll (file missing)

Close all windows and browsers except HJT and click fix checked.

NEXT

Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.



Make sure any antivirus or protective software is disabled.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html


Right click on the Icon and choose Run as Administrator to run it, and follow the prompts.





Notes:
When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post the log it produces.