Windows automatically logs off when trying to login

[ajkool2000]

Hi, I'm trying to figure out how to fix a desktop computer I have. It is an HP Pavilion a1310n with Microsoft Windows XP Media Center Edition 2005. I know that the HJT is to be posted before receiving assistance, but due to the problem with the PC I am unable to download and install that. The problem is the computer had a tricky virus (unfortunately I can't remember what it was called) and I used Malwarebytes' Anti Malware to remove it. The virus was one of the fake virus removers that pop up telling you you have so many viruses and you need to download this other remover to get rid of them. I know that doesn't narrow it down much, forgive me. I think the problem is that Malwarebytes' Anti Malware removed the userinit.exe file, which is causing the problem. What happens is when it boots up, it goes to the Windows login screen, where the profile HP_Administrator is available. When clicking on it, it says loading personal settings. Then there is a very brief flash of the desktop background, then automatically logs off saying saving personal settings, and reverts back to the login screen. The same thing happens under Safe Mode. I had copied the file from the restore partition that HP computers come with from d:\i386, but it could not be expanded in the c:\windows\system32 folder. Any assistance would be greatly appreciated.

Thanks so much,
Amanda

[Blade81]

Hi Amanda

I had copied the file from the restore partition that HP computers come with from d:\i386, but it could not be expanded in the c:\windows\system32 folder.

If you have access to d: drive then try following command:
expand d:\i386\userinit.ex_

Let me know how that goes.

[ajkool2000]

Hello Blade,

Yes I have access to D: drive through the recovery console. I typed in that command with the following result:

userinit.exe
1 file(s) expanded.

Amanda

[Blade81]

Ok. Are you able to reboot normally after that operation? If yes, please post hjt log as instructed in our BEFORE you POST (READ this Procedure BEFORE Requesting Assistance)

[ajkool2000]

Hello again Blade,

I tried restarting, and unfortunately that did not fix the problem. Is it because the D: drive is the HP recovery partition?

It is still booting up to the Windows login screen with the user HP_Administrator & when clicking on it, it says 'Loading your personal settings', shows a brief view of the Desktop Background, and then it says 'Saving your personal settings' going back to the login screen.

Amanda

[Blade81]

Hi

In recovery console make sure you're on windows folder of c: drive and then give command dir userinit.exe /s

Does it list any instances? In which locations?

[ajkool2000]

Hi,

When typing 'dir userinit.exe /s' I received the following output:
'The parameter is not valid. Try /? for help.'

So I tried the command 'dir userinit.exe' and received the following output:
'Directory of C:\WINDOWS\userinit.exe
No matching files were found.'

Amanda

[Blade81]

Sorry, my bad. In recovery console give following command:
dir c:\windows\system32\init32.exe

If the file is found, continue with following commands:
copy c:\windows\system32\init32.exe c:\windows\system32\dllcache\userinit.exe
copy c:\windows\system32\init32.exe c:\windows\system32\userinit.exe

If no error is given, reboot and let me know how it goes.

[ajkool2000]

Hello again,

It worked!
Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:07 Betty, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1160159901\ee\AOLSoftware.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Ascentive\Performance Center\APCMain.exe
C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 81.216.70.132 www.msn.no
O1 - Hosts: 81.216.70.132 www.msn.se
O1 - Hosts: 81.216.70.132 www.msn.co.uk
O1 - Hosts: 81.216.70.132 www.msn.de
O1 - Hosts: 81.216.70.132 www.msn.dk
O1 - Hosts: 81.216.70.132 msn.no
O1 - Hosts: 81.216.70.132 msn.se
O1 - Hosts: 81.216.70.132 msn.co.uk
O1 - Hosts: 81.216.70.132 msn.de
O1 - Hosts: 81.216.70.132 msn.dk
O1 - Hosts: 81.216.70.132 www.altavista.com
O1 - Hosts: 81.216.70.132 www.altavista.no
O1 - Hosts: 81.216.70.132 www.altavista.se
O1 - Hosts: 81.216.70.132 www.altavista.dk
O1 - Hosts: 81.216.70.132 www.altavista.de
O1 - Hosts: 81.216.70.132 www.altavista.co.uk
O1 - Hosts: 81.216.70.132 altavista.com
O1 - Hosts: 81.216.70.132 altavista.no
O1 - Hosts: 81.216.70.132 altavista.se
O1 - Hosts: 81.216.70.132 altavista.dk
O1 - Hosts: 81.216.70.132 altavista.de
O1 - Hosts: 81.216.70.132 altavista.co.uk
O1 - Hosts: 81.216.70.132 www.thepiratebay.com
O1 - Hosts: 81.216.70.132 www.thepiratebay.org
O1 - Hosts: 81.216.70.132 www.thepiratebay.net
O1 - Hosts: 81.216.70.132 thepiratebay.com
O1 - Hosts: 81.216.70.132 thepiratebay.org
O1 - Hosts: 81.216.70.132 thepiratebay.net
O1 - Hosts: 81.216.70.132 www.isohunt.com
O1 - Hosts: 81.216.70.132 isohunt.com
O1 - Hosts: 81.216.70.132 www.torrentreactor.net
O1 - Hosts: 81.216.70.132 www.torrentreactor.com
O1 - Hosts: 81.216.70.132 www.torrentreactor.to
O1 - Hosts: 81.216.70.132 torrentreactor.net
O1 - Hosts: 81.216.70.132 torrentreactor.com
O1 - Hosts: 81.216.70.132 torrentreactor.to
O1 - Hosts: 81.216.70.132 www.sharethefiles.com
O1 - Hosts: 81.216.70.132 sharethefiles.com
O1 - Hosts: 81.216.70.132 www.torrentazos.com
O1 - Hosts: 81.216.70.132 www.torrentbox.com
O1 - Hosts: 81.216.70.132 www.bittorrent.com
O1 - Hosts: 81.216.70.132 www.torrentspy.com
O1 - Hosts: 81.216.70.132 www.utorrent.com
O1 - Hosts: 81.216.70.132 www.download.com
O1 - Hosts: 81.216.70.132 www.arespremium.com
O1 - Hosts: 81.216.70.132 www.fixmypcsite.com
O1 - Hosts: 81.216.70.132 www.dehsoftware.com
O1 - Hosts: 81.216.70.132 www.bitcomet.com
O1 - Hosts: 81.216.70.132 www.kazaa.com
O1 - Hosts: 81.216.70.132 www.tntdownloads.com
O1 - Hosts: 81.216.70.132 www.emule-project.net
O1 - Hosts: 81.216.70.132 www.emule.com
O1 - Hosts: 81.216.70.132 www.emule.org
O1 - Hosts: 81.216.70.132 www.yahoo.net
O1 - Hosts: 81.216.70.132 www.microsoft.com
O1 - Hosts: 81.216.70.132 www.microsoft.net
O1 - Hosts: 81.216.70.132 torrentazos.com
O1 - Hosts: 81.216.70.132 torrentbox.com
O1 - Hosts: 81.216.70.132 bittorrent.com
O1 - Hosts: 81.216.70.132 torrentspy.com
O1 - Hosts: 81.216.70.132 utorrent.com
O1 - Hosts: 81.216.70.132 download.com
O1 - Hosts: 81.216.70.132 arespremium.com
O1 - Hosts: 81.216.70.132 fixmypcsite.com
O1 - Hosts: 81.216.70.132 dehsoftware.com
O1 - Hosts: 81.216.70.132 bitcomet.com
O1 - Hosts: 81.216.70.132 kazaa.com
O1 - Hosts: 81.216.70.132 tntdownloads.com
O1 - Hosts: 81.216.70.132 emule-project.net
O1 - Hosts: 81.216.70.132 emule.com
O1 - Hosts: 81.216.70.132 emule.org
O1 - Hosts: 81.216.70.132 yahoo.net
O1 - Hosts: 81.216.70.132 microsoft.com
O1 - Hosts: 81.216.70.132 microsoft.net
O1 - Hosts: 81.216.70.132 www.qx.se
O1 - Hosts: 81.216.70.132 www.tradera.com
O1 - Hosts: 81.216.70.132 www.tradera.se
O1 - Hosts: 81.216.70.132 qx.se
O1 - Hosts: 81.216.70.132 www.qx.se
O1 - Hosts: 81.216.70.132 www.qruiser.com
O1 - Hosts: 81.216.70.132 qruiser.com
O1 - Hosts: 81.216.70.132 www.qruiser.se
O1 - Hosts: 81.216.70.132 qruiser.se
O1 - Hosts: 81.216.70.132 tradera.com
O1 - Hosts: 81.216.70.132 tradera.se
O1 - Hosts: 81.216.70.132 www.gamespy.com
O1 - Hosts: 81.216.70.132 www.alexa.com
O1 - Hosts: 81.216.70.132 www.btjunkie.org
O1 - Hosts: 81.216.70.132 www.btjunkie.com
O1 - Hosts: 81.216.70.132 www.bushtorrent.com
O1 - Hosts: 81.216.70.132 www.meganova.org
O1 - Hosts: 81.216.70.132 www.mininova.org
O1 - Hosts: 81.216.70.132 www.torrentportal.com
O1 - Hosts: 81.216.70.132 www.asianload.com
O1 - Hosts: 81.216.70.132 www.tvtorrents.com
O1 - Hosts: 81.216.70.132 www.torrent-finder.com
O1 - Hosts: 81.216.70.132 www.demonoid.com
O1 - Hosts: 81.216.70.132 gamespy.com
O1 - Hosts: 81.216.70.132 alexa.com
O1 - Hosts: 81.216.70.132 btjunkie.org
O1 - Hosts: 81.216.70.132 btjunkie.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: 100% Free Spades Toolbar Helper - {3EBD3651-4CCA-4656-9F98-BAB4B72C6031} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: 100% Free Spades Toolbar - {00490D79-3A7F-4c8a-9E04-2BC1D89676F1} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.2\100%_Free_Spades_Toolbar.dll (file missing)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160159901\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wJQs] C:\WINDOWS\system32\wJQs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: My Essentials Wireless USB Utility.lnk = C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} - http://profile.homescanonline.com/hs...0_HOMESCAN.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139849741234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b2fa15672059) (gupdate1c9b2fa15672059) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 20706 bytes

[Blade81]

Great


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.