this is the hjt log
Logfile of HijackThis v1.99.1
Scan saved at 9:48:43 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system32\msmsger.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Weasel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoSrv - Unknown owner - C:\HCT\services\Sparta\AutoSrv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)

..and this is what i got after using bit defender

BitDefender Online Scanner - Real Time Virus ReportBitDefender Online
Scanner - Real Time Virus Report
Generated at: Tue, Feb 13, 2007 - 20:42:02
Scan Info
Scanned Files125395
Infected Files44
Virus Detected
DeepScan:Generic.Malware.SYBddldg.FC5740C25
DeepScan:Generic.Malware.SYddldg.C3B3C7F232
Trojan.Spy.VBStat.B2
Trojan.Juan.E2
DeepScan:Generic.Malware.G!I!!FLMWX!!Bg.AEE2DD361
MemScan:Trojan.Vundo.AA2

Hi, welcome to Safer Networking Forums!

*Since HijackThis creates backups of all it fixes and we want them safe and secured should they be required later, we need to move HijackThis to a permanent folder.

a.) While in your Desktop, right click in the background > Go to New > click Folder > Name the Folder HJT

b.) After creating the folder, find your HijackThis.exe (it looks like a detonator with some dynamites). Then, drag and drop that file to the new folder you created.

*It is possible that some of the entries are hiding from us, so please rename HijackThis.exe to something like angelfire777.exe

*Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Logfile of HijackThis v1.99.1
Scan saved at 7:25:04 PM, on 2/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Weasel\Desktop\HJT\angelfire777.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45E2625B-E1B0-4375-A2E4-75C083950D25} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: (no name) - {6C0227C7-63AB-4ADA-BCB1-F57EE2CA259E} - C:\windows\system32\geebx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {AF753547-024B-4B41-8C33-3660F661A41D} - (no file)
O2 - BHO: (no name) - {F974FD6A-CD45-4D27-BF84-2436408FC66B} - C:\windows\system32\byxxvsp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoSrv - Unknown owner - C:\HCT\services\Sparta\AutoSrv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)

VundoFix V6.3.6

Checking Java version...

Scan started at 8:03:22 PM 2/14/2007

Listing files found while scanning....

No infected files were found.

Hi,

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

SDFix: Version 1.65
Run by: Weasel - Thu 02/15/2007 @ 3:37:23.90
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:

C:\Windows\system32\msmsger.exe - Deleted

ADS Check:
C:\Windows\system32
:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 12
Total size: 12 bytes.

Removing ADS...

system32: deleted 12 bytes in 1 streams.

Checking for remaining Streams

C:\Windows\system32
No streams found.

Final Check:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility"
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"="C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe:*:Enabled:avast! Antivirus"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0e6249b8450d77cf6ed574f86bc70653\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\242de31122d71e92d2d0d6941af860fd\BITF.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ddf7f7b5e8dafb08f6bc3b8de43d62d\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5f82b9c25e211d842f46cb17d524e84b\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\70b4e3c52054f30741a6fab114c4c6a7\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a01035fe4a452653122051f0194779a7\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a38127676ce77457cbe5658ebd236d49\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ae3d490425aaa34e68bc42b8e5ff4f4f\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\af10ad1ba106dbeb814878bb0bf7578f\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b75a3f1ceb9b6c91137c6b793414016f\BITD.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf6034b9352dd852b280611a0edca27e\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f0da280f56f415f6b1d44ca99367c4eb\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f22add2045a3492be9416ce8033af4ea\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fc94d0b172a81f3a4285a7e7df8ee3cd\BIT3.tmp
Finished

Logfile of HijackThis v1.99.1
Scan saved at 3:45:44 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Weasel\Desktop\HJT\angelfire777.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45E2625B-E1B0-4375-A2E4-75C083950D25} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: (no name) - {6C0227C7-63AB-4ADA-BCB1-F57EE2CA259E} - C:\windows\system32\geebx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {AF753547-024B-4B41-8C33-3660F661A41D} - (no file)
O2 - BHO: (no name) - {F974FD6A-CD45-4D27-BF84-2436408FC66B} - C:\windows\system32\byxxvsp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoSrv - Unknown owner - C:\HCT\services\Sparta\AutoSrv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)

Hi,

Did you install a program called WinPcap?

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {45E2625B-E1B0-4375-A2E4-75C083950D25} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: (no name) - {6C0227C7-63AB-4ADA-BCB1-F57EE2CA259E} - C:\windows\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {AF753547-024B-4B41-8C33-3660F661A41D} - (no file)
O2 - BHO: (no name) - {F974FD6A-CD45-4D27-BF84-2436408FC66B} - C:\windows\system32\byxxvsp.dll (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


*Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6 (http://java.sun.com/javase/downloads/index.jsp), and install it to your computer.

Reboot.

On your next reply, please include a fresh HijackThis along with the CureIT log and a description on how your machine is running.

Logfile of HijackThis v1.99.1
Scan saved at 9:48:43 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system32\msmsger.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Weasel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoSrv - Unknown owner - C:\HCT\services\Sparta\AutoSrv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)


SDFix: Version 1.65
Run by: Weasel - Thu 02/15/2007 @ 3:37:23.90
Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:
C:\Windows\system32\msmsger.exe - Deleted
ADS Check:

C:\Windows\system32
:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 12
Total size: 12 bytes.

Removing ADS...
system32: deleted 12 bytes in 1 streams.

Checking for remaining Streams
C:\Windows\system32
No streams found.

Final Check:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility"
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"="C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe:*:Enabled:avast! Antivirus"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :

C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0e6249b8450d77cf6ed574f86bc70653\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\242de31122d71e92d2d0d6941af860fd\BITF.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ddf7f7b5e8dafb08f6bc3b8de43d62d\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5f82b9c25e211d842f46cb17d524e84b\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\70b4e3c52054f30741a6fab114c4c6a7\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a01035fe4a452653122051f0194779a7\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a38127676ce77457cbe5658ebd236d49\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ae3d490425aaa34e68bc42b8e5ff4f4f\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\af10ad1ba106dbeb814878bb0bf7578f\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b75a3f1ceb9b6c91137c6b793414016f\BITD.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf6034b9352dd852b280611a0edca27e\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f0da280f56f415f6b1d44ca99367c4eb\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f22add2045a3492be9416ce8033af4ea\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fc94d0b172a81f3a4285a7e7df8ee3cd\BIT3.tmp

Finished

im sorry for posting the same thing twice....but when i opened the page...it didn't list what i posted so i did it again...when page loaded then it showed that i posted twice...sorry...here are the logs

Logfile of HijackThis v1.99.1
Scan saved at 7:28:41 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Weasel\Desktop\HJT\angelfire777.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AutoSrv - Unknown owner - C:\HCT\services\Sparta\AutoSrv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)

dr wed log.....
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0011684.reg;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP59;Trojan.StartPage.1505;Deleted.;
A0012715.reg;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP59;Trojan.StartPage.1505;Deleted.;
A0014260.exe;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP76;Trojan.DownLoader.10963;Deleted.;
A0014261.exe;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP76;Trojan.DownLoader.18101;Deleted.;
A0015500.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0015603.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0015604.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0015772.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0015778.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0015779.dll;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP78;Trojan.Virtumod;Deleted.;
A0016796.exe;C:\System Volume Information\_restore{627BB733-857A-4123-928F-AEB173E19CD7}\RP79;Win32.HLLW.MyBot;Deleted.;

sorry forgot to say the coputer is running 1000 times better

It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/uk/products/reader/

Install it, then go to Add Remove Programs and remove any older versions that may remain.
_______________________

Congratulations! Your log looks clean!

This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore

Select Create a restore point, and Ok it.

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm (http://www.zonelabs.com)
» Kerio (http://http//www.sunbelt-software.com/Kerio-Download.cfm)

Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Happy safe surfing!

first off thank you so much...all the problems were starting to tick me off..
one thing though, when i tried to create a restore point the dos prompt opened up for some reason and nothing happened...and when i download one of the firewalls you listed...do i disable the windows firewall or do i keep it active? again thanks very much.

when i tried to create a restore point the dos prompt opened up for some reason and nothing happened...

I don't think that's normal...Did the dos box contain any information on it?


and when i download one of the firewalls you listed...do i disable the windows firewall or do i keep it active? again thanks very much.

You can leave it active.
______________________

Go to start > run > copy and paste this: services.msc

Check for a service name called "System Restore Service"

Double click it then under service status, check if it's on "started"

If not, click the "start" button..then try to create a new restore point.

post back with the results..

the system restore is active.....but this is what i get when i try tp create restore point....dos prompt opens and says....
Microsoft (R) Windows User-Mode Debugger Version 5.1.2600.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Loaded dbghelp extension DLL
The call to LoadLibrary(ext) failed with error 2.
Please check your debugger configuration and/or network access
Loaded exts extension DLL
The call to LoadLibrary(uext) failed with error 2.
Please check your debugger configuration and/or network access
Loaded ntsdexts extension DLL
Symbol search path is: *** Invalid *** : Verify _NTNSYMBOL_PATH setting
Executable search path is:
ModLoad: 01000000 01060000 C:\WINDOWS\system32\Restore\rstrui.exe
ModLoad: 7c900000 7c9b0000 C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c8f5000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77f10000 77f57000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 77f40000 77dd0000 C:\WINDOWS\system32\USER32.dll
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 5c020000 5e05f000 C:\WINDOWS\system32\SRRSTR.dll
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\COMCTL32.dll
ModLoad: 774e0000 7761d000 C:\WINDOWS\system32\ole32.dll
ModLoad: 7c9c0000 7d1d6000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 71bf0000 71c03000 C:\WINDOWS\system32\SAMLIB.dll
ModLoad: 76360000 76370000 C:\WINDOWS\system32\WINSTA.dll
ModLoad: 5b860000 5b8b5000 C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 77120000 771ac000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.dll
ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.dll
ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll
ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Com
mon-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comct132.dll
ModLoad: 692c0000 692f0000 C:\WINDOWS\system32\Wbem\framedyn.dll
ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll
ModLoad: 5c060000 5c073000 C:\WINDOWS\system32\srclient.dll
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll
ModLoad: 65780000 657a3000 C:\Program Files\Alwil Software\Avast4\
AhJsctNs.dll

ModLoad: 77b40000 77b62000 C:\WINDOWS\system32\Apphelp.dll
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\Version.dll
eax=7ffdf000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c901230 esp=00aaffcc ebp=00aafff4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
ntdll!DbgBreakPoint:
7c901230 cc
0:001> int 3

Hi, Let's try another way to create a restore point..

Turn off System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Post back with the results..

when i click on the system restore tab like you posted i get the same dos prompt....

Hi, from the log, it seems one or more of the Symbol files are missing so it isn't able to give its complete report on what is crashing System Restore.

Please go here: http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

and download the debugging tool...After that, try to run system restore again..It would probably crash but at least we may know what's crashing system restore each time you try to access it..

i downloaded and installed the tools but i don't know exactlly what i am supposed to do....or what exactlly you need to know..

After that, try to run system restore again..It would probably crash but at least we may know what's crashing system restore each time you try to access it..

I need you to try to run System Restore again and if an error pops up again, I need you to put all the information regarding the error here..

Microsoft (R) Windows User-Mode Debugger Version 5.1.2600.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Loaded dbghelp extension DLL
The call to LoadLibrary(ext) failed with error 2.
Please check your debugger configuration and/or network access
Loaded exts extension DLL
The call to LoadLibrary(uext) failed with error 2.
Please check your debugger configuration and/or network access
Loaded ntsdexts extension DLL
Symbol search path is: *** Invalid *** : Verify _NT_SYMBOL_PATH setting
Executable search path is:
ModLoad: 01000000 0100b000 C:\WINDOWS\system32\rundll32.exe
ModLoad: 7c900000 7c9b0000 C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c8f5000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77f10000 77f57000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 77f40000 77dd0000 C:\WINDOWS\system32\USER32.dll
ModLoad: 76c90000 76cb8000 c:\WINDOWS\system32\IMAGEHLP.dll
ModLoad: 5cb70000 5cb96000 c:\WINDOWS\system32\Shimeng.dll
ModLoad: 6f880000 6fa4a000 c:\WINDOWS\AppPatch\AcGeneral.dll
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\WINMM.dll
ModLoad: 774e0000 7761d000 C:\WINDOWS\system32\ole32.dll
ModLoad: 77120000 771ac000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 77be0000 77bf5000 C:\WINDOWS\system32\MSACM32.dll
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll
ModLoad: 7c9c0000 7d1d6000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\UxTheme.dll
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.dll
ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.dll
ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll
ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Com
mon-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comct132.dll
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\comct132.dll
ModLoad: 65780000 657a3000 C:\Program Files\Alwil Software\Avast4\
AhJsctNs.dll

ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime
ModLoad: 77b40000 77b62000 C:\WINDOWS\system32\appHelp.dll
ModLoad: 58760000 587b0000 C:\WINDOWS\system32\SYSDM.CPL
ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\comdlg32.dll
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\SETUPAPI.dll
ModLoad: 20000000 202c5000 C:\WINDOWS\system32\xpsp2res.dll
ModLoad: 5f660000 5f685000 C:\WINDOWS\system32\netid.dll
ModLoad: 76080000 760e5000 C:\WINDOWS\system32\MSVCP60.dll
ModLoad: 5b860000 5b8b5000 C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 76f20000 76f47000 C:\WINDOWS\system32\DNSAPI.dll
ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll
ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll
ModLoad: 76c00000 76c2e000 C:\WINDOWS\system32\credui.dll
ModLoad: 5c020000 5c05f000 C:\WINDOWS\system32\srrstr.dll
ModLoad: 71bf0000 71c03000 C:\WINDOWS\system32\SAMLIB.dll
ModLoad: 76360000 76370000 C:\WINDOWS\system32\WINSTA.dll
ModLoad: 692c0000 692f0000 C:\WINDOWS\system32\Wbem\framedyn.dll
ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll
ModLoad: 5c060000 5c073000 C:\WINDOWS\system32\srclient.dll
ModLoad: 76fd0000 7704f000 C:\WINDOWS\system32\CLBCATQ.dll
ModLoad: 77050000 77115000 C:\WINDOWS\system32\COMRes.dll
ModLoad: 50940000 5096b000 C:\windiws\system32\wuaucpl.cpl
ModLoad: 76b20000 76b31000 C:\windows\system32\ATL.DLL
ModLoad: 76780000 76789000 C:\windows\system32\SHFOLDER.dll
ModLoad: 50040000 5018a000 C:\windows\system32\wuaueng.dll
ModLoad: 75260000 75289000 C:\windows\system32\ADVPACK.dll
ModLoad: 606b0000 607bd000 C:\windows\system32\ESENT.dll
ModLoad: 76f50000 76f58000 C:\windows\system32\WTSAPI32.dll
ModLoad: 73000000 73026000 C:\windows\system32\WINSPOOL.DRV
ModLoad: 4d4f0000 4d548000 C:\windows\system32\WINHTTP.dll
ModLoad: 76c30000 76c5e000 C:\WINDOWS\system32\WINTRUST.dll
ModLoad: 77a80000 77b14000 C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 77b20000 77b32000 C:\WINDOWS\system32\MSASN1.dll
ModLoad: 75150000 75164000 C:\windows\system32\Cabinet.dll
ModLoad: 600a0000 600ab000 C:\windows\system32\mspatcha.dll
ModLoad: 76bb0000 76bb5000 C:\windows\system32\sfc.dll
ModLoad: 76c60000 76c8a000 C:\windows\system32\sfc_os.dll
ModLoad: 76380000 76385000 C:\windows\system32\MSIMG32.dll
ModLoad: 5da30000 5da42000 C:\WINDOWS\system32\remotepg.dll
ModLoad: 74ef0000 74ef8000 C:\WINDOWS\system32\wbem\wbemprox.dll
ModLoad: 75290000 752c7000 C:\WINDOWS\system32\wbem\wbemcomm.dll
ModLoad: 74ed0000 74ede000 C:\WINDOWS\system32\wbem\wbemsvc.dll
ModLoad: 75690000 75706000 C:\WINDOWS\system32\wbem\fastprox.dll
ModLoad: 767a0000 767b3000 C:\WINDOWS\system32\NTDSAPI.dll
ModLoad: 76f60000 76f8c000 C:\WINDOWS\system32\WLDAP32.dll

Break instruction exception - code 80000003 (first chance)
eax=7ffdf000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c901230 esp=00aaffcc ebp=00aafff4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\ntdll.dll -
ntdll!DbgBreakPoint:
7c901230 cc
0:004> int 3

i took care of the problem....thank you for all your help...

Glad to hear that..However, I'm curious as to how you fixed it?

Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.