RUNDLL32 issue

You appear to be well infected - viz:
---------------------------------------------------------
O2 - BHO: (no name) - {3C0309CC-169A-4854-881C-F437E6A94479} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {DAE3C7A6-EF0F-428E-922C-6E22F03D2AD5} - (no file)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - (no file)

O20 - Winlogon Notify: afxolg - C:\WINDOWS\
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
---------------------------------------------------------
It looks to me that your AV program has removed WINOPN32.DLL - but the other registry entries suggest that it has spawned itself and the damage is done.

Google will find solutions for WINOPN32.DLL or one of the shining knights here will take you through the various tool fixes step by step. It may help in advance if you download a script called COMBOFIX and let that do a bit of digging and cleaning for you.

I also recommend you backup your data files.

Are you on a separate PC now? If so attach the drive from the infected PC via a USB enclosure and stream off your vital data. You could also search the Virus forum for my famous post of 3-Sep-07 (search under the mis-spelt term "Vitunonde") which provides a detailed step-by=step approach to fixing all this using the second PC.

I have another computer but do not have a way of connecting them together. I have downloaded combofix and am running that, I am looking up WINOPN32.DLL to see what i can do from there. I appreciate your helping me with this issue. I will see what happens once I complete the aboves and post another log for you to check out. Thank you.

Yeah I need a shining knight to help me fix this lap top. I ran combofix but it doesn't seem to have done much at least not that i can tell.

Well, you need to post the Combofix log and the HJT log again.

Also, if the problem is on a laptop, just buy the right USB enclosure (SATA or PATA according to your disk type) and put it on the other PC or laptop. Operate on it from there especially using my method posted on 3rd September which far too many people seem to ignore.

Your infected with Virtumondo. Please do the folloiwng.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Here is the Highjackthis info....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:46:10 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\euser\Desktop\VundoFix.exe
C:\Documents and Settings\euser\Desktop\HiJackThis_v2.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


--
End of file - 7152 bytes


Here is the combofix info...


ComboFix 07-11-19.3 - euser 2007-11-24 15:38:53.1 - NTFSx86
Running from: C:\Documents and Settings\euser\Local Settings\Temporary Internet Files\Content.IE5\IK20ZSX4\ComboFix[1].exe
* Created a new restore point
.


Unable to gain System Privileges


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\WINDOWS\system32\drivers\sfsync02.sys


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


.
-------\LEGACY_SFSYNC02
-------\sfsync02



(((((((((((((((((((((((((   Files Created from 2007-10-24 to 2007-11-24  )))))))))))))))))))))))))))))))
.


2007-11-24 00:22    <DIR>    d--------   C:\Documents and Settings\euser\Application Data\Grisoft
2007-11-24 00:21    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-24 00:21    10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-23 23:08    <DIR>    d--------   C:\Program Files\Windows Installer Clean Up
2007-11-23 23:08    <DIR>    d--------   C:\Program Files\MSECACHE
2007-11-23 21:25    <DIR>    d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-23 20:28    22,528  --a------   C:\WINDOWS\system32\setupcl.exe
2007-11-23 18:29    <DIR>    d--------   C:\Program Files\AdwareAlert
2007-11-23 18:29    <DIR>    d--------   C:\Documents and Settings\euser\Application Data\AdwareAlert
2007-11-23 18:17    <DIR>    d--------   C:\Program Files\RegistrySmart
2007-11-23 18:17    <DIR>    d--------   C:\Documents and Settings\euser\Application Data\RegistrySmart
2007-11-23 15:56    271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2007-11-23 15:56    30,072  --a------   C:\WINDOWS\system32\mucltui.dll.mui
2007-11-13 00:01    <DIR>    d--------   C:\Program Files\RegCure


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 20:48    ---------   d-----w C:\Program Files\Symantec AntiVirus
2007-11-24 03:40    ---------   d-----w C:\Documents and Settings\euser\Application Data\Uniblue
2007-11-17 18:14    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 18:14    ---------   d-----w C:\Program Files\The Adventure Company
2007-11-08 22:25    ---------   d-----w C:\Program Files\GameNow
2007-11-06 04:22    ---------   d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-19 18:45    ---------   d-----w C:\Program Files\Java
2007-10-19 18:24    73,216  ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-19 18:24    249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-19 18:24    ---------   d-----w C:\Program Files\Nissan Data Scan
2006-12-31 04:44    765,131 --sh--w C:\WINDOWS\inf\gloxfa.ini2
2006-12-23 16:06    1,052,031   --sh--w C:\WINDOWS\inf\gloxfa.bak2
2006-12-15 01:46    880,112 --sh--w C:\WINDOWS\inf\gloxfa.bak1
2006-08-05 08:34    456 ----a-w C:\Program Files\INSTALL.LOG
2006-12-15 01:46    880,112 --sh--w C:\WINDOWS\inf\gloxfa.bak1
2006-12-23 16:06    1,052,031   --sh--w C:\WINDOWS\inf\gloxfa.bak2
2006-12-31 04:44    765,131 --sh--w C:\WINDOWS\inf\gloxfa.ini2
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0309CC-169A-4854-881C-F437E6A94479}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAE3C7A6-EF0F-428E-922C-6E22F03D2AD5}]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-11-20 16:34]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 23:10]
"CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 04:50]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 03:07]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 03:07]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-05-13 02:05]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 00:38 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 12:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 17:22]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 15:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-09-13 11:52:51]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afxolg]
C:\WINDOWS\system32\NavLogon.dll 2005-11-15 12:28 43760 C:\WINDOWS\system32\NavLogon.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll


R3 Cap7134;LifeView WDM Video Capture;C:\WINDOWS\system32\DRIVERS\lvcap214.sys
R3 PhTVTune;Philips WDM TVTuner;C:\WINDOWS\system32\DRIVERS\Silicon.sys
R3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys


.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 20:49:26 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-23 23:17:12 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 15:47:57
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


**************************************************************************
.
Completion time: 2007-11-24 15:51:10 - machine was rebooted
.
--- E O F ---

I ran VundoFix and it found nothing. Let me know what i need to do next. Thank you all for your help.

I found a symantec version of vudofix while googling the virus you said was on my computer below is the report that came out of it....

Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It cannot be terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\euser\Local Settings\Application Data\Microsoft\Messenger\e_appie@hotmail.com\SharingMetadata\ladythang3@hotmail.com\DFSR\Staging\CS{09D55AB6-E713-0198-A5E7-F425006C243B}\01\10-{09D55AB6-E713-0198-A5E7-F425006C243B}-v1-{B5CDED15-8EE8-4A5F-BA96-D250593142C5}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 56377
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0

Don't worry about the IE message. It would have been best to run VundoFix without IE running and the message then would not have occurred.

ANyway, don't forget to clean out your registry again.

Incidentally when I ran the Symantec tool in September to rid my Son's laptop of Vundo, it didn't clear the infection. So be on guard.

You could post another HJT log here.

EDIT: If you're concerned about the IE message you could run a Windows repair from the Windows CD.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:56:18 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\euser\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7003 bytes

How do i clean up my registry seems any program i use never works. Also I still cannot access my add and remove programs or any system info, how can i fix my rundll32?

The HJT looks clean (doesn't mean that nothing in your system has been altered and indeed it seems RUNDLL.EXE is missing).

Registry clean - Advanced Windows Care (free) or Uniblue Registry Cleaner (costs).

So, first try and clean the registry and now's the time to put your Windows CD into the drive, boot from it and use the REPAIR option tobring all the right files back.

Let us know.

ok i ran reg cleaner and then tried to boot from disc and the computer would not let me. I hit F8 and tried to boot from disc but the computer freezes and will not even let me move the selection to anything or acknowledge im hitting a button. I tried to hit any key when it asked to hit any key to boot from cd and that did not work. The CD i have is Windows XP Home edition and its not SP2. So it will not allow me to install even if i try to run when the computer is on. What can i do?

Are you saying that you can't even boot normally? Or did I misunderstand?

Anyway, I see your problem here - re-installing SP1 over SP2 whilst not having the benefit of RUNDLL.EXE.

So, with your enfeebled SP2 system, you could try to uninstall SP2; the feature should be there in Add/Remove programs.

Then the SP1 repair ought to work - if not you're completely stuffed and a reinstall from scratch id needed. Copy your data files to a USB drive or something, wipe the disk and reinstall.

Also if I didn't misunderstand, if you're having problems booting from the CD, there used to be a trick in the BIOS - if you hold down the C key right at the start of booting it would boot from the Windows CD. I've never tried it in XP so it may/may not work.

But it MUST boot from CD if you can set the BIOS to give priority to the CD. You would do this by pressing a key (it's F2 on my Dell - your boot screen will flash a key choice in the top right/left corner of the screen at boot start). Hit that key at boot start and enter the BIOS. You'll find the boot priority menu in there and you can declare the CD as the first boot device.

Anyway, somewhere in the above, I've covered your present situation and what to do about it.

Best of luck and I'm sorry you're in this mess.

It boots normally just won't boot from disc and when i restart it doesn't tell me anything, it shows a picture of the intel inside and then it goes black then windows shows up thats it. When i hit F8 a screen comes up to boot from another location. Problem is i can't move the selection or even select anything its almost as if the screen freezes. I can't remove SP2 as add/remove programs wn't come up as computer cannot find rundll32. So i am in a huge mess with this system. I have no idea how to access the BIOS or access anything. Its really jacked up.. I REALLY GREATLY APPRECIATE YOUR HELP!!! THANK YOU!!! I deploy in a month and a half and this is the only computer i will have with me and i need it up and running properly.

First, it might help if you describe the affected hardware. I might have missed it in an earlier post, but a refresh on page 2 won't hurt.

You have absolutely no choice now but to re-install your Windows system. The headline steps are (a day's solid work):

1 Copy your data files off to another medium
2 Wipe your disk completely
3 Reinstall XP SP1
4 Download & reinstall XP SP2
5 Restablish your applications
6 Copy yur data back

If you have access to a second PC, then you can invest in a suitable USB enclosure (matched to your HDD type) and attach the afflicted disk to the second PC. You can then copy your data files off to the second PC and wipe the HDD afterwards with Format.

Now to booting from CD on the afflicted PC. When the Intel Inside flash comes on, there will be a message on screen to tell you which key to press in order to get into the BIOS menu. Your documentation may tell you whch key that is. Otherwise start with ESC and work through to F12 and Delete. One of these keys, pressed immediately after boot power is applied, will bring up the boot menu. When the BIOS boot menu appears, find the entry that allows you to specify the boot order and put the CD device at the top.

The rest is following the Windows menu. F8 should not be involved in this case.

I work today and will start this tonight when i get home, I will let you know what happens. Hopefully all goes well, thank you again.

Thank you for all your help i finally got the cd to boot and i erased the whole computer and now finishing up on reinstalling all the information. Thank you!!!