mntanakd

2nd part. Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f94dc4929d8d1aa2a574d1884c9511b5_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Media Inde

Here is the first part of Kaspersky log, KASPERSKY ONLINE SCANNER REPORT Tuesday, April 08, 2008 5:21:15 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/04/2008 Kaspersky Anti-Virus database records: 690768 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics:

I tried to add Kaspersky log but it said it was too long, so what part do you need.

Trying to cut and paste the Kaspersky log keeps hanging my system is there another way to get it to you? File says its 7.2 mg.

Heres the logs, Machine appears to be ok, I'm able to log on to desktop of 4 different profiles, networking seems to be ok. I still get the Coredll.dll on bootup and when logging into the profiles but that appears to be an issue with Music Juke box software, I'll see if they have the install cd's Combofix ComboFix 08-04-02.1 - Alma Rodriguez 2008-04-03 19:52:51.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.236 [GMT -6:00] Running from: C:\Documents and Settings\Alma Rodriguez\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Alma Rodriguez\Desk

Heres anther requested log. winxpsp1_en_hom_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

I ran the combo fix and here are the logs you requested. For an fyi I had an error after reboot MM_Tray.exe Unable to locate component The application faied to start because Coredll.dll was not found. I dont know if this came before the other issue or not and now machine boots to a desktop environment where it didnt before. Combo fix ComboFix 08-04-02.1 - Alma Rodriguez 2008-04-03 17:52:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.321 [GMT -6:00] Running from: C:\Documents and Settings\Alma Rodriguez\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE R

I had to download the Hijack this onto a different machine and copy to the affected machine via a USB key, as I'm unable to get the affected machine to boot to a desktop.Will this work ok if I do the same but copy and run the combo fix from the desktop?

Here is the log you requested. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:46:31 PM, on 4/2/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\

Ok Thank you for your response. I will be in So Calif for a few days but will look into this upon my return, Thanks again.

Neighbor asked me to look at his system and upon bootup he gets C:\windows\system32\wowfx.dll is not a valid windows image in a box services.exe you click ok then it gives same message in a lsass.exe box. Then after you click a user name to log on it hangs on a splash screen with out desktop icons.