infected file still keeps coming back

Viruses and worms
1

well this infected file bdl74125.exe(win32:winadcli-4 trj) keeps comming back
i’ve deleted it, moved it, tried everything
i have avast pro 4.1/ vps file 0442-1 need some more info on handling this . I :('ve also given my
log file maybe this will help with the process

Logfile of HijackThis v1.98.2
Scan saved at 1:15:04 PM, on 10/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\LiteStep\litestep.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\explorer.exe
I:\My downloads\copy\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/calgary/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title=“Corel Graphics Suite 11” /date=102104 serial=dr11crd-0012082-dgw
O4 - HKLM..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM..\RunServices: [Operation Update] suamgrd.exe
O4 - HKLM..\RunOnce: [WMC_0] RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection RegSection 128 C:\WINDOWS\inf\WMP10.inf
O4 - HKLM..\RunOnce: [WMC_1] C:\Program Files\Windows Media Player\WMPEnc.exe /RegServer
O4 - HKLM..\RunOnce: [WMC_2] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
O4 - HKLM..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=7000d7b89f9ab6a9c86bd546827fb9a0b3120c831852392df5cfcc98451f4a28a0d1306b735be2293e8ef473e4bafb3c372ea03f:3b639822e6054d67daffd12299b6db5c
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mmed.cab

2

You can find the result from the online analyzer HERE and here is the (short version) of what my analyzer has to say about it:

CHECKING HIJACKTHIS AND INTERNET EXPLORER :

You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
Your Operating System is not up-to-date. (Latest service pack not installed)

THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :

\program files\windows syncroad\syncroad.exe
\program files\windows syncroad\winsync.exe
\program files\bittornado\btdownloadgui.exe
o2 - bho: (no name) - {83de62e0-5805-11d8-9b25-00e04c60faf2} - (no file)
o3 - toolbar: (no name) - {bdf6ce3d-f5c5-4462-9814-3c8eac330ca8} - (no file)
o4 - hklm..\run: [windows syncroad] c:\program files\windows syncroad\syncroad.exe
o8 - extra context menu item: web rebates - file://c:\program files\web_rebates\sy1150\tp1150\scri1150a.htm
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=7000d7b89f9ab6a9c86bd546827fb9a0b3120c831852392df5cfcc98451f4a28a0d1306b735be2293e8ef473e4bafb3c372ea03f:3b639822e6054d67daffd12299b6db5c
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {9eb320ce-be1d-4304-a081-4b4665414bef} (mediaticketsinstaller control) - http://www.mt-download.com/mediaticketsinstaller.cab
o16 - dpf: {e0ce16cb-741c-4b24-8d04-a817856e07f4} (iobjsafety.democtl) - http://cabs.roings.com/cabs/mmed.cab