I use spybot and avast and adaware.

I had smitfraud, it no longer shows up, but running S&D I cannot get rid of win32.agent and i tell it to run upon restart, only problem is, i cant restart, I get BSOD before windows loads, and have to restart into safe mode, where S&D doesnt run upon startup, therefore i still cant get rid of the malware. Sice a cannot get spybot to rum on restart, i havent yet ran HJT.... the only way windows will start is in safe mode, I have service pak 2, Avast is always running, and on a site,. looking from ROM's for MAME (Arcade Emulator) I had about 7 alerts back to back from avast... thats all she wrote... I havnt ran panda scan yet either....

Welcome to the forum, I have no idea if I can help you or not, I really don't understand what you said in your post. If you still need help, please follow the directions: "BEFORE you POST" Mandatory Steps Before Requesting Assistance http://forums.spybot.info/showthread.php?t=288
Please read and follow all instructions and post all required logs or reports, anything less will slow your process. Use "Post Reply" to post the information in the instructions and stay in the same topic, and I'll see if I can figure out what your problem is. I also need to point out that if you are posting from the same computer you posted from here:
http://forums.spybot.info/showthread.php?t=6664 then nothing has changed, the computer needs to have at least SP1 and the critical updates needed for the browser as described in the information I posted a link to.

Thanks

ok... I read the must do b4 posting and i cant do them becasue:

it says to run S&D until it doesnt pick anything else up.
To get rid of win32.agent S&D must scan upon restart, which it wont do.

at the time of the post i could only start windows in safemode
and now i cant start it at all.

The post did say i beleive that I have SP2 and all updates.
I do not have the windows cd becase my computer came with no install disks at all. It came from a college coarse i took, in which if I paid $300 I could keep the comuter, it was brand new when i got it, they just didnt send any discs along with it. so to reinstall windows, I cannot. this is the only legal copy of XP i have and really want to save it.

When booting normally I get a Blue screen of death.
When booing in safe mode, the computer freezes while trying to load the files to doso.

Sir, the instructions are very plain, unless you can comply with them, I can not help you. Post a HJT log showing you have a valid, updated version of the Windows Operating System and I will advise you if I can be of help.

It came from a college coarse i took, in which if I paid $300 I could keep the comuter, it was brand new when i got it, they just didnt send any discs along with it. so to reinstall windows, I cannot. this is the only legal copy of XP i have and really want to save it.If you paid money for a system you cannot validate and protect, you would need to take that up with them. If you have a legal copy of Windows, then take that up with Microsoft: http://support.microsoft.com/

Thanks

Your not understanding me...;
it says to run Spybot until it doesnt pick andthing up.. then run an online scan thaen download hijackthis...

I CANT GET SPYBOT TO RUN ON STARTUP SO THAT IT NO LONGER PICKLS ANYTHING UP,, and in my last post did you not read the part where WINDOWS WILL NOT START??????

what i wrote is as plain as the instructions, that CANNOT be completed.

Iwill try to explain again simpler....

instructions say:
3) Open Spybot-S&D while still in safe mode.
Close all browsers, check for problems and fix everything found in red

I cant fix everything found in red... the only thing left in red was win32.agent.nx spybot says to fix it it will have to run on startup do you want to do this? I say yes... restart,,, and spybot doesnt run,m therefore all things in red cannot be fixed.

2ndly.... WINDOWS WONT BOOT.

If Windows will not boot we cannot be of assistance, :( therefore this topic has been archived.

If you need it re-opened and can produce a HJT log, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Re-opened upon request.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:17:10 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Student\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/ie4/search/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: RAMASST.lnk.disabled
O4 - Global Startup: ShortKeys Lite.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_l.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7157 bytes

Received no notification when this member posted.

"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.


At the present time, do NOT run Trend Micro HijackThis v2.0.0 (BETA) to produce a log for this forum, unless specifically requested, or you have a Vista Operating System.