Solved

How do I fix this userinit error and rundll.exe error?

Posted on 2008-06-25
14
4,516 Views
Last Modified: 2011-10-19
I am running Windows XP Pro, when I start up, after the windows loading screen disappears I get the following message "userinit.exe - Application Error  The application failed to initialize properly (0xc0000005).  Click on ok to terminate the application."  If I push ok, the same message appears again. Click ok again and my desktop background appears, but with no icons or start menu (no taskbar at all). I have already run Uniblue Registry Booster 2 and Norton 360 v2 - lots of stuff found and quarantined or deleted.  Problem still exists. I've also run Hijkackthis and saved a log of the scan - see attached. I am able to run programs though ctrl alt delete Task Manager and connect to the interenet with no problems.

What was I doing when the first error message came up?: The problem occured when I inserted a USB drive, transfered some ASUS utility file, which were downloaded from the ASUS website and then tried to open the "add/remove programs' icon in the control panel. The above error message came up, I rebooted to find the above situation.

Tried and tested: Apart from running scans I have also tried to restart in safe mode and 'last working config' to no avail.

Please help!
log1.txt
0
Comment
Question by:BPro2008
  • 7
  • 5
  • 2
14 Comments
 
LVL 20

Accepted Solution

by:
IndiGenus earned 450 total points
Comment Utility
You still have a Vundo infection active there. Here is what I suggest.

Download and Run ComboFix (by sUBs) from one of the links below. You must run it directly from your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.  

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.
0
 

Author Comment

by:BPro2008
Comment Utility
Completed the scan successfully, the desktop items and start menu are back and everything seems to be working normal. I don't get the error message anymore when I start up windows.

For some reason though I couldn't connect to this website or a few other websites after the scan had taken place, they just wouldn't load up, no error messages or connection problems where present in the web browser. The green loading bar at the bottom of the web browser got halfway and stopped. Hotmail, ninemsn, banking, google are sites that loaded with no problems, this site and facebook are two that did not load - does this have anything to do with the combofix scan? I'm using another computer and connection to write this message.

Could you tell me the best way to defend my computer against threats like this to avoid it happening again?
Combofixlog.txt
hijackthis-log-no2.txt
0
 

Author Comment

by:BPro2008
Comment Utility
Ok, although my desktop and start menu is back, everything is running really slowly or not at all. Computer takes twice as long to boot up. Most of my program swon't load. I can't even get the task manager up and running.

I keep getting "this program is not responding - rundll.exe error" or "Run a DLL as an App - You choose to end the nonresponsive program, Run a DLL as an App."

Please advice?

0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 450 total points
Comment Utility
We are not finished cleaning. As I had advised at the end of the combofix post....

>""PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.""<

Give me a bit to put together the script and I'll get back to you as soon as I can....I'm dealing with an 18 month old right now too...he loves to "clean" computers too...nap time soon though :)  
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 50 total points
Comment Utility
Run combofix again, using this script and see if that helps. I might've missed some I just had a quick analyzed there.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\WINDOWS\system32\mgqwegia.ini
C:\WINDOWS\system32\__c0055010.dat
C:\WINDOWS\system32\__c00445E4.dat
C:\WINDOWS\system32\aigewqgm.dll
C:\WINDOWS\system32\yjidltmb.dll
C:\WINDOWS\system32\mlJAtTLE.dll
C:\WINDOWS\S86452F66.tmp
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

FileLook::
C:\WINDOWS\system32\binkp2x.dll
C:\WINDOWS\system32\brwsvc.dll
C:\WINDOWS\system32\nt32int.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0cb4740f"=-
"BM0f874793"=-

------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.


Can you also check these files below for an online scan --> http://virusscan.jotti.org/
C:\WINDOWS\system32\binkp2x.dll
C:\WINDOWS\system32\brwsvc.dll
C:\WINDOWS\system32\nt32int.dll
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 450 total points
Comment Utility
OK let's try this....

1. Open Notepad.

2. Now copy/paste the text between the lines below into the Notepad window:

------------------------------------------------------------------------

File::
C:\WINDOWS\system32\__c0055010.dat
C:\WINDOWS\system32\__c00445E4.dat
C:\WINDOWS\system32\aigewqgm.dll
C:\WINDOWS\system32\yjidltmb.dll
C:\WINDOWS\system32\coh.cache

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0cb4740f"=-
"BM0f874793"=-

------------------------------------------------------------------------

3. Save the above as CFScript.txt on your desktop.

4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please upload the following reports/logs.

-Combofix.txt
-A new HijackThis log

Let me know how it's running now too.
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 450 total points
Comment Utility
Oops...didn't refresh rpg. Follow rpg's advice here.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:BPro2008
Comment Utility
Ok, completed the scans and attached the logs from both Combofix and Hijackthis. The online scan for the the following files found nothing:

"C:\WINDOWS\system32\binkp2x.dll
C:\WINDOWS\system32\brwsvc.dll
C:\WINDOWS\system32\nt32int.dll"

I can load up my programs now with no problems and am connecting to this site on my original computer. There doesn't seem to be any delay in the program loading and running.
Combofixlog2.txt
hijackthis3.txt
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 450 total points
Comment Utility
Looks better....did you install the Ask Toolbar? If you did or if you use it you can keep it, but I usually recommend removing it. See this link:

http://www.benedelman.org/spyware/ask-toolbars/

Other than that if all is well you should also remove combofix...

Click START then Run...
Now type Combofix /u in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
0
 

Author Comment

by:BPro2008
Comment Utility
Great! Everything appears in working order! I didn't install the Ask toolbar and have removed Combofix.

Thanks for your help!

One more thing, should I be running any particular anti-virus software other than Norton 360 and Registry Booster to protect my copmuter against threats like this in the future?
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 450 total points
Comment Utility
Although I'm not a Norton fan, Norton 360 does offer a pretty good "all around" protection. I also do not use or recommend registry cleaners/boosters/ect... they often do more harm than good and they do not protect you from malware. Here is a link with some information on some other things you may want to consider, like SpywareGuard, SpywareBlaster, Zoned Out, as these can be run along with Norton. Move down towards bottom of page.

http://www.preventmalware.org/index.php?option=com_content&view=article&id=52&Itemid=59
0
 

Author Closing Comment

by:BPro2008
Comment Utility
Excellent instructions and advice!
0
 
LVL 20

Expert Comment

by:IndiGenus
Comment Utility
Thank you for the grade and points, and thanks rpg for the help here.
Dave
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Dave,
No problem, anytime. Congrats for having a little tech there, they're a fountain of joy, full of fun, :)


BPro2008,
For future reference.
There's no need to assign points to every comments of the same expert, all points you've allocated for that expert will still go to him in the Accepted answer, so distributing points in every posts(in this case) is not necessary.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now