no idea please help

In the future please do not post HJT logs unless they are requested. You have multiple problems that need to be fixed. This will take a few iterations.

First you must disable Spybot's Teatimer because it can get in the way of our cleanup process.

To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot!

Please download: HSFix.zip
Extract the files from the ZIP File to a folder that you can find (preferably in its own folder - like c:\HSFix). Now boot to Safe Mode open the HSFix Tool folder and doubleClick hsfix.bat and let it run. It will produce a log here - C:\hslog.txt

Now reboot in normal mode and post that hslog.txt file here as an attachment.
After doing the above move on to the next message.

 

Do you know what this next line is?
O21 - SSODL: Audio Conversion Wizard_is1 - {DF793238-1D40-716D-346A-485428B1C2E2} - c:\program files\covert to mp3 towav\audio conversion wizard\wxrlonk9.dll

Continue with the cleanup below!

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to svchost.exe (or if not found, look for moto) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

svchost.exe

If that does not work, try using: moto

Now exit HJT. You may be told you have to reboot to complete the process. Do not reboot yet. We will be restarting HJT in a few lines to fix some other items first.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\SYSTEM32\drct16.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

That's because you now have some new problems. This is probably happening because you OS and IE versions are way out of date and need to be updated. But let's wait until we fix your current problems first.

You did not answer my question about what the below is:

O21 - SSODL: Audio Conversion Wizard_is1 - {DF793238-1D40-716D-346A-485428B1C2E2} - c:\program files\covert to mp3 towav\audio conversion wizard\wxrlonk9.dll

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [dmzun.exe] C:\WINDOWS\System32\dmzun.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\mdms.exe
C:\WINDOWS\System32\hclean32.exe
C:\WINDOWS\System32\dmzun.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Do not worry about the O21 line. I just wanted to make sure that it was something you knew about.

The reason you could not find the C:\WINDOWS\System32\dmzun.exe file is because this nasty piece of malware is renaming itself each time you power down your PC. Now the problem line is:

O4 - HKLM\..\Run: [dmrdh.exe] C:\WINDOWS\System32\dmrdh.exe

You need to fix that line and delete the file in safe mode. But if you rebooted since posting your log, it may already have renamed itself. Take a look now and verify for yourself what the file name is and fix the O4 line and delete the file. You should be able to tell which line does not belong there.

If you still have a problem after trying to fix this again, post a new HJT log and do not reboot or power down afterwards.

 

Safe mode HJT logs are of know use to us in 99.9% of all cases. Your safe mode log shows nothing. I would need a log from normal boot mode that shows the problems being present (i.e., do not fix anything or I will not see it).

I think that you will need to goto the below thread and complete the step number 3 and 7 for now (do not run other steps yet). Without a firewall, your problems will just keep coming back.

How to Protect yourself from malware!

You will have to ask about your Virtual Memory Problem in the Sotware Forum. I do not thing it is a malware problem.

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\windows\system32\mdms.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe


After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\windows\system32\mdms.exe


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

If you get a message from your firewall about mdms.exe trying to access your network or the internet, deny it access and tell it to always do that.

If the above works correctly and removes the final problem, you would then need to go to bacto the How to Protect yourself from malware! thread and complete all the other steps. Especially step 1.

If you still need help, leave a message here indicating your problems. I will not be around for about 10 days but one of the other helpers here will assist you.