[keimayjur]

Problem(1) - I can't acces ANYTHING in the control panel. I get "rundll32.exe - bad image errors" for the following

IMM32.dll
ShimEng.dll
shell32.dll
uxtheme.dll

Problem(2) - Red X appears where C: icon should be

- Used VundoFix and removed 1 infected, ran kaspersky removed a bunch more...

here's the logs from everything....


VundoFix V7.0.3

Scan started at 3:52:15 PM 4/9/2008

Listing files found while scanning....

C:\windows\SYSTEM32\yjpxvtll.dllbox

Beginning removal...

Attempting to delete C:\windows\SYSTEM32\yjpxvtll.dllbox
C:\windows\SYSTEM32\yjpxvtll.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

ComboFix 08-04-09.1 - Lily 2008-04-09 16:17:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT -4:00]
Running from: C:\Documents and Settings\Lily\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\WINDOWS\BMefd381d6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mpqss.ini
C:\WINDOWS\SYSTEM32\mpqss.ini2
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\S0
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\win

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_CORE
-------\Legacy_DHLP
-------\Service_core


((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 15:52 . 2008-04-09 16:11 <DIR> d-------- C:\VundoFix Backups
2008-04-07 03:11 . 2008-04-07 03:11 91,700 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-04-07 03:11 . 2008-04-07 03:11 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-04-07 03:08 . 2008-04-09 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 03:08 . 2008-04-09 16:20 2,738,208 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-04-07 03:08 . 2008-04-09 16:19 37,724 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-04-07 03:08 . 2008-04-09 16:19 20,000 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-04-07 03:08 . 2008-04-09 16:19 2,852 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-04-07 02:24 . 2008-04-07 02:47 0 --a------ C:\WINDOWS\SYSTEM32\sys_dll.dll
2008-04-07 02:09 . 2008-04-07 02:09 <DIR> d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP
2008-04-07 00:49 . 2008-04-07 01:27 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-04-07 00:49 . 2008-04-07 00:49 <DIR> d-------- C:\Documents and Settings\Lily\Application Data\URSoft
2008-04-06 23:42 . 2008-04-06 23:42 <DIR> d-------- C:\Documents and Settings\Lily\Application Data\ESET
2008-04-06 23:36 . 2008-04-06 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-06 23:28 . 2008-04-07 00:37 1,574,572 ---hs---- C:\WINDOWS\SYSTEM32\wllarojn.ini
2008-04-02 23:53 . 2008-04-06 23:28 2,158,093 ---hs---- C:\WINDOWS\SYSTEM32\xiisyhhy.ini
2008-04-02 23:53 . 2008-04-02 23:53 0 --a------ C:\WINDOWS\SYSTEM32\aeqdypvg.tmp
2008-04-01 19:50 . 2008-04-02 23:47 1,608,541 --ahs---- C:\WINDOWS\SYSTEM32\aeqdypvg.ini
2008-03-28 13:01 . 2008-03-28 13:01 1,583,169 ---hs---- C:\WINDOWS\SYSTEM32\ludoxpmw.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 06:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-07 05:24 --------- d-----w C:\Program Files\Dell
2008-04-07 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-07 05:19 --------- d-----w C:\Program Files\Dearborn
2008-04-07 05:06 --------- d-----w C:\Program Files\Corel
2008-04-07 05:04 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-07 04:58 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-28 16:56 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2004-11-25 13:05 0 -c-ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2004-11-25 13:05 0 -c-ha-w C:\Documents and Settings\Lily\hpothb07.dat
2006-06-15 07:14 1,048,940 -csha-w C:\WINDOWS\SYSTEM32\hgjlm.ini2
.

------- Sigcheck -------

2002-08-29 06:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SYSTEM32\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2002-11-01 18:26 528896 68e1f4ef02df52ca9c5e157045d23582 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll

2002-08-29 06:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 03:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 03:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SYSTEM32\ws2_32.dll

2004-09-29 14:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 13:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 19:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 22:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 23:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-03 23:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 01:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2004-02-06 19:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
2004-09-29 14:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-03-10 04:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2005-01-27 13:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-07-02 22:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-05-02 16:52 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 19:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 23:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 23:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 01:23 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2007-04-18 08:31 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2006-06-23 07:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB933566_0$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\SYSTEM32\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 06:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys

2002-08-29 06:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SYSTEM32\winlogon.exe

2003-10-03 20:54 168192 d999ce17681d7d074d534fc5bc662e0a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DLLCACHE\ip6fw.sys
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-04-24 11:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 01:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2004-08-04 01:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-04-24 11:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 02:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2004-08-04 02:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe

2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\explorer.exe
2002-08-29 06:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1BA3BD3-0052-42B1-9220-8F82477AB52E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoNetworkConnections"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljggda]
mljggda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnooop]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lily^Start Menu^Programs^Startup^HotSync Manager.LNK]
backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ClientStubInstall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-09-20 09:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-09-20 09:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\motoin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seeve]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 Ca50xav;Digital Blue DMC2 Video Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys [2005-01-27 20:06]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2004-05-17 06:52]
S3 USBCamera;Digital Blue DMC2 Bulk Camera;C:\WINDOWS\system32\Drivers\Bulk50x.sys [2003-05-14 18:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 20:20:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 16:21:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 16:23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 20:23:31
Pre-Run: 20,237,406,208 bytes free
Post-Run: 20,233,109,504 bytes free
.
2007-07-03 06:17:00 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:05 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {D1BA3BD3-0052-42B1-9220-8F82477AB52E} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: mljggda - mljggda.dll (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\
O20 - Winlogon Notify: pmnooop - C:\WINDOWS\
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 3222 bytes

2004-05-17 07:13 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir
2004-05-17 07:13 6002 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir
2007-06-11 20:26 143 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mcrh.tmp.vir
2007-06-17 23:25 72832 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\core.sys.vir
2007-09-23 21:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pac.txt.vir
2008-04-06 23:23 140287 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMefd381d6.xml.vir
2008-04-06 23:42 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-04-07 00:35 631 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-04-07 03:14 295146 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.ini2.vir
2008-04-07 03:15 295146 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mpqss.ini.vir
2008-04-09 16:18 1334 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_CORE.reg.dat
2008-04-09 16:18 774 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_DHLP.reg.dat
2008-04-09 16:18 832 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat
2008-04-09 16:18 994 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_core.reg.dat
2008-04-09 16:19 202 --a------ C:\Qoobox\Quarantine\catchme.log
2008-04-09 16:20 55004 --a------ C:\Qoobox\Quarantine\catchme2008-04-09_162051.98.zip





PLEASE HELP!!!

Edited by keimayjur, 10 April 2008 - 12:35 PM.

[Advertisements]

Please someone help me...i'm pretty sure I got rid of the virus(s) but my pc still won't let me access anything in control panel. I logged on in safe mode and can access control panel, but not on my login name. I get rundll32.exe error and an iexplorer.exe error in IE. Please let me know what I can do, I'd greatly appreciate it!

[keimayjur]

Please someone help me...i'm pretty sure I got rid of the virus(s) but my pc still won't let me access anything in control panel. I logged on in safe mode and can access control panel, but not on my login name. I get rundll32.exe error and an iexplorer.exe error in IE. Please let me know what I can do, I'd greatly appreciate it!

[kahdah]

Hello keimayjur

Welcome to G2Go.
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.