You're very welcome, but we're not out of the woods, yet

yeah i know.. still scanning.. cant wait the result lol.. there's still some infected and parasite even though we scan it so many time..

We'll get there

xampp-win32-1.7.1-installer.exe\data233;C:\Documents and Settings\babotz\Desktop\xampp-win32-1.7.1-installer.exe;Program.PrcView.3725;;
xampp-win32-1.7.1-installer.exe;C:\Documents and Settings\babotz\Desktop;Archive contains infected objects;Moved.;
brown[1].jpg;C:\Documents and Settings\babotz\Local Settings\Temporary Internet Files\Content.IE5\S58DK96H;BackDoor.Poison.767;Del eted.;
x[1];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G9QNKHQ3;BackDoor.IRC.Sdbot.4538 ;Deleted.;
x[1];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;Trojan.Packed.650;Delet ed.;
x[2];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;Win32.Virut.56;Cured.;
x[2];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;Win32.Virut.56;Cured.;
x[2];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;BackDoor.IRC.Sdbot.4538 ;Deleted.;
x[3];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;Win32.Virut.56;Cured.;
x[3];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1ZOYQZU;BackDoor.IRC.Sdbot.4538 ;Deleted.;
x[1];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SH6Z0HMZ;Win32.Virut.30;Cured.;
x[1];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SH6Z0HMZ;Win32.Virut.56;Cured.;
x[1];C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SH6Z0HMZ;Trojan.Packed.650;Delet ed.;
A0000008.exe;C:\System Volume Information\_restore{166832B0-51F0-41EA-97E7-42C82450125E}\RP1;BackDoor.Poison.767;Deleted.;
A0000009.exe;C:\System Volume Information\_restore{166832B0-51F0-41EA-97E7-42C82450125E}\RP1;BackDoor.IRC.Letmein.12;Deleted. ;
A0001018.exe\data233;C:\System Volume Information\_restore{166832B0-51F0-41EA-97E7-42C82450125E}\RP1\A0001018.exe;Program.PrcView.372 5;;
A0001018.exe;C:\System Volume Information\_restore{166832B0-51F0-41EA-97E7-42C82450125E}\RP1;Archive contains infected objects;Moved.;
02.scr;C:\WINDOWS\system32;BackDoor.IRC.Letmein.12 ;Deleted.;
15.scr;C:\WINDOWS\system32;BackDoor.IRC.Letmein.12 ;Deleted.;
26.scr;C:\WINDOWS\system32;BackDoor.IRC.Letmein.12 ;Deleted.;
57.scr;C:\WINDOWS\system32;BackDoor.IRC.Letmein.12 ;Deleted.;
ZrxMgr.exe;C:\WINDOWS\system32\drivers;BackDoor.IR C.Letmein.12;Deleted.;
pv.exe;C:\xampp\apache\bin;Program.PrcView.3725;In curable.Moved.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:05 AM, on 8/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\httpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\apache\bin\httpd.exe
c:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\babotz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\babotz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\ZrxMgr.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\ZrxMgr.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\babotz\LOCALS~1\Temp\AVSETUP_49f73b50\ basic\avupgsvc.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WMI Client Service (WMICLISV) - Unknown owner - C:\WINDOWS\system32\wbem\wmiclisv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8477 bytes

win32:virut
win32:vitro
win32:tcpz
win32:Neeris-B

they are the virus that always pop-up on my av(avast).

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================== ==============

I strongly recommend, you update your Internet Explorer to ver. 7 (even, if you don't use it).

================================================== ==============

Uninstall AskBarDis, and DAEMON Tools Toolbar through Add\Remove.

================================================== =============

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
- O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
- O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
- O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\ZrxMgr.exe
- O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\ZrxMgr.exe
- O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
- O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (leave this one alone, if you have paid version)
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (leave this one alone, if you have paid version)


5. Click on Fix checked button.

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):
Note. If deletion doesn't work, attempt it in Safe Mode - restart computer, and keep tapping F8 key, until menu appears.

- ZrxMgr.exe file from C:\WINDOWS\system32\drivers

8. Go Start>Run (Vista users - "Start search"), type in:
cmd
Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

Command Prompt window will open.
Type in:
sc stop AntiVirUpgradeService
Press Enter.
Wait for the service to be stopped.

Type in:
sc delete AntiVirUpgradeService
Press Enter.
Wait for confirmation.

Restart computer.

Repeat same set of two commands (sc stop, and sc delete), replacing AntiVirUpgradeService with LIVESRV, then with NeroRegInCDSrv, and finally with XCOMM

9. Restart computer.

10. Post new HijackThis log.

broni, bad news.. the virus infect my LAN, i cant connect through internet. the next step i did is to install vista, now i have dual OS on my pc, im sure the virus still on my pc, what should we do now?

the next step i did is to install vista

What do you mean? What happened?