Dee_Collins

A thread was closed even though stated would be left open for me to reply....the following is for the people who helped me as far as allowed. Unfortunately I have no idea as we trusted this guy to sort our pc out, we did try to contact him regarding this soon after we got the pc back but were unable to get in touch with him and we have never had a problem up until now. At the end of the day we should have been supplied with a disc from PC World and we werent, we have since bought 2 pc's from them and did not receive one with these either. As you are say you are unable to help further all I can really say is thank you so much for the help you have given me with my pc this far and also with my laptop I had problems with a few months back. I really appreciate it.

We bought this pc in 2003 from a major retail store but one thing we didnt get was an XP disc, when the guy fixed it and changed everything over to the D Drive, we have since always on start up got a message that says our windows isnt genuine and we could be a victim of software counterfeiting, we would get a new xp disc but just cant afford one, is this going to be a huge problem?

ComboFix 08-07-05.1 - IAN 2008-07-07 12:02:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.652 [GMT 1:00] Running from: D:\Documents and Settings\IAN\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\BM8b4abea7.txt D:\WINDOWS\cookies.ini D:\WINDOWS\pskt.ini D:\WINDOWS\system32\albcxaag.ini D:\WINDOWS\system32\artloskh.ini D:\WINDOWS\system32\ehhgQqss.ini D:\WINDOWS\system32\ehhgQqss.ini2 D:\WINDOWS\system32\gaaxcbla.dll D:\WINDOWS\system32\geBuVPjh.dll D:\WINDOWS\system32\hjPVuBeg.ini D:\WINDOWS\system32\hjPVuBeg.ini2 D:\WINDOWS\system32\htpqnyas.dll D:\WINDOWS\system32\hwyqvmjq.dll D:\WINDOWS\system32\iocydi.dll D:\WINDOWS\system32\iqbuyz.dll D:\WINDOWS\system32\ixugjhdp.dll D:\WINDOWS\system32\lhoskcdj.dll D:\WINDOWS\system32\licabpel.ini D:\WINDOWS\system32\lwbyiojh.dll D:\WINDOWS\system32\mcrh.tmp D:\WINDOWS\system32\mcxbua.dll D:\WINDOWS\system32\mjpcytgk.dll D:\WINDOWS\system32\mnfgqvdg.ini D:\WINDOWS\system32\MWyGffii.ini D:\WINDOWS\system32\MWyGffii.ini2 D:\WINDOWS\system32\mxvextio.dll D:\WINDOWS\system32\necyaq.dll D:\WINDOWS\system32\resymcem.ini D:\WINDOWS\system32\rQHaXoPi.dll D:\WINDOWS\system32\smtdhx.dll D:\WINDOWS\system32\soltge.dll D:\WINDOWS\system32\srqdoitv.ini D:\WINDOWS\system32\SuCIiSBc.ini D:\WINDOWS\system32\SuCIiSBc.ini2 D:\WINDOWS\system32\tofascwd.dll D:\WINDOWS\system32\uakuypqu.ini D:\WINDOWS\system32\uelmsxpm.dll D:\WINDOWS\system32\xujunn.dll D:\WINDOWS\system32\yhijidmy.ini D:\WINDOWS\system32\zbrihi.dll . ((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))) . 2008-07-02 16:59 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-02 16:58 . 2008-07-02 16:59 <DIR> d-------- D:\Program Files\Java 2008-07-02 16:57 . 2008-07-02 16:57 <DIR> d-------- D:\Program Files\Common Files\Java 2008-07-02 16:53 . 2008-07-02 16:53 <DIR> d-------- D:\Program Files\SDM20 2008-07-02 12:28 . 2008-07-02 12:54 <DIR> d-------- D:\Documents and Settings\IAN\DoctorWeb 2008-06-30 15:48 . 2008-06-30 15:48 <DIR> d-------- D:\Program Files\Trend Micro 2008-06-29 18:01 . 2008-07-07 10:32 <DIR> d-------- D:\Program Files\EsetOnlineScanner 2008-06-29 14:19 . 2008-06-29 15:06 <DIR> d-------- D:\Program Files\CA Yahoo! Anti-Spy 2008-06-29 12:38 . 2008-06-28 14:16 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-29 12:38 . 2008-06-28 14:16 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys 2008-06-28 00:59 . 2008-07-04 11:02 110,419 --a------ D:\WINDOWS\BM8b4abea7.xml 2008-06-21 22:05 . 2008-06-21 22:05 188 --a------ D:\Documents and Settings\IAN\Application Data\wklnhst.dat 2008-06-11 04:58 . 2008-06-13 14:10 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 04:58 . 2008-06-13 14:10 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- D:\Program Files\Common Files\xing shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-04 09:00 --------- d-----w D:\Program Files\SUPERAntiSpyware 2008-07-04 09:00 --------- d-----w D:\Documents and Settings\IAN\Application Data\SUPERAntiSpyware.com 2008-07-04 08:59 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 15:40 --------- d-----w D:\Program Files\mIRC 2008-06-29 11:38 --------- d-----w D:\Program Files\Malwarebytes' Anti-Malware 2008-06-27 19:56 --------- d-----w D:\Program Files\InterActual 2008-06-21 20:10 --------- d--h--r D:\Documents and Settings\IAN\Application Data\yahoo! 2008-06-21 20:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-06-07 22:22 --------- d-----w D:\Program Files\Common Files\Real 2008-06-02 01:19 --------- d-----w D:\Program Files\Picasa2 2008-05-12 07:43 --------- d-----w D:\Documents and Settings\IAN\Application Data\Samsung 2008-05-12 07:42 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-05-12 07:39 --------- d-----w D:\Program Files\Samsung 2008-05-12 05:42 --------- d-----w D:\Program Files\Passwords Plus 2008-05-10 21:59 --------- d-----w D:\Documents and Settings\IAN\Application Data\U3 2008-05-08 12:28 202,752 ------w D:\WINDOWS\system32\drivers\rmcast.sys 2008-04-12 13:34 744 -c--a-w D:\Documents and Settings\IAN\Application Data\filterclsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 08:46 68856] "SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-07 23:21 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 D:\WINDOWS\mididef.exe] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.DVSD"= pdvcodec.dll "msacm.dvacm"= D:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk backup=D:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=D:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^IAN^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=D:\Documents and Settings\IAN\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] --a------ 2007-08-08 15:53 88024 D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] -ra------ 2007-03-01 11:37 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a--c--- 2002-10-07 00:23 90112 D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2005-05-17 17:42 933888 D:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] -----c--- 2004-08-03 23:56 15360 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a--c--- 2003-05-07 20:56 188416 D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a--c--- 2005-03-17 14:45 40960 D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2005-01-18 17:07 196608 D:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a--c--- 2005-01-18 17:47 458752 D:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-01-18 17:37 217088 D:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2004-10-08 11:52 221184 D:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 D:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 02:50 155648 D:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a--c--- 2005-03-17 14:25 57393 D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-26 02:23 443968 D:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] -----c--- 2005-06-10 01:48 98304 D:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2005-01-26 18:02 49152 D:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a--c--- 2002-04-17 11:42 69632 D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra--c--- 2003-10-14 10:22 155648 D:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-05-28 10:33 1506544 D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-09-10 08:46 68856 D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-06-07 23:21 185896 D:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --------- 2003-08-19 01:01 110592 D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2003-05-28 18:59 28672 D:\WINDOWS\system32\cthelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\Documents and Settings\\IAN\\Desktop\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20] R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16] R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);D:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2003-12-02 16:23] S3 av100s2k;av100s2k;D:\WINDOWS\system32\DRIVERS\av100s2k.sys [2003-02-18 20:25] S3 av100u2k;av100u2k;D:\WINDOWS\system32\DRIVERS\av100u2k.sys [2003-03-12 06:05] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{621016f2-c154-11dc-a25f-00173f901d36}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-07 08:27:00 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-06-24 16:46:00 D:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN386230RMJ5.job" - D:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN386230RMJ5 . - - - - ORPHANS REMOVED - - - - BHO-{6EA695DA-7CBA-4424-A819-F54B93548890} - D:\WINDOWS\system32\opnnnnND.dll BHO-{7062A567-23A9-42CC-A94A-1EA27D5D2D3A} - D:\WINDOWS\system32\ssqQghhe.dll BHO-{8AB5FF87-4173-4FFE-80A7-A512D98A6419} - D:\WINDOWS\system32\iiffGyWM.dll BHO-{FFBAA195-D7B4-4872-AFAD-73349920EADC} - D:\WINDOWS\system32\cBSiICuS.dll HKLM-Run-0873b249 - D:\WINDOWS\system32\gaaxcbla.dll MSConfigStartUp-0873b249 - D:\WINDOWS\system32\hneeqsdk.dll MSConfigStartUp-BM8b4abea7 - D:\WINDOWS\system32\gbaopiqy.dll MSConfigStartUp-ImInstaller_IncrediMail - D:\DOCUME~1\IAN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe MSConfigStartUp-tbon - D:\Program Files\TBONBin\tbon.exe MSConfigStartUp-Uniblue RegistryBooster 2 - D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe MSConfigStartUp-updateMgr - D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe MSConfigStartUp-VideoCall - D:\Program Files\Logitech\VideoCall\VideoCall.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-07 12:16:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\brss01a.exe D:\WINDOWS\system32\imapi.exe D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe D:\WINDOWS\system32\wdfmgr.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\WgaTray.exe . ************************************************************************** . Completion time: 2008-07-07 12:22:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-07 11:22:26 Pre-Run: 137,730,969,600 bytes free Post-Run: 139,066,327,040 bytes free 246 --- E O F --- 2008-06-20 02:02:00

ESET Results are as follows: 1 threat found Win32/Adware.Agent.NIY application (unablt to clean - deleted) D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\9ARP6AND\kb111653[1]

I dont think there is anything installed on it, basically we just use it as a storage drive for photos. I made sure that both C and D were scanned.

SUPERAntiSpyware Scan Log SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Generated 07/05/2008 at 02:36 PM Application Version : 4.15.1000 Core Rules Database Version : 3497 Trace Rules Database Version: 1488 Scan type : Quick Scan Total Scan Time : 00:11:00 Memory items scanned : 195 Memory threats detected : 1 Registry items scanned : 436 Registry threats detected : 7 File items scanned : 10193 File threats detected : 15 Adware.Vundo Variant/Resident D:\WINDOWS\SYSTEM32\GEBURJJA.DLL D:\WINDOWS\SYSTEM32\GEBURJJA.DLL Trojan.Vundo-Variant/Small-GEN HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D82AA899-121E-4F7F-9C28-04852CFC696B} HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B} HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32 HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32#ThreadingModel HKCR\TypeLib\{FFBC50F3-043C-11D1-911D-006097C99383} Adware.Tracking Cookie D:\Documents and Settings\IAN\Cookies\ian@ehg-eset.hitbox[1].txt D:\Documents and Settings\IAN\Cookies\ian@atdmt[2].txt D:\Documents and Settings\IAN\Cookies\ian@serving-sys[2].txt D:\Documents and Settings\IAN\Cookies\ian@ad.yieldmanager[1].txt D:\Documents and Settings\IAN\Cookies\ian@adopt.euroclick[2].txt D:\Documents and Settings\IAN\Cookies\ian@software-traffic[1].txt D:\Documents and Settings\IAN\Cookies\ian@tradedoubler[2].txt D:\Documents and Settings\IAN\Cookies\ian@bs.serving-sys[2].txt D:\Documents and Settings\IAN\Cookies\ian@rocku.adbureau[2].txt D:\Documents and Settings\IAN\Cookies\ian@hitbox[2].txt D:\Documents and Settings\IAN\Cookies\ian@questionmarket[1].txt D:\Documents and Settings\IAN\Cookies\ian@doubleclick[2].txt D:\Documents and Settings\IAN\Cookies\ian@scanner.vav-scanner[2].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP Adware.Vundo Variant D:\WINDOWS\SYSTEM32\DFFMPWSI.DLL

Sorry for the delay but I dont work weekens and this is a work pc that is plsying up. Sorry it wasnt 100% clear t me that logs needed to be posted after each scan, as I said I dont really know that much about pc's In terms of the C Drive as I explained before in this thread we had to take the pc to be fixed to someone before and they said there was a problem with the C Drive and transferred everything over to the D Drive, something to do with Kazaa, but that was a good couple of years ago now. So should I re-do all those scans in safe mode again and then post a log after each scan in safe mode? and is the log I need to post the Hijack this log?

Even in safe mode now i kep getting opo ups saying my pc is infected so download this program etc

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:53, on 05/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Safe mode with network support Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - D:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - http://file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - http://file://D:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - http://file://D:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?96385411e23941a59bda1d2f2bc5bbc O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?96385411e23941a59bda1d2f2bc5bbc O8 - Extra context menu item: Yahoo! &Dictionary - http://file:///D:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1215014298896&h=8f0c63d8de7f6272a79a95a72cb38429/&filename=jinstall-6u6-windows-i586-jc.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7725 bytes

OK Seth will do now

Malwarebytes' Anti-Malware 1.19 Database version: 901 Windows 5.1.2600 Service Pack 2 14:18:29 04/07/2008 mbam-log-7-4-2008 (14-18-29).txt Scan type: Quick Scan Objects scanned: 43251 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: D:\WINDOWS\system32\kedjkgwq.dll (Trojan.Vundo) -> Unloaded module successfully. D:\WINDOWS\system32\wvUoLdcA.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41873d7c-f89a-4392-b637-78f0fe72fb40} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{41873d7c-f89a-4392-b637-78f0fe72fb40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0873b249 (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: D:\WINDOWS\system32\wvUoLdcA.dll (Trojan.Vundo) -> Delete on reboot. D:\WINDOWS\system32\AcdLoUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\system32\AcdLoUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\system32\kedjkgwq.dll (Trojan.Vundo) -> Delete on reboot. D:\WINDOWS\system32\qwgkjdek.ini (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\system32\qodwkedk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\system32\kdekwdoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

Well Avast is now pulling something up constantly whether its spyware or a Trojan or Virus, I feel like getting a hammer out to the pc lol......... What now, I did all that was suggested and Im still getting pop ups, they keep freezin my pc up OK my pc seems to b wrse now, Avas was pulling something up saying the location was SuperAntiSpyware It also keeps pulling up the following malware: Win32:VunDrop [Drp] D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\VMHJAESJ\kb111653[1]

Basically a few years ago we had kazaa on the pc, and it really screwed things up and we had to send it it to someone to be fixed and they changed everything over to D Drive for some reason (to be honest we dont really know why)

So what do I need to do now and how do I do it?

What is mIRC and what is CCP? if you dont mind me asking, I dont really know too much about pc's