userinit virus and other nasty viruses

View previous topic View next topic Go down

userinit virus and other nasty viruses

Post by bronbron81 on 2nd March 2009, 7:02 am

Just recently I have been infected with some nasty viruses and I just can't seem to get rid of them. I downloaded spybot search and destroy and that didn't help. I got trial versions of bitdefender, spyware doctor, and super anti spyware and they didn't help. My problem is that my logon screen suddenly changed from the normal logon screen to a different screen where I have to manually insert my user name and then enter my password. Following that I get the userinit.exe application error. Also my explorer.exe won't load. Even after I have started a new task it gives me a application error saying that it has to close. Basically I have a screen with a wallpaper and can't do very much. Ohh and I also have norton antivirus 2006 but my subscription ran out and I haven't updated it in a long time so it is basically ineffective. Please!!!!! help. Here is my Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:55 AM, on 3/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\6.tmp
C:\Documents and Settings\Michael\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BDWizReg] "C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe" /complete
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. [You must be registered and logged in to see this link.] - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9131 bytes

bronbron81
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2009-03-02
OS OS : Window Xp Media center edition 2005
Points Points : 28646
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit virus and other nasty viruses

Post by Belahzur on 2nd March 2009, 2:11 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: userinit virus and other nasty viruses

Post by bronbron81 on 2nd March 2009, 4:53 pm

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Michael at 11:47:35.45 on Mon 03/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.236 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: BitDefender Firewall *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [BDWizReg] "c:\program files\bitdefender\bitdefender 2009\bdwizreg.exe" /complete
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\jo8eqf4q.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-28 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-28 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-28 81288]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-28 160792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-28 356920]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 102208]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
S1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-27 53896]
S2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82568]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 116224]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-7 133744]
S2 pcistub;pcistub;\??\c:\windows\system32\pcistub.sys --> c:\windows\system32\pcistub.sys [?]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2006-3-16 14336]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2006-3-16 65536]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-2-25 1119888]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 139264]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NAVENG.Sys [2009-2-25 77864]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060514.008\NavEx15.Sys [2009-2-25 799208]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-27 334984]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-27 198368]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-28 1079176]

bronbron81
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2009-03-02
OS OS : Window Xp Media center edition 2005
Points Points : 28646
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit virus and other nasty viruses

Post by bronbron81 on 2nd March 2009, 4:54 pm

=============== Created Last 30 ================

2009-03-02 11:45 577,024 a------- c:\windows\system32\rlkz
2009-03-02 11:45 105,984 a------- c:\windows\system32\3.tmp
2009-03-02 11:45 40 a------- c:\windows\system32\2.tmp
2009-03-02 01:42 262,144 a------- c:\windows\system32\nvtpm32.dll
2009-03-02 01:42 105,984 a------- c:\windows\system32\azton.mt
2009-03-02 01:42 105,984 a------- c:\windows\system32\6.tmp
2009-03-02 01:42 40 a------- c:\windows\system32\5.tmp
2009-03-02 01:36 --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-02 01:19 850 a------- c:\windows\system32\ProductTweaks.xml
2009-03-02 01:19 385 a------- c:\windows\system32\user_gensett.xml
2009-03-02 01:14 --d----- c:\windows\system32\logs
2009-03-02 01:14 --d----- c:\docume~1\michael\applic~1\BitDefender
2009-03-02 01:13 --d----- c:\program files\BitDefender
2009-03-02 01:13 --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-03-02 01:11 --d----- c:\program files\common files\BitDefender
2009-03-01 23:13 577,024 a------- c:\windows\system32\vuxkf
2009-03-01 22:37 577,024 a------- c:\windows\system32\uufiiqew
2009-03-01 19:06 --d----- c:\docume~1\michael\applic~1\Malwarebytes
2009-03-01 19:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 19:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 19:06 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 19:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-01 18:54 --d----- c:\program files\Spybot - Search & Destroy
2009-03-01 18:54 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-01 18:30 577,024 a------- c:\windows\system32\bopukgwbx
2009-03-01 16:30 577,024 a------- c:\windows\system32\ajplsm
2009-03-01 16:16 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-01 16:16 --d----- c:\program files\SUPERAntiSpyware
2009-03-01 16:16 --d----- c:\docume~1\michael\applic~1\SUPERAntiSpyware.com
2009-03-01 14:26 577,024 a------- c:\windows\system32\htnwsrg
2009-03-01 13:23 577,024 a------- c:\windows\system32\hyvkqk
2009-03-01 13:23 105,984 a------- c:\windows\system32\1A.tmp
2009-03-01 13:23 40 a------- c:\windows\system32\19.tmp
2009-03-01 13:08 577,024 a------- c:\windows\system32\ylsalcc
2009-03-01 13:08 105,984 a------- c:\windows\system32\17.tmp
2009-03-01 13:08 40 a------- c:\windows\system32\16.tmp
2009-03-01 13:04 577,024 a------- c:\windows\system32\pomyc
2009-03-01 13:04 105,984 a------- c:\windows\system32\14.tmp
2009-03-01 13:04 40 a------- c:\windows\system32\13.tmp
2009-03-01 12:41 8,540 a------- c:\windows\system32\11.tmp
2009-03-01 12:40 40 a------- c:\windows\system32\10.tmp
2009-03-01 11:46 577,024 a------- c:\windows\system32\rxfiub
2009-03-01 00:48 --d----- c:\windows\system32\LogFiles
2009-03-01 00:37 577,024 a------- c:\windows\system32\dbvuw
2009-02-28 23:11 577,024 a------- c:\windows\system32\ntaqx
2009-02-28 23:02 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-02-28 23:02 --d----- c:\program files\common files\PC Tools
2009-02-28 23:02 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-28 23:02 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-28 23:02 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-28 23:02 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-28 23:02 --d----- c:\program files\Spyware Doctor
2009-02-28 23:02 --d----- c:\docume~1\michael\applic~1\PC Tools
2009-02-28 23:02 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-28 18:30 577,024 a------- c:\windows\system32\rdpmh
2009-02-28 18:12 --d----- c:\program files\common files\Stardock
2009-02-28 18:12 --d----- c:\program files\Stardock
2009-02-28 17:06 0 a------- c:\windows\mqcd.dbt
2009-02-28 17:06 90,112 a------- c:\windows\system32\20092644.dll
2009-02-28 17:06 77,824 a------- c:\windows\system32\u172856240.dll
2009-02-28 17:06 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-28 17:06 198 a------- c:\windows\system32\xcchit32.ini
2009-02-28 17:05 32,768 a------- c:\windows\system32\odjan.wa
2009-02-28 17:05 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-02-28 17:05 32,768 a------- c:\windows\system32\kei1w.an
2009-02-28 17:05 77,312 a------- c:\windows\system32\rkoq.pxf
2009-02-28 17:05 28,672 a------- c:\windows\system32\doqkm.zt
2009-02-28 17:05 577,024 a------- c:\windows\system32\dllcache\user32.dll
2009-02-28 17:05 598 a------- c:\windows\xccwinsys.ini
2009-02-28 17:05 0 a------- c:\windows\system32\6F5.tmp
2009-02-28 17:05 --d----- c:\windows\system32\inf
2009-02-28 17:05 105,984 a------- c:\windows\system32\6F3.tmp
2009-02-28 17:05 40 a------- c:\windows\system32\6F2.tmp
2009-02-28 17:03 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-02-28 17:03 28,416 a------- c:\windows\system32\uxtuneup.dll
2009-02-28 17:03 --d----- c:\docume~1\michael\applic~1\TuneUp Software
2009-02-28 17:03 --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-02-28 17:03 --d----- c:\program files\TuneUp Utilities 2008
2009-02-28 17:02 --d----- c:\program files\common files\Wise Installation Wizard
2009-02-28 15:38 --d----- c:\program files\MSXML 4.0
2009-02-27 23:40 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-27 23:40 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-27 23:40 --d----- c:\program files\iPod
2009-02-27 23:40 --d----- c:\program files\iTunes
2009-02-27 23:40 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-27 23:39 --d----- c:\program files\Bonjour
2009-02-27 18:01 --d----- c:\windows\system32\CatRoot_bak
2009-02-27 18:01 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-27 18:01 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-02-27 17:59 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-27 17:59 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-27 17:59 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-27 17:59 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-27 17:59 3,067,392 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-27 17:59 39,936 -------- c:\windows\kb913800.exe
2009-02-27 17:58 202,752 -------- c:\windows\system32\dllcache\rmcast.sys
2009-02-27 17:58 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-27 17:58 2,330,624 -------- c:\windows\system32\dllcache\WMVCore.dll
2009-02-27 17:58 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-02-27 17:58 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-02-27 17:58 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-27 17:57 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-02-27 17:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-02-27 17:57 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-02-27 17:56 --d----- c:\windows\system32\PreInstall
2009-02-26 23:43 --d----- c:\program files\PeerGuardian2
2009-02-26 23:41 --d----- c:\program files\uTorrent
2009-02-26 23:41 --d----- c:\docume~1\michael\applic~1\uTorrent

bronbron81
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2009-03-02
OS OS : Window Xp Media center edition 2005
Points Points : 28646
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit virus and other nasty viruses

Post by bronbron81 on 2nd March 2009, 4:54 pm

2009-02-26 17:01 --d----- c:\program files\RocketDock
2009-02-26 16:36 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-26 16:36 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-02-26 16:36 21,504 a------- c:\windows\system32\hidserv.dll
2009-02-26 16:36 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2009-02-26 16:36 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-26 16:36 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-02-26 16:36 26,496 a------- c:\windows\system32\dllcache\usbstor.sys
2009-02-26 00:28 --ds---- c:\documents and settings\michael\Temporary Internet Files
2009-02-26 00:28 --ds---- c:\documents and settings\michael\History
2009-02-26 00:26 --d----- c:\docume~1\michael\applic~1\Symantec
2009-02-26 00:26 --d----- c:\docume~1\michael\applic~1\Intuit
2009-02-26 00:26 --d----- c:\documents and settings\Michael
2009-02-26 00:02 185,344 a------- c:\windows\system32\Thawbrkr.dll
2009-02-26 00:02 10,752 a------- c:\windows\system32\c_iscii.dll
2009-02-26 00:02 66,594 a------- c:\windows\system32\c_864.nls
2009-02-26 00:02 66,594 a------- c:\windows\system32\c_720.nls
2009-02-26 00:02 66,082 a------- c:\windows\system32\c_708.nls
2009-02-26 00:02 66,082 a------- c:\windows\system32\C_28596.NLS
2009-02-26 00:02 66,082 a------- c:\windows\system32\c_10004.nls
2009-02-26 00:02 5,632 a------- c:\windows\system32\kbdusa.dll
2009-02-26 00:02 66,594 a------- c:\windows\system32\c_862.nls
2009-02-26 00:02 66,082 a------- c:\windows\system32\c_10005.nls
2009-02-26 00:02 66,082 a------- c:\windows\system32\c_10021.nls
2009-02-26 00:02 6,144 a------- c:\windows\system32\ftlx041e.dll
2009-02-25 23:27 333 a------- c:\windows\system32\$ncsp$.inf
2009-02-25 23:23 --d----- c:\windows\system32\appmgmt
2009-02-25 23:22 25,214 a------- c:\windows\Extended Service.ico
2009-02-25 23:22 13,942 a------- c:\windows\accessories.ico
2009-02-25 23:22 9,158 a------- c:\windows\ebay.ico
2009-02-25 23:22 5,694 a------- c:\windows\Snapfish_photo.ico
2009-02-25 23:22 22,198 a------- c:\windows\system32\OEMLogo.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Wave Aqua.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Air.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Wave.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Blue Sonic.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Fractal Blue.bmp
2009-02-25 23:22 6,912,056 a------- c:\windows\Crystal Rush.bmp
2009-02-25 23:10 266,240 a------- c:\windows\system32\ShellvRTF64.dll
2009-02-25 23:10 237,568 a------- c:\windows\system32\ShellvRTF.dll
2009-02-25 23:10 --d----- c:\windows\SMINST
2009-02-25 23:09 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-02-25 23:09 14,848 a------- c:\windows\system32\dllcache\kbdhid.sys
2009-02-25 23:09 999,424 a------- c:\windows\system32\BttnCmns.dll
2009-02-25 23:09 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-02-25 23:09 9,344 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-02-25 23:09 7,808 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-02-25 23:09 5,760 a------- c:\windows\system32\drivers\EabUsb.sys
2009-02-25 22:56 --d----- c:\windows\Downloaded Installations
2009-02-25 22:56 --d----- c:\windows\system32\SoftwareDistribution
2009-02-25 22:55 --d----- c:\program files\Quicken
2009-02-25 22:55 --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-02-25 22:55 31 a------- c:\windows\QUICKEN.INI
2009-02-25 22:55 --d----- c:\program files\Quickensetup
2009-02-25 22:55 --d----- c:\program files\Windows Media Connect 2
2009-02-25 22:54 --d----- c:\program files\Microsoft Office Trial Wizard
2009-02-25 22:54 --d----- c:\program files\DivX
2009-02-25 22:53 --d----- c:\program files\muvee Technologies
2009-02-25 22:52 --d----- c:\program files\music_now
2009-02-25 22:51 45,929 a------- c:\windows\NSSetDefaultBrowser.EXE
2009-02-25 22:51 698 a------- c:\windows\NSSetDefaultBrowser.ini
2009-02-25 22:51 --d----- c:\program files\Netscape
2009-02-25 22:50 --d----- c:\program files\Yahoo!
2009-02-25 22:42 --d----- c:\program files\WildTangent
2009-02-25 22:37 1,473 a------- C:\hpqp.ini
2009-02-25 22:37 39 a------- C:\XP_TV.ini
2009-02-25 22:37 44,544 a------- c:\windows\system32\msxml4a.dll
2009-02-25 22:36 --d----- c:\windows\system32\ReinstallBackups
2009-02-25 22:36 69,722 a------- c:\windows\system32\SynTPFcs.dll
2009-02-25 22:36 193,056 a------- c:\windows\system32\drivers\SynTP.sys
2009-02-25 22:36 114,688 a------- c:\windows\system32\SynCtrl.dll
2009-02-25 22:36 94,298 a------- c:\windows\system32\SynTPAPI.dll
2009-02-25 22:36 82,013 a------- c:\windows\system32\SynCOM.dll
2009-02-25 22:36 81,920 a------- c:\windows\system32\SynTPCo2.dll
2009-02-25 22:36 --d----- c:\program files\Synaptics
2009-02-25 22:36 376 a------- c:\windows\ODBC.INI
2009-02-25 22:36 17,920 a------- c:\windows\system32\mdimon.dll
2009-02-25 22:32 --d----- c:\program files\Encarta Online
2009-02-25 22:31 --d----- c:\program files\RGB
2009-02-25 22:30 --d----- c:\windows\CREATOR
2009-02-25 22:27 --d----- c:\program files\GemMaster
2009-02-25 22:27 --d----- c:\program files\EnglishOtto
2009-02-25 22:22 28,836 a------- c:\windows\system32\oeminfo.ini
2009-02-25 22:21 1,659 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG253UA#ABA)_YN_0Pavi_QCNF6414BPK_E432250001_46_I30B7_SQuanta_V65.2B_BF.3D_T071122_WXP2_L409_M479_J80_7AMD_8Turion 64 Technology MK-36_92.01_#090225_N14E44311_(RG253UA#ABA)_XMOBILE.MRK
2009-02-25 22:19 45,056 a------- c:\windows\system32\runclose.ocx
2009-02-25 22:19 a-d----- c:\windows\system32\pcintro
2009-02-25 22:18 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-25 22:18 --d----- C:\hp
2009-02-25 22:13 10,344 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-02-25 22:13 --d----- c:\program files\Norton Internet Security
2009-02-25 22:12 107,696 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-25 22:12 87,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-25 22:12 --d----- c:\program files\Symantec
2009-02-25 22:11 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-02-25 22:11 --d----- c:\program files\common files\Symantec Shared
2009-02-25 22:10 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-02-25 22:10 --d----- c:\program files\CONEXANT
2009-02-25 22:05 --d----- c:\windows\system32\msmq
2009-02-25 22:00 17,024 a------- c:\windows\system32\drivers\usbohci.sys
2009-02-25 22:00 196,608 a------- c:\windows\system32\nvunrm.exe
2009-02-25 22:00 101,888 a------- c:\windows\system32\drivers\nvtcp.sys
2009-02-25 22:00 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-02-25 22:00 196,608 a------- c:\windows\system32\nvuide.exe
2009-02-25 22:00 1,570 a------- c:\windows\system32\nvide.nvu
2009-02-25 22:00 51,048 a------- c:\windows\system32\nvapps.xml
2009-02-25 22:00 229,376 a------- c:\windows\system32\nvudisp.exe
2009-02-25 22:00 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-02-25 22:00 --d----- c:\windows\nview
2009-02-25 21:56 --d-h--- c:\program files\WindowsUpdate
2009-02-25 21:56 --d----- c:\program files\Windows Plus
2009-02-25 21:56 --d----- c:\program files\Windows NT
2009-02-25 21:56 --d----- c:\program files\Sonic
2009-02-25 21:56 --d----- c:\program files\Online Services
2009-02-25 21:56 --d----- c:\program files\MSN Gaming Zone
2009-02-25 21:56 --d----- c:\program files\Messenger
2009-02-25 21:56 --d----- c:\program files\HPQ
2009-02-25 21:56 --d----- c:\program files\HP
2009-02-25 21:56 --d----- c:\program files\common files\TiVo Shared
2009-02-25 21:56 --d----- c:\program files\common files\SureThing Shared
2009-02-25 21:56 --d----- c:\program files\common files\SpeechEngines
2009-02-25 21:56 --dsh--- c:\documents and settings\all users\DRM
2009-02-25 21:56 --d--r-- c:\documents and settings\all users\Documents
2009-02-25 21:56 --d----- c:\program files\common files\Sonic Shared
2009-02-25 21:56 --d----- c:\program files\common files\ODBC
2009-02-25 21:56 --d----- c:\program files\common files\MSSoap
2009-02-25 21:56 --d----- c:\program files\common files\HP
2009-02-25 21:56 --d----- c:\docume~1\alluse~1\applic~1\SBSI

==================== Find3M ====================

2009-03-02 01:42 577,024 a------- c:\windows\system32\user32.DLL
2009-02-25 23:08 92,819 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 11:48:01.71 ===============

bronbron81
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2009-03-02
OS OS : Window Xp Media center edition 2005
Points Points : 28646
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit virus and other nasty viruses

Post by Belahzur on 2nd March 2009, 5:42 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum