clean up my pc, post av suite removal issues

ok so a while ago i got that stupid av security suite rogue everyone was getting. i got rid of most of the issues, but i still get pop ups and google redirects. i dealt with those but now i got banned from a site i use a lot because they said i tried to post a link, which i didnt so i think i got some left over issues. i'd just like to get these taken care of for piece of mind/make sure my pc is running smoothly. so please advise me on anything i need to download/post to get this all wrapped up! ty in advance

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 8/7/2010 10:18:12 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 3.83 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 23.64 Gb Free Space | 31.72% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REDXP
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 22:17:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
PRC - [2010/07/21 23:40:23 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 19:08:42 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 19:08:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/19 19:08:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/19 19:08:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 19:08:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/19 19:08:36 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/07/09 16:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/03/11 01:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/06/06 02:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 02:31:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
PRC - [2008/06/06 02:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/01/09 13:43:38 | 000,401,408 | ---- | M] () -- C:\Program Files\ALIRAID\ALiRaid.exe
PRC - [2002/12/03 21:06:52 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 22:17:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2010/07/19 19:08:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/06/06 02:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 02:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 02:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/03/03 16:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joe\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/19 19:08:42 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/19 19:08:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 22:04:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/23 02:47:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/15 00:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/07 21:18:26 | 001,017,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/17 04:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 04:06:50 | 000,102,400 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/04/07 04:06:50 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/07 04:06:50 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/08/04 01:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/08/04 01:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2004/08/04 01:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2004/08/04 01:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2004/08/04 01:29:30 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2004/08/04 01:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/06/23 21:36:20 | 000,371,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/02/24 16:17:10 | 000,904,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/02/23 19:16:10 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/01/15 14:55:22 | 000,049,357 | ---- | M] (ALi Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\m5281.sys -- (m5281)
DRV - [2004/01/08 00:29:34 | 000,044,925 | ---- | M] (ALi Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\m5228.sys -- (m5228)
DRV - [2003/10/21 21:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/10/14 15:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/10/13 21:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/10/08 14:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/10/08 14:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/10/08 14:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/26 06:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/05 19:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2002/03/04 09:18:10 | 000,161,681 | R--- | M] (Gilat Satellite Networks Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gssNic.sys -- (GSSUSB)
DRV - [2001/12/14 14:22:30 | 000,933,818 | R--- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winacusb.sys -- (Winacusb)
DRV - [2001/08/21 14:48:14 | 000,020,133 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itsernum.sys -- (itsernum)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/08/30 22:49:56 | 000,003,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ITEIO.SYS -- (iteio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://register.starband.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/20 17:41:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 23:40:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 23:40:34 | 000,000,000 | ---D | M]

[2009/08/12 04:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2010/07/07 21:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\2vmklbu7.default\extensions
[2009/11/23 02:47:07 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\2vmklbu7.default\searchplugins\daemon-search.xml
[2010/08/05 23:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 02:22:02 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/04 19:15:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ALiRaid] C:\Program Files\ALIRAID\ALiRaid.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CMCService] C:\Program Files\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

ok its doing the same darn thing as last time. not letting me post any more of the log no matter how short i make it. did this last time too

Hello.
Can you attach the logs instead?

lets see...

tried to attach it but it says uploaded file not valid...

Please upload the logs to rapidshare.com then.

ok i ran otl again for a fresh log. it did not give me an extras.txt. here is the link for the otl log on rapidshare

http://rapidshare.com/files/411828510/OTL.Txt
MD5: 5998183FF68C3E997FF3A23F34C22D6E

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

no malicious files were found

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/8/2010 7:35:45 PM
mbam-log-2010-08-08 (19-35-45).txt

Scan type: Quick scan
Objects scanned: 158336
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ok well i've not run combofix yet but my latest avg virus scan showed something was infected... C:\Windows\system32\csrss.exe(660), and C:\Windows\system32\csrss.exe(660)memory_00270000. both with Trojan Horse Generic18.BLLP... could this be my issue? and i tried to get rid of all unhealed infections but avg said it was inaccessible :sad:

Don't worry about it, just run Combofix, cause I need to know what is going on here.

ok, heres the combofix log

ComboFix 10-08-17.04 - Joe 08/18/2010 22:25:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1496 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-07-20 21:41 . 2010-07-20 21:41 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 21:41 . 2010-07-20 21:41 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 21:41 . 2010-07-20 21:41 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-20 21:41 . 2010-07-20 21:41 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 19:58 . 2004-05-16 14:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 20:55 . 2010-04-13 03:30 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2010-07-22 02:01 . 2009-08-17 01:55 -------- d-----w- c:\documents and settings\Joe\Application Data\uTorrent
2010-07-19 23:08 . 2010-07-19 23:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-19 23:08 . 2010-07-19 23:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-19 23:08 . 2009-08-12 09:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 23:08 . 2010-07-19 23:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 23:08 . 2009-08-12 09:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-19 23:08 . 2010-07-19 23:08 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-19 23:08 . 2010-07-19 23:08 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-19 23:08 . 2010-07-19 23:08 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-19 23:08 . 2010-07-19 23:08 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-08 01:51 . 2010-07-07 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-07 18:38 . 2010-07-07 18:38 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-06 23:01 . 2009-08-12 10:02 -------- d-----w- c:\program files\Electronic Arts
2010-07-06 23:00 . 2004-05-15 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 05:34 . 2010-07-04 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-26 16:10 . 2010-04-20 03:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-24 04:40 . 2010-06-24 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 03:11 . 2010-06-24 03:11 388096 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-24 02:39 . 2010-06-24 02:39 1152444 ----a-w- c:\windows\is-F9O56.tmp
2010-06-11 03:43 . 2010-05-19 03:14 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 03:43 . 2010-06-11 03:43 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 03:42 . 2010-05-19 03:13 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 03:42 . 2010-05-19 03:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-04 02:04 . 2009-08-12 09:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 18:09 . 2010-05-28 18:09 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-sse.dll
2010-05-28 18:09 . 2010-05-28 18:09 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcp71.dll
2010-05-28 18:09 . 2010-05-28 18:09 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\jmc.dll
2010-05-28 18:09 . 2010-05-28 18:09 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcr71.dll
2010-05-28 18:09 . 2010-05-28 18:09 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-04_23.15.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-07 18:38 . 2010-07-07 18:38 231888 c:\windows\system32\Macromed\flash\FlashUtil10h_Plugin.exe
+ 2009-07-18 03:21 . 2010-07-07 18:38 5612496 c:\windows\system32\Macromed\flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALiRaid"="c:\program files\ALIRAID\ALiRaid.exe" [2004-01-09 401408]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 23:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-10-06 22:57 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 17:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]
2007-04-19 21:00 125792 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- g:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Color Inkjet CP1700\\ToolBox\\HPWATBX.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Program Files\\BrightShadow\\BrightShadow.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58513:TCP"= 58513:TCP:Pando Media Booster
"58513:UDP"= 58513:UDP:Pando Media Booster

R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [5/15/2004 1:41 PM 44925]
R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [5/15/2004 1:41 PM 49357]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2009 5:02 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/12/2009 5:02 AM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 7:08 PM 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/12/2009 4:54 AM 24652]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 GSSUSB;Gilat SkyBlaster USB Adapter;c:\windows\system32\drivers\gssNic.sys [5/16/2004 7:05 AM 161681]
S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [5/16/2004 12:32 PM 3680]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\system32\drivers\itsernum.sys [5/16/2004 12:32 PM 20133]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [5/16/2004 12:28 PM 933818]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/23/2009 2:47 AM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-18 c:\windows\Tasks\Norton Security Scan for Joe.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-11 05:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://register.starband.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: {9F8EFC6E-3039-435B-AFDE-7D7F17129B90} = 24.25.5.148,24.25.5.147
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\2vmklbu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-484763869-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:a1,d8,a3,44,d5,54,a8,b0,41,bb,85,29,ca,51,99,17,c6,c3,b6,3d,e6,
b7,76,b1,48,1c,e5,62,9e,e3,79,79,af,d3,71,c4,cd,a7,58,b1,2a,f3,73,17,45,9b,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-18 22:32:30
ComboFix-quarantined-files.txt 2010-08-19 02:32
ComboFix2.txt 2010-07-04 23:17

Pre-Run: 3,832,057,856 bytes free
Post-Run: 3,822,235,648 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 48B47642D31CAFF0E43A7645858152BE

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 21, 2010 11:32:30
Records in database: 4131719
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 306959
Threats found: 20
Infected objects found: 32
Suspicious objects found: 0
Scan duration: 04:06:17


File name / Threat / Threats count
C:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\6.0\32\1d1fd060-5141d9a1 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\6.0\32\1d1fd060-5141d9a1 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\6.0\32\1d1fd060-5141d9a1 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EF24C9A Infected: not-a-virus:AdWare.Win32.Cydoor 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14F5795F Infected: not-a-virus:AdWare.Win32.PurityScan.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B0859AE Infected: Trojan-Downloader.Win32.Realtens.h 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4DD941E8 Infected: not-a-virus:AdWare.Win32.Cydoor 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\590D2759 Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61D85676 Infected: not-a-virus:AdWare.Win32.PurityScan.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71D95AE0 Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d 1
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ibncobaex\luhmmemtssd.exe.vir Infected: Trojan.Win32.FraudPack.ayki 1
C:\Updates\BearInst.exe Infected: not-a-virus:AdWare.Win32.OnFlow.c 2
C:\Updates\BearInst.exe Infected: Trojan.Win32.Genome.efwi 2
C:\Updates\BearInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aj 3
C:\Updates\DVD CD SOFTWARE\SetupCloneDVD.exe Infected: not-a-virus:AdWare.Win32.CommonName.aq 1
C:\Updates\DVDDecrypter\SetupCloneDVD.exe Infected: not-a-virus:AdWare.Win32.CommonName.aq 1
C:\Updates\Rock XP\RockXP.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 3
G:\_RESTORE\TEMP\A0279853.CPY Infected: not-a-virus:AdWare.Win32.CommonName.bv 1
G:\_RESTORE\TEMP\A0279878.CPY Infected: Trojan-Downloader.Win32.Delf.acqb 1
G:\_RESTORE\TEMP\A0279879.CPY Infected: Backdoor.Win32.Agobot.qnt 1
G:\_RESTORE\TEMP\A0279880.CPY Infected: not-a-virus:AdWare.Win32.CommonName.bn 1
G:\_RESTORE\TEMP\A0279882.CPY Infected: not-a-virus:AdWare.Win32.CommonName.bn 1
G:\_RESTORE\TEMP\A0279884.CPY Infected: not-a-virus:AdWare.Win32.CommonName.bn 1
G:\_RESTORE\ARCHIVE\FS106.CAB Infected: not-a-virus:AdWare.Win32.CommonName.by 1
G:\WINDOWS\TEMP\CloneCD 4.1 with serial key + Clony XXL (by sajjid)\SetupCloneCD.exe Infected: not-a-virus:AdWare.Win32.CommonName.bn 1
G:\WINDOWS\Temporary Internet Files\Content.IE5\PBOBCAZJ\popup[1].htm Infected: Trojan.JS.NoClose.c 1

Selected area has been scanned.

Hi.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Code:

  
:Files
C:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\6.0\32\1d1fd060-5141d9a1

:commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]


  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

ok, did that. now what?

Hi.

How is your computer running?

i'm still having annoying popups and redirects

Hi.

Could you please run ComboFix again and post the log here.

ComboFix 10-08-22.05 - Joe 08/23/2010 0:33.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1400 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-22 02:30 . 2010-08-22 02:30 -------- d-----w- C:\_OTL
2010-08-19 02:25 . 2010-08-19 02:32 -------- d-----w- C:\Combo-Fix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 19:59 . 2004-05-16 14:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 20:55 . 2010-04-13 03:30 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2010-07-22 02:01 . 2009-08-17 01:55 -------- d-----w- c:\documents and settings\Joe\Application Data\uTorrent
2010-07-19 23:08 . 2009-08-12 09:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 23:08 . 2010-07-19 23:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 23:08 . 2009-08-12 09:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 01:51 . 2010-07-07 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-07 18:38 . 2010-07-07 18:38 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-06 23:01 . 2009-08-12 10:02 -------- d-----w- c:\program files\Electronic Arts
2010-07-06 23:00 . 2004-05-15 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 05:34 . 2010-07-04 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-26 16:10 . 2010-04-20 03:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2010-06-24 15:34 . 2010-06-24 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-24 04:40 . 2010-06-24 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 03:11 . 2010-06-24 03:11 388096 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-11 03:43 . 2010-05-19 03:14 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 03:43 . 2010-06-11 03:43 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 03:43 . 2010-06-11 03:43 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 03:42 . 2010-06-11 03:42 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 03:42 . 2010-05-19 03:13 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 03:42 . 2010-05-19 03:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-04 02:04 . 2009-08-12 09:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 18:09 . 2010-05-28 18:09 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-sse.dll
2010-05-28 18:09 . 2010-05-28 18:09 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcp71.dll
2010-05-28 18:09 . 2010-05-28 18:09 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\jmc.dll
2010-05-28 18:09 . 2010-05-28 18:09 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-541e97d9-n\msvcr71.dll
2010-05-28 18:09 . 2010-05-28 18:09 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79285046-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-04_23.15.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 02:32 . 2010-08-22 02:32 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2010-07-07 18:38 . 2010-07-07 18:38 231888 c:\windows\system32\Macromed\flash\FlashUtil10h_Plugin.exe
+ 2009-07-18 03:21 . 2010-07-07 18:38 5612496 c:\windows\system32\Macromed\flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALiRaid"="c:\program files\ALIRAID\ALiRaid.exe" [2004-01-09 401408]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 23:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-10-06 22:57 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 17:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]
2007-04-19 21:00 125792 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- g:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Color Inkjet CP1700\\ToolBox\\HPWATBX.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Program Files\\BrightShadow\\BrightShadow.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58513:TCP"= 58513:TCP:Pando Media Booster
"58513:UDP"= 58513:UDP:Pando Media Booster

R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [5/15/2004 1:41 PM 44925]
R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [5/15/2004 1:41 PM 49357]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2009 5:02 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/12/2009 5:02 AM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 7:08 PM 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/12/2009 4:54 AM 24652]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 GSSUSB;Gilat SkyBlaster USB Adapter;c:\windows\system32\drivers\gssNic.sys [5/16/2004 7:05 AM 161681]
S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [5/16/2004 12:32 PM 3680]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\system32\drivers\itsernum.sys [5/16/2004 12:32 PM 20133]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [5/16/2004 12:28 PM 933818]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/23/2009 2:47 AM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-22 c:\windows\Tasks\Norton Security Scan for Joe.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-11 05:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://register.starband.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: {9F8EFC6E-3039-435B-AFDE-7D7F17129B90} = 24.25.5.148,24.25.5.147
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\2vmklbu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Joe\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 00:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-484763869-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:a1,d8,a3,44,d5,54,a8,b0,41,bb,85,29,ca,51,99,17,c6,c3,b6,3d,e6,
b7,76,b1,48,1c,e5,62,9e,e3,79,79,af,d3,71,c4,cd,a7,58,b1,2a,f3,73,17,45,9b,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\wbem\wbemprox.dll

- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-23 00:40:11
ComboFix-quarantined-files.txt 2010-08-23 04:40
ComboFix2.txt 2010-08-19 02:32
ComboFix3.txt 2010-07-04 23:17

Pre-Run: 3,796,082,688 bytes free
Post-Run: 3,788,054,528 bytes free

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 2A6977318090B33AD65B478AB80B3B22

Hi.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

0EF24C9A;C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine;Adware.Cydoor;Incurable.Moved.;
14F5795F;C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine;Trojan.PurityAd.origin;Incurable.;
4B0859AE;C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine;Adware.Downware;;
4DD941E8;C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine;Adware.Cydoor;;
61D85676;C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine;Trojan.PurityAd.origin;Incurable.;
luhmmemtssd.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ibncobaex;Probably Trojan.Packed.1435;;
A0279879.CPY;G:\_RESTORE\TEMP;Win32.HLLW.Agobot.50;Incurable.;
QMS.exe;G:\Program Files\Gilat\QMS;Probably DLOADER.Trojan;;
Srvany.exe;G:\Program Files\Flash Networks\NettGain2000\Bst;Program.SrvAny;;


i tried 'select all' then cure but it wouldnt let me. when i clicked select all the cure button was grayed out

Hi.

Please go to command prompt and type: ipconfig /flushdns

Please tell me how this process goes, if you need any further assistance with this instructions please ask.

flush thingy completed successfully. still having popups. i will run a full avg scan and post the results

"Scan ""Scan whole computer"" completed."
"Infections";"9";"6";"3"
"Information";"1"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, August 27, 2010, 1:05:31 AM"
"Scan finished:";"Friday, August 27, 2010, 2:02:19 AM (56 minute(s) 47 second(s))"
"Total object scanned:";"574522"
"User who launched the scan:";"Joe"

"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\system32\wuauclt.exe (2484):\memory_001b0000";"Trojan horse Adload_r.AKC";"Object is inaccessible."
"C:\WINDOWS\system32\wuauclt.exe (2484)";"Trojan horse Adload_r.AKC";""
"C:\WINDOWS\System32\svchost.exe (1096):\memory_001a0000";"Trojan horse Adload_r.AKC";"Object is inaccessible."
"C:\WINDOWS\System32\svchost.exe (1096)";"Trojan horse Adload_r.AKC";""
"C:\WINDOWS\Explorer.EXE (1884):\memory_001a0000";"Trojan horse Adload_r.AKC";"Object is inaccessible."
"C:\WINDOWS\Explorer.EXE (1884)";"Trojan horse Adload_r.AKC";""
"C:\System Volume Information\_restore{9FDC2660-E1F6-4F49-BAF9-F2ED6652D570}\RP541\A0148810.exe:\ns_00014";"Virus found Win32/Heur";"Deleted"
"C:\System Volume Information\_restore{9FDC2660-E1F6-4F49-BAF9-F2ED6652D570}\RP541\A0148810.exe:\ns_00002";"Virus found Win32/Heur";"Deleted"
"C:\System Volume Information\_restore{9FDC2660-E1F6-4F49-BAF9-F2ED6652D570}\RP541\A0148810.exe";"Virus found Win32/Heur";"Deleted"

"Information"
"File";"Information";"Result"
"C:\Updates\WINXPDrivers\OfficeXP\oxpsp1.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""

Hi.

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Browse for the following file path for the "File to upload & scan" box on the top of the page:
  
  
  • C:\WINDOWS\SYSTEM32\svchost.exe
    
  • C:\Windows\system32\wuauclt.exe
    
  • C:\windows\explorer.exe
  
  
  
• Click on the submit button
  
  
• Please post the results (URL) in your next reply.

http://virusscan.jotti.org/en/scanresult/773f3bae7087d105007ffd81742102f75b6cb903

http://virusscan.jotti.org/en/scanresult/39a720e2ae1c76729c239f390120e35578bd4bed

http://virusscan.jotti.org/en/scanresult/39a720e2ae1c76729c239f390120e35578bd4bed

still havin popups and redirects... this is getting ridiculous, right?

Hi.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

i'm having trouble with the gmer thing. i can get it to scan but when i try to save a log file my computer freezes

Hi.

After you complete this, please trying running GMER.

To disable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.