I had the same problem of the userinit.exe but didnt resolve it so muc |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
  |
 Jun 25 2008, 04:15 PM
Post
#1
|
|
|
Member  Posts: 10 From: Mexico OS: Windows XP Professional Edition  |
So now for the Hijackthis log and the Combo Fix log. Thanks in advanced.  I forgot... Really sorry  When i click on the display options i get the error of rundll32.exe same logs and everything i just had forgotten. i dont know if that would help. This post has been edited by Ivanpm: Jun 25 2008, 04:30 PM
Attached File(s)
hijackthis_log.txt ( 10.68K )
Number of downloads: 17
ComboFix_log.txt ( 20.97K )
Number of downloads: 6 |
 |
 
|
|
Jun 25 2008, 04:43 PM
Post
#2
|
|
 Trusted Helper  Posts: 2,086 From: NE Victoria, Australia OS: WinXp SP3 |
Hi Ivanpm,
Welcome to Geeks to Go! I am sage5, and I will be helping you with this problem. Create a Startup list & an Uninstall list:
I will need you to paste the text from this file, as well as the text from startuplist.txt into your next post |
|
|
|
|
Jun 25 2008, 04:50 PM
Post
#3
|
|
|
Member Posts: 10 From: Mexico OS: Windows XP Professional Edition |
Ok, first i'll like to thank you for helping me sage.
***Edited*** Oh noes, i restarted my computer and it gave me the userinit.exe problem again This is weird last startup it didnt gave me errors and now it gave me that one. And again i restarted and it gave me the error so i guess it wasn't fixed.***Edited*** Sorry for having alot of stuff, my bro uses this comp but he refuses to clean so i will. Startuplist.txt(kinda big): StartupList report, 25/06/2008, 04:45:43 p.m. StartupList version: 1.52.2 Started from : D:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Unable to get Internet Explorer version! * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe D:\Nexon\Mabinogi\npkcmsvc.exe C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsCtrls.exe C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\pavsrv51.exe C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\AVENGINE.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\taskswitch.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\APVXDWIN.EXE D:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe D:\Program Files\Launchy\Launchy.exe D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe D:\Program Files\InterAct\Gaming Devices\JoyAct.exe D:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe c:\program files\prodigy antivirus\prodigy antivirus\WebProxy.exe C:\Program Files\Opera\Opera.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Sergio Perez\Start Menu\Programs\Startup] InterAct Profile Activator.lnk = D:\Program Files\InterAct\Gaming Devices\JoyAct.exe MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Launchy.lnk = D:\Program Files\Launchy\Launchy.exe Photo Express Calendar Checker SE.lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" SoundMan = SOUNDMAN.EXE NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe Norton Ghost 9.0 = C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe PE2CKFNT SE = D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe CoolSwitch = C:\WINDOWS\system32\taskswitch.exe PRISMSVR.EXE = "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY System Files Updater = C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime iTunesHelper = "D:\Program Files\iTunes\iTunesHelper.exe" Adobe Reader Speed Launcher = "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" APVXDWIN = "C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\APVXDWIN.EXE" /s COMODO Firewall Pro = "D:\Program Files\COMODO\Firewall\cfp.exe" -h -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe BitTorrent DNA = "C:\Program Files\DNA\btdna.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = C:\WINDOWS\notepad.exe %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=qcalcufl.dll C:\WINDOWS\system32\guard32.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: {12759758-d4e0-fd38-f434-fbc30d1e7554} - C:\WINDOWS\system32\encuuiot.dll - {4557e1d0-3cbf-434f-83df-0e4d85795721} (no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job RegSweep Scheduled Scan.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file:///C:/WINDOWS/Java/classes/xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://www.update.microsoft.com/windowsupd...b?1181323954859 [HpProductDetection Class] InProcServer32 = C:\Program Files\HP\Common\HPDeviceDetection.dll CODEBASE = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab [Java Plug-in 1.6.0_05] InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.4.1] InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll CODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll Protocol #1: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll Protocol #2: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll Protocol #3: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll Protocol #4: C:\WINDOWS\system32\mswsock.dll Protocol #5: C:\WINDOWS\system32\mswsock.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\rsvpsp.dll Protocol #8: C:\WINDOWS\system32\rsvpsp.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: c:\program files\prodigy antivirus\prodigy antivirus\pavlsp.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start) Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart) Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Servicio Bonjour: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) catchme: \??\C:\ComboFix\catchme.sys (manual start) CD-ROM Driver: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) COMODO Firewall Pro Helper Service: "D:\Program Files\COMODO\Firewall\cmdagent.exe" (autostart) COMODO Firewall Pro Sandbox Driver: System32\DRIVERS\cmdguard.sys (system) COMODO Firewall Pro Helper Driver: System32\DRIVERS\cmdhlp.sys (system) COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DBKDRVR54: \??\D:\Program Files\Cheat Engine\dbk32.sys (manual start) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Disk Driver: system32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Logical Disk Manager Driver: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) EPPSCSIx: \SystemRoot\System32\drivers\EPPSCSI.SYS (system) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) FLEXnet Licensing Service: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start) Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system) GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart) Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system) Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start) CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start) InCD File System: system32\drivers\InCDFs.sys (disabled) InCDPass: system32\drivers\InCDPass.sys (system) InCD Reader: system32\drivers\InCDRm.sys (system) COMODO Firewall Pro Firewall Driver: System32\DRIVERS\inspect.sys (system) IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start) IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start) Servicio del iPod: "C:\Program Files\iPod\bin\iPodService.exe" (manual start) IPSEC driver: system32\DRIVERS\ipsec.sys (system) IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start) LiveUpdate Notice Service Ex: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) LiveUpdate Notice Service: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Update Managere: C:\Program Files\WindowsUpdate\update (autostart) Driver for MagicISO SCSI Host Controller: system32\DRIVERS\mcdbus.sys (manual start) AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart) Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit: "D:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" (autostart) NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Mouse Class Driver: system32\DRIVERS\mouclass.sys (system) Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start) WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system) Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start) MySQL: "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL (autostart) Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: system32\DRIVERS\netbios.sys (system) NetBios over Tcpip: system32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\system32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled) 1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start) Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Norton Ghost: C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (autostart) npkcmsvc: D:\Nexon\Mabinogi\npkcmsvc.exe (autostart) npkcrypt: \??\D:\Nexon\Mabinogi\npkcrypt.sys (autostart) NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start) Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start) VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system) Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Panda Software Controller: "C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsCtrls.exe" (autostart) Parallel port driver: system32\DRIVERS\parport.sys (system) Panda Antivirus Filter Driver for x86: \??\C:\WINDOWS\system32\Drivers\pavdrv51.sys (autostart) Panda anti-virus service: "C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\pavsrv51.exe" (autostart) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) PnkBstrA: C:\WINDOWS\system32\PnkBstrA.exe (autostart) IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart) WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start) Processor Driver: system32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start) Panda IManager Service: "C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsImSvc.exe" (autostart) Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start) Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SCSI Scanner Driver: system32\DRIVERS\scsiscan.sys (manual start) Secdrv: system32\DRIVERS\secdrv.sys (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) System Restore Filter Driver: system32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Software Bus Driver: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{105B347E-FD77-4F87-81BB-5751DF84880D} (manual start) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system) Terminal Device Driver: system32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update Driver: system32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start) Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Servicio Lector del diario USN de Carpetas para compartir de Messenger: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start) User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Visual Studio Analyzer RPC bridge: D:\Archivos de Programa\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (manual start) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) WpdUsb: System32\Drivers\wpdusb.sys (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 39,121 bytes Report generated in 0.282 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only and Uninstall_list.txt: 2Wire Wireless Client 7-Zip 4.57 Actualizador de Catálogos del DIMM versión 2002 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Reader 8.1.2 - Español Adobe Setup Adobe Setup Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Agere Systems PCI Soft Modem Alt-Tab Task Switcher Powertoy for Windows XP Apple Mobile Device Support Apple Software Update ArtMoney SE v7.28 Asistente Prodigy AssaultCube v0.93 ATI Display Driver Autodesk 3ds Max 2008 32-bit AyudaIETU Batch File Compiler Professional Edition v4.0 DEMO Bonjour Call of Duty® 2 Cheat Engine 5.4 Combined Community Codec Pack 2006-12-15 COMODO Firewall Pro ConTEXT Declaración Informativa Múltiple 2008 3.3.3 Declariones Informativas de Operaciones con Terceros 1.0.0 Dev-C++ 5 beta 9 release (4.9.9.2) Dexpot 1.4 DIMM 2007 DIMM 2008 DivX Codec DivX Player DivX Web Player Dodgeball Alpha7.0 Driver Detective emu8086 microprocessor emulator Eternal Silence Beta 2.3 FlyakiteOSX Fraps (remove only) Free Pascal 2.2.0 Free Video Dub version 1.4 gmax GoldWave v5.20 Grand Chase GunboundWC GunZ Mouse Re-Binder 1.19 Half-Life 2 Half-Life 2: Deathmatch Half-Life 2: Lost Coast Halo 2 for Windows Vista Halo Editing Kit Halo Map Switcher v2 Hex Workshop v4.23 Hex Workshop v5 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB935448) HP Product Detection HTML Help Workshop Huffyuv AVI lossless video codec (Remove Only) ijji - Gunz InterAct Gaming Devices(Multi-language) iTunes Jailbreak Source v0.3.1 Java 2 Runtime Environment SE v1.4.1 Java Policy 1.0 Java™ 6 Update 5 Java™ SE Runtime Environment 6 Update 1 Launchy 2.0 Live Billiards LIVE gaming on Windows Runtime Version 1.0.6027 LiveUpdate 3.1 (Symantec Corporation) LiveUpdate BVRP Software LiveUpdate Notice (Symantec Corporation) Mabinogi Macromedia Extension Manager Macromedia Flash Player 8 Magic ISO Maker v5.4 (build 0251) MagicDisc 2.5.74 Magnifier Powertoy for Windows XP Malwarebytes' Anti-Malware Messenger Plus! Live & Sponsor (CiD) Mexican Motor Mafia Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Document Explorer 2005 Microsoft Document Explorer 2005 Microsoft Halo Microsoft Halo Custom Edition Microsoft Internationalized Domain Names Mitigation APIs Microsoft MSDN 2005 Express Edition - ENU Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Express Edition - ENU Microsoft Visual C++ 2005 Express Edition - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Express Edition - ENU Microsoft Visual C++ 2008 Express Edition - ENU Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries MiraScan V5.01 mobile PhoneTools Mozilla Firefox (2.0.0.14) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) MySQL Connector/ODBC 3.51 MySQL Server 5.0 Nero 7 Demo No-IP.com DUC (remove only) Norton Ghost 9.0 Notepad++ NVIDIA Photoshop Plug-ins Off Road Arena One-touch Multimedia Keyboard OpenAL OpenArena 0.7.7 patch Opera 9.50 PDF Settings Perfect Dark: Source Beta 1.1730 Philips Digital Audio Player Phun beta 3.5 Prodigy Antivirus Prodigy Infinitum Módem Router Inalámbrico Python 2.5.1 QuickTime Realtek AC'97 Audio ROOT Saints & Sinners Bowling SeaMonkey (1.1.7) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB946974) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Update for the 2007 Microsoft Office System (KB936960) Security Update for Visio 2007 (KB947590) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Skype™ 3.5 SmartCVS 6.0.8 SOFTIMAGE®|XSI® 4.2 ModTool Soldat 1.4.2 Source SDK Source SDK Base Splitting 4.3 SQLyog Community 6.03 Starcraft StarForge Steam SUA Tibia Tibia MULTI-ip changer Ulead Photo Express 2.0 SE Uninstall 1.0.0.0 Update for Office 2007 (KB932080) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb950378) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Ventrilo Client Virtools Web Player 3.5 Virtual Desktop Manager Powertoy for Windows XP Vista Start Menu VPython 3.2.11 Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Asistente para el inicio de sesión Windows Live installer Windows Live Mail Windows Live Messenger Windows Media Format SDK Hotfix - KB891122 Windows Presentation Foundation Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver World of Warcraft Worms Armageddon WoWscape Server Browser Xfire (remove only) Yahoo! Toolbar ZoneAlarm Spy Blocker This post has been edited by Ivanpm: Jun 25 2008, 09:24 PM |
|
|
|
|
Jun 26 2008, 06:47 AM
Post
#4
|
|
|
Trusted Helper Posts: 2,086 From: NE Victoria, Australia OS: WinXp SP3 |
Can you restart & this time copy down exactly what the error message says.
|
|
|
|
|
Jun 26 2008, 11:35 AM
Post
#5
|
|
|
Member Posts: 10 From: Mexico OS: Windows XP Professional Edition |
ok. i got the error of userinit at startup:
2 messages of the same error. userinit.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. Then when i want to get on my display and it gives me the rundll32.exe error: 2 messages of the same error. rundll32.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. Next i try to open cmd and i get an error too: 2 messages of the same error. cmd.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. And thats all i have found but in the rundll32.exe i think that program does alot of stuff and if i try to open any of those it says that error. oh, btw i cannot click on anything in control panel because it gives me the rundll32.exe error. This post has been edited by Ivanpm: Jun 26 2008, 03:08 PM |
|
|
|
|
Jun 26 2008, 07:08 PM
Post
#6
|
|
|
Trusted Helper Posts: 2,086 From: NE Victoria, Australia OS: WinXp SP3 |
Hi Ivanpm,
Run HijackThis.
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
Remove folders & files:
Create a CombFix Script:
CODE File:: C:\WINDOWS\system32\encuuiot.dll C:\WINDOWS\system32\qcalcufl.dll C:\WINDOWS\system32\tgbbhbap.dll C:\WINDOWS\system32\pwtypnwj.dll C:\WINDOWS\system32\cauiglni.dll C:\WINDOWS\system32\fbhkudlg.dll C:\WINDOWS\system32\cmax20.ocx C:\WINDOWS\system32\gvtjfigq.dll C:\WINDOWS\system32\dogodvai.dll C:\WINDOWS\system32\damirjio.dll C:\WINDOWS\system\u_inst.exe Folder:: C:\Program Files\WindowsUpdate Driver:: ManagereUpdate DBKDRVR54 Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="C:\\WINDOWS\system32\\guard32.dll" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\DNA\\btdna.exe"=- "D:\\Program Files\\BitTorrent\\bittorrent.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caee3f1f-1559-11dc-ac73-001617206c73}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d81feb18-15fa-11dc-ac7b-001617206c73}]
Cheers, sage5 |
|
|
|
|
Jun 27 2008, 03:24 PM
Post
#7
|
|
|
Member Posts: 10 From: Mexico OS: Windows XP Professional Edition |
Hi and sorry for the delay.
Here are the files: ComboFix.txt Hijackthis_log.txt and about the things in add/remove programs i don't know or recognize. They are: Bonjour DNA MSXML 4.0 SP2 Parser and SDK (and some other versions of the same MSXML) i think thats all. This post has been edited by Ivanpm: Jun 27 2008, 06:15 PM
Attached File(s)
|
|
|
|
|
Jun 28 2008, 07:00 AM
Post
#8
|
|
|
Trusted Helper Posts: 2,086 From: NE Victoria, Australia OS: WinXp SP3 |
Hi Ivanpm, Run HijackThis.
After that your log should be clean, so we can deal with some final cleanup tasks. Of the apps mentioned: Bonjour & DNA -->> these can both go. MSXML 4.0 SP2 Parser and SDK (and some other versions of the same MSXML) -->> these are part of Windows & should be left alone. Clean out cookies, temp files etc: Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
Time for some housekeeping: Follow these steps to uninstall Combofix and tools used in the removal of malware
To Clear Restore points, please do the following:
Lastly, some extra or better security for your PC: The programs recommended bel |
