Thanks for your time !
Ran everything you told me to run !
Heres the logs ...
------------------------------------------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
05/10/2008 12:10:54
mbam-log-2008-10-05 (12-10-54).txt
Scan type: Quick Scan
Objects scanned: 64508
Time elapsed: 16 minute(s), 30 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 14
Registry Values Infected: 8
Registry Data Items Infected: 5
Folders Infected: 4
Files Infected: 40
Memory Processes Infected:
D:\Documents and Settings\PC\Application Data\Adobe\Manager.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
D:\WINDOWS\system32\apvjjror.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\hgGabCvU.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\quyheeqd.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\hgGyvSMd.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33ac7d18-dc35-4d1a-940e-afd5fc5c3327} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggyvsmd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{33ac7d18-dc35-4d1a-940e-afd5fc5c3327} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c48382f-2446-4c77-ba6c-869f0e222718} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3c48382f-2446-4c77-ba6c-869f0e222718} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\peltodgx.bmfr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{76acfa97-b729-4285-8787-10425443ad95} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0067e1b4-ecbd-47d6-8f88-80e14fb90295} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca5df1da-5181-4190-b40b-e3fd8fb1eaed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28482c96 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{33ac7d18-dc35-4d1a-940e-afd5fc5c3327} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ca5df1da-5181-4190-b40b-e3fd8fb1eaed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\hggabcvu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\hggabcvu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
D:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
Files Infected:
D:\WINDOWS\system32\hgGyvSMd.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\hgGabCvU.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\UvCbaGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\UvCbaGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\apvjjror.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\rorjjvpa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\quyheeqd.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\dqeehyuq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\peltodgx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\rwlfsdmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hgGyvWnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wvUkJbAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wvUoPfdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\7NXKJBKG\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\ER5D6FSY\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\HQGBSU5C\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\J5AET37O\WebSoftCodecDrivern[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\J5AET37O\WebSoftCodecDrivern[2].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\K4TV12VC\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\KVKIJK7I\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\SB01KE4E\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Application Data\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Favorites\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Favorites\Free Porn.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\Free Porn.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\PC\Start Menu\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
---------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:15:27, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\DeltTray.exe
D:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
D:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
D:\PROGRA~1\Yahoo!\YOP\yop.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\Documents and Settings\PC\Desktop\HijackThis.exe
D:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
D:\WINDOWS\System32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "D:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "D:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [YOP] D:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - D:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--------------------
The desktop properties is back to normal & also the c & d drives are now showing .
Cheers
Joe