adaware etc keeps reappearing

[thehoudi]

After years and years of no hassle with virii, malaware etc I find that im getting a hard time the last week with crap pop ups etc randomly appearing. Scanned the pc with superanti etc and cleaned up after the scan but as soon as I scan again the same culprits are back again. Ive included the log from the last scan if anyone can make any sense of this Id be grateful - even just nudge me in the right direction or tell me what else I need to to.

Im running zone alarm, avast anti virus and superantispyware on win xp

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/25/2007 at 12:33 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260

Trace Rules Database Version: 1271

Scan type : Complete Scan

Total Scan Time : 02:49:24

Memory items scanned : 434

Memory threats detected : 3

Registry items scanned : 5218

Registry threats detected : 40

File items scanned : 159656

File threats detected : 17

Adware.Vundo Variant

C:\WINDOWS\SYSTEM32\PMKHG.DLL

C:\WINDOWS\SYSTEM32\PMKHG.DLL

HKLM\Software\Classes\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmkhg

Adware.eZula

C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE

C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE

HKLM\System\ControlSet001\Services\DomainService

HKLM\System\ControlSet002\Services\DomainService

HKLM\System\CurrentControlSet\Services\DomainService

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL

C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

Unclassified.Oreans32

HKLM\System\ControlSet001\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#*NewlyCreated*

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@tradedoubler[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@cpvfeed[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.yieldmanager[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@imrworldwide[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.zanox[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@atdmt[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@doubleclick[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.uk.tangozebra[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@adtech[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@zbox.zanox[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@videoegg.adbureau[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@questionmarket[1].txt

Trojan.Downloader-Gen/Blah

C:\WINDOWS\SYSTEM32\MLJGFDA.DLL

[SUPERAntiSpy]

Please submit a support ticket here, and we will have you run a diagnostic:

https://www.superantispyware.com/support.html

[jman]

I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help.

[SUPERAntiSpy]

I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help.

Please submit a support ticket here, and we will have you run a diagnostic:

https://www.superantispyware.com/support.html