Whenever my grandad switches on his PC it says "Unable to run Kuwakepe.dll". I understand that this is part of a virus called Vundo so I ran Malwarebytes and it removed the infected files but this error still comes up. I went into msconfing, and there it was running at start up so I disable it and restarted but the error still came up! I went back into msconfig and it had re-enabled itself. No matter how many times I disable it, it re-enables itself. I downloaded VundoFix and ran it, it didn't find any infected files. So now I'm stuck, what can I do?

Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save. 1. Save " tools.exe" to your desktop. 2. Double click on tools.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

I already have a HijackThis log of his computer, I had not renamed the file on download though. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:44, on 2009-02-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Dell\Common\FSM32.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\Dell\backweb\81720\Program\SERVIC ~1.EXE C:\Program Files\Dell\Anti-Virus\fsgk32st.exe C:\Program Files\Dell\backweb\81720\program\fsbwsys.exe C:\Program Files\Dell\Anti-Virus\FSGK32.exe C:\Program Files\Dell\Common\FSMA32.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell\Anti-Virus\fssm32.exe C:\Program Files\Dell\Common\FSMB32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\Common\FCH32.exe C:\Program Files\Dell\backweb\81720\Program\fspex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\Common\FAMEH32.exe C:\Program Files\Dell\Anti-Virus\fsrw.exe C:\Program Files\Dell\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/... /default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031- 17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin. dll O2 - BHO: (no name) - {f6755447-75a1-4a1f- a7b3-18138f1b6456} - C:\WINDOWS\system32\duvabova.dll (file missing) O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74- X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [windows auto update] msblast.exe O4 - HKLM\..\Run: [LoadHome] C:\Windows\System\MSIK673.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Dell\Common\FSM32.exe" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Dell\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Dell\FSGUI\FSSW.exe" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Dell\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe /auto O4 - HKLM\..\Run: [gotiseyomo] Rundll32.exe "C:\WINDOWS\system32\kuwakepe.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" - quiet O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe O4 - HKUS\S-1-5-19\..\Run: [gotiseyomo] Rundll32.exe "C:\WINDOWS\system32\kuwakepe.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [gotiseyomo] Rundll32.exe "C:\WINDOWS\system32\kuwakepe.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.exe (User 'Default user') O4 - Global Startup: TalkTalk Online Security.lnk = C:\Program Files\Dell\backweb\81720\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Dell\Anti- Spyware\blockpopups.htm O16 - DPF: {17492023-C23A-453E-A040- C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {6E32070A-766D-4EE6-879C- DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso... 6/V5Controls/en/x86/client/muweb_site.cab? 1174161736750 O21 - SSODL: eitheror - {2016a466-91a2-43c6- 97d8-2fd380f065ef} - (no file) O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file) O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - BackWeb Technologies Inc. - C:\PROGRA~1\Dell\backweb\81720\Program\SERVIC ~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Dell\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Dell\backweb\81720\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Dell\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Dell\Common\FSMA32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 7044 bytes

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save. Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your F-Secure antivirus, and any antispyware that you may have. 2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet.