ive been getting a lot of windows warnings about spyware which i know i need to clean up but how do i get rid of these annoying things from my task bar? Its like a red circle with a white X in it and it always pops a message up saying your computer may be infected yada yada

here is my log anything look fishy i should get rid of?

R3 - URLSearchHook: (no name) - {F2226766-8A92-9606-77DE-FC35E91B91ED} - EXE32EXE.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [___] TForm1.exe
O4 - HKLM\..\Run: [newbreed] dePloy.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [e0f10809.exe] C:\WINDOWS\System32\e0f10809.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [nmdllw] 10010.exe
O4 - HKCU\..\Run: [___] MsNetHelper.exe
O4 - HKCU\..\Run: [MNTP] driver64.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\6.tmp3072.exe
O4 - HKCU\..\Run: [e0f10809.exe] C:\Documents and Settings\Brent Jason\Local Settings\Application Data\e0f10809.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149814585509
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6201475-FACB-47F6-B72D-074975DEA8C0}: NameServer = 85.255.113.140,85.255.112.135
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

That would be Windows security centre telling you that you are infact infected.
And you are right you should definitely sort it out.

What anti-viruses and anti spy-ware are you running?
Have you done any scans and if so have you found and deleted anything?

I also suggest you download HiJackThis and post a log here for the experts to read.

You need to post the complete HJT log.

And yes, there are several fishy items there, so the sooner you post the complete log, the better...

And keep the threads together... I am merging this with your other thread about this...

my desktop has been hijacked and only displays a blue screen and i get a lot of windows pop ups saying that my computer is infected and its really annoying. Ive ran AVG,spybot,adaware, and ewido all in safe mode and the problem is still their. here is my log

Logfile of HijackThis v1.99.1
Scan saved at 6:47:41 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\e0f10809.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\Temporary Directory 2 for HijackThis[1].zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {F2226766-8A92-9606-77DE-FC35E91B91ED} - EXE32EXE.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [___] TForm1.exe
O4 - HKLM\..\Run: [newbreed] dePloy.exe
O4 - HKLM\..\Run: [e0f10809.exe] C:\WINDOWS\system32\e0f10809.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [nmdllw] 10010.exe
O4 - HKCU\..\Run: [___] MsNetHelper.exe
O4 - HKCU\..\Run: [MNTP] driver64.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\6.tmp3072.exe
O4 - HKCU\..\Run: [e0f10809.exe] C:\Documents and Settings\Brent Jason\Local Settings\Application Data\e0f10809.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149814585509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149895344965
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6201475-FACB-47F6-B72D-074975DEA8C0}: NameServer = 85.255.113.140,85.255.112.135
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I don't understand why you feel the need to keep starting new threads for this same problem... Please stop doing that and explain why you have done it so far...


Meanwhile, please move HJT to a permanent folder and unzip it or you will not be able to keep any backups of these fixes... It is also possible it won't work properly from a zipped file...

Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe).
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.

Close all other open windows since this step requires a reboot.

Select option 2. Run auto fix by typing 2, and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open. Save a copy of that logfile in Notepad

Then please open and HJT scan and put checks by any of these that remain:

R3 - URLSearchHook: (no name) - {F2226766-8A92-9606-77DE-FC35E91B91ED} - EXE32EXE.dll (file missing)
O4 - HKLM\..\Run: [___] TForm1.exe
O4 - HKLM\..\Run: [newbreed] dePloy.exe
O4 - HKLM\..\Run: [e0f10809.exe] C:\WINDOWS\system32\e0f10809.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [nmdllw] 10010.exe
O4 - HKCU\..\Run: [___] MsNetHelper.exe
O4 - HKCU\..\Run: [MNTP] driver64.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\6.tmp3072.exe
O4 - HKCU\..\Run: [e0f10809.exe] C:\Documents and Settings\Brent Jason\Local Settings\Application Data\e0f10809.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6201475-FACB-47F6-B72D-074975DEA8C0}: NameServer = 85.255.113.140,85.255.112.135
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)

Close all open windows except HJT and press Fix checked...

Find and delete any of these that remain:

C:\WINDOWS\system32\e0f10809.exe
C:\Program Files\KillAndClean\KillAndClean.exe (whole folder)
C:\Windows\xpupdate.exe
C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\6.tmp3072.exe
C:\Documents and Settings\Brent Jason\Local Settings\Application Data\e0f10809.exe
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\WINDOWS\SYSTEM32\winm32.dll

You will need to use Windows search function to find and delete these:

TForm1.exe
dePloy.exe
10010.exe
MsNetHelper.exe
driver64.exe
EXE32EXE.dll

If you are unable to delete any of these, reboot to Safe Mode and delete them there... Also, you may need to set Windows to show hidden files/folders... If you do not know how to do that, post back before you start...

Reboot and post the contents of that HaxFix logfile along with a new HijackThis log. Note how things are going now... Post in THIS thread....

sorry about starting the new thread, i just did everything you told me and im still getting the pop ups and my desktop is still hijacked to a regular solid color. I was not able to run haxfix its said i didnt have a key after i pressed 2 then enter. Here is my new log, your help has been appreciated thus far and i hope we can solve this problem. Once again sorry for starting the new posts, wont happen again

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [e0f10809.exe] C:\WINDOWS\system32\e0f10809.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\BRENTJ~1\LOCALS~1\Temp\6.tmp3072.exe
O4 - HKCU\..\Run: [e0f10809.exe] C:\Documents and Settings\Brent Jason\Local Settings\Application Data\e0f10809.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149814585509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149895344965
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A1C9B63-0206-448B-9FBC-9479355E385B}: NameServer = 85.255.113.140,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DED6873D-0F73-43A5-ACF0-3E5FB16610CF}: NameServer = 85.255.113.140,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A1C9B63-0206-448B-9FBC-9479355E385B}: NameServer = 85.255.113.140,85.255.112.135
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Try running Option 1 of Haxfix and save that log to post here, then run Option 2... Boot to Safe Mode to run both...

Post the logs here if you can get them and the complete HJT log... It is dangerous to work on the HJT log when you only post part of it...

Is this the same system?

http://www.pcguide.com/vb/showthread.php?t=47373

If it is and you are running a business from it, you are in serious trouble... The infections you have are capable of stealing passwords and account numbers... It would be a very good idea to contact anyone that you do business with and change those details, particularly your own bank and credit accounts...