Krisstheking Posted July 13, 2006 Share Posted July 13, 2006 Well, I just read about Hijackthis, and it seems like a great program.Some weeks ago I had this virus that infected my startupfile userinit.dll, so I totaly had to delete that file.So at every startup I get this Error: Userinit.dll not found. Then everything freezes, and I have to open explorer.exe to continue. Except from that everything is running normal.Im not sure if I still have a virus or any malware on my computer, so I scanned trough with Hijackthis, and here is my log:Logfile of HijackThis v1.99.1Scan saved at 00:10:55, on 14.07.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programfiler\Alwil Software\Avast4\aswUpdSv.exeC:\Programfiler\Alwil Software\Avast4\ashServ.exeC:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\WebDrive\wdservice.exeC:\Programfiler\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\explorer.exeC:\Programfiler\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Programfiler\Synaptics\SynTP\SynTPLpr.exeC:\Programfiler\Synaptics\SynTP\SynTPEnh.exeC:\Programfiler\TOSHIBA\TouchED\TouchED.ExeC:\Programfiler\TOSHIBA\TOSHIBA-kontroller\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exeC:\WINDOWS\MXOALDR.EXEC:\WINDOWS\system32\TPSBattM.exeC:\Programfiler\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\PestPatrol\PPMemCheck.exeC:\Programfiler\PestPatrol\CookiePatrol.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programfiler\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Programfiler\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Skrivebord\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.noR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoblingerF2 - REG:system.ini: UserInit=rundll32 "C:\WINDOWS\userinit.dll" initializeO2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Security Toolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - (no file)O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dllO3 - Toolbar: Security Toolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - (no file)O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dllO4 - HKLM\..\Run: [sigmaTel StacMon] C:\Programfiler\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TFNF5] TFNF5.exeO4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exeO4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXEO4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exeO4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exeO4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programfiler\WebDrive\wdservice.exeO23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Programfiler\Kerio\WinRoute Firewall\winroute.exe Link to comment Share on other sites More sharing options...
CptMurphy Posted July 14, 2006 Share Posted July 14, 2006 You don't seem to have any malware. Just pop in the winXP cd and run sfc /scannow from the run dialog. Link to comment Share on other sites More sharing options...
Bader15 Posted July 18, 2006 Share Posted July 18, 2006 this value is wormO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietplease delete it have fun Link to comment Share on other sites More sharing options...
gamehead200 Posted July 18, 2006 Share Posted July 18, 2006 this value is wormO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietplease delete it have fun http://www.liutilities.com/products/wintas...sslibrary/nwiz/http://www.neuber.com/taskmanager/process/nwiz.exe.htmlEverything looks clean from here... Unless I overlooked something. Link to comment Share on other sites More sharing options...
Tarun Posted July 18, 2006 Share Posted July 18, 2006 Yep, everything is clean. It's possible a registry issue is causing the error of the file not being found to appear.Do you currently use any registry cleaning software? Link to comment Share on other sites More sharing options...
Jeremy Posted July 19, 2006 Share Posted July 19, 2006 this value is wormO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietplease delete it have funThat's Nvidia, not malware. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now