Home > Infected With > Infected With ? Userinit & Rundll32 Errors

Infected With ? Userinit & Rundll32 Errors

Now I'm left with uid coming back and downloading backdoor.bots, and I think user miekiemoes has just inadvertently helped me in another topic which is almost identical to the stage I'm Please re-enable javascript to access full functionality. You should use it too. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & check over here

To learn more and to read the lawsuit, click here. I initially thought I had registry issues as the computer was running very slow following uninstallation of several programs and so I tried a couple of registry cleaners, all of which You may have to register before you can post: click the register link above to proceed. ActiveScan.txt from Panda an extra.txt from dss is attached. https://www.bleepingcomputer.com/forums/t/355949/infected-with-userinit-rundll32-errors/

Also, I've not had the external drive attached, if I re-attach it and run a virus scan - will that suffice. Many thanks for your help. If not please perform the following steps below so we can have a look at the current condition of your machine. shrek8623.07.2008, 18:52I have tried using other antivirus software with basically the same results, they show some trojans, I quarantine and remove them but the error messages still appear and the antivirus

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Antimalwaremalpedia Known threats:614,432 Last Update:January 24, 11:39 DownloadPurchaseFAQSupportBlogAbout UsScan Your PC!Testimonials Just want to say that apparently your Exterminate It has worked like a charm. In http://forums.malwarebytes.org/index.php?showtopic=40652 the problem is uid and 4 backdoor.bots. Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion userinit.exe problems by sdavis0000

From what I have gathered, the backdoor.bots aren't severe in terms of backdoor.bots and the userinit shouldn't be deleted but is infected. The standard version can be downloaded for free from different websites. Please be gentle.GMER 1.0.15.15477 - http://www.gmer.netRootkit scan 2010-10-24 15:30:03Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: D:\Windows\Temp\ugtdapow.sys---- System - GMER 1.0.15 ----SSDT 8A2E6BE8 ZwAllocateVirtualMemorySSDT 8A3CF1E0 ZwCreateKeySSDT 8A39E1E0 ZwCreateProcessSSDT 8A39E168 ZwCreateProcessExSSDT 8A2E6EB8 ZwCreateThreadSSDT Register now!

I haven't been using the laptop whilst we've been going through this combofix process, so I don't know how it's doing. Share this post Link to post Share on other sites John26    New Member Topic Starter Members 10 posts ID: 5   Posted March 28, 2010 Been doing stuff by myself Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -schedulerO4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

Again THANK YOU for all the advice given. computer won't take cookies, other pop ups, spybot said I had vundo virus, downloader.norton has been running sometimes and didn't detect until after spybot. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Its free.

Please check this Winlogon Userinit Removal Guide and use this full registry values collection for Manual Winlogon Userinit Removal. check my blog I am using Windows XP Media Center. Additionally I would recommend using a Ad-aware and Spy boot Search and Destroy. This is what is happening right now.

Attached Files ActiveScan.txt (8.8 KB, 25 views) extra.txt (10.2 KB, 17 views) Remove Advertisements Sponsored Links TechSupportForum.com Advertisement « MrOinfu572.exe Help please | Trj rebooter j., downloader generic7.nwa, A case like this could easily cost hundreds of thousands of dollars. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). this content If you click on this in the drop-down menu you can choose Track this topic.

Patriots vs Falcons NO CONNECTIVITY » Site Navigation » Forum> User CP> FAQ> Support.Me> Steam Error 118> 10.0.0.2> Trusteer Endpoint Protection All times are GMT -7. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it shrek8630.07.2008, 18:41Thanks for all the advice, I couldn't format the computer because I didn't have the windows disk but I used a antivirus software (AVG) and scanned in safe mode, this

A case like this could easily cost hundreds of thousands of dollars.

Thanks again for the assistance, as you may have picked up, I need it! 18-06-2008,12:24 AM #4 Speedy Gonzales View Profile View Forum Posts Private Message Member Join Date Dec 2004 miekiemoes in his first post response noticed UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mskqyj32.exe in the HJT, identical to my "F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msfqqn32.exe" its the exact same ms****32.exe in userinit producing the same results in malwarebytes The only was I can then get the desktop to appear is to start windows explorer through the new task option of the task manager. Last edited by Speedy Gonzales; 16-06-2008 at 11:09 PM. 17-06-2008,11:58 PM #3 scottyc130 View Profile View Forum Posts Junior Member Join Date Jun 2008 Posts 4 Re: rundll32.exe and userinit.exe errors

How is the PC doing? If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Combofix went throught a whole process to find the infected file, which I already knew was userinit.exe thats why I posted here. have a peek at these guys Should I now reinstall Webroot and use laptop as normal, then report back.

There was clearly a ms****.exe problem that you missed but Mikemoes saw on another very similar topic. Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started About CNET Privacy Policy Ad Choice Terms of Use Mobile User Agreement Help Center Exterminate It! I have to use the task manager to regain the desktop.

Maybe you should try another AV tool and check files again. What a God send! scanning hidden autostart entries ... Press any key to continue whereupon it closesAlso had hours of fun with GMER which froze 4 times and wouldn't let me save anything, eventually managed to get the report shown

Antimalware. userinit & rundll32 errors Started by doc518 , Oct 24 2010 09:40 AM Prev Page 2 of 2 1 2 This topic is locked 20 replies to this topic #16 myrti