Error updating appinitdlls in the registry

Click on each of the listed entries in the lower pane to select them. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files. Double-click on the FINDn and it will install a folder called FINDn FIX on your system.

Click the Make a Log of what was found button and post the log here in this thread and wait for further instructions.

d l l 000011D0: h vk UDevice Not Selected Timeout 00001210: 1 5 x 9 0 =t vk ' z GDIProce 00001250:ss Handle Quota" vk Spooler2 y e s _ 00001290: h 0 ` vk 5swapdisk vk 000012D0: . 0010 57 00 53 00 5c 00 53 00 79 00 73 00 74 00 65 00 | W. 0030 6e 00 62 00 2e 00 64 00 6c 00 6c 00 00 00 | n.b...d.l.l... up 0 days, ----------------------- Sat 13 Nov 04 C:\FINDNFIX\ Sat Nov 13 2004 p A.... Total of file sizes: 8,192 bytes 8.00 K C:\FINDNFIX\KEYS1\ Sat Nov 13 2004 p A.... Total of file sizes: 287 bytes 0.28 K *Temp backups...

error updating appinitdlls in the registry-10

57,344 56.00 K 2 items found: 2 files, 0 directories. 35,840 35.00 K 3 items found: 3 files, 0 directories. 21,504 21.00 K 3 items found: 3 files, 0 directories. DLL SNi F 1.34 statistics Matching files : 2 Amount in bytes : 114688 Directories searched : 1 Commands executed : 0 Masks sniffed for: *. DLL SNi F 1.34 statistics Matching files : 3 Amount in bytes : 107520 Directories searched : 1 Commands executed : 0 Masks sniffed for: *. DLL SNi F 1.34 statistics Matching files : 3 Amount in bytes : 64512 Directories searched : 1 Commands executed : 0 Masks sniffed for: *. fgrep: can't open input C:\WINDOWS\SYSTEM32\COMANB. Value "App Init_DLLs" in key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows" has different lengths (1 vs 31) Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html CLSID = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain CLSID = ********* Size of Windows key: (*Default-450 *No App Init-398 *fake(infected)-448,504,512...) Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\Current Version\Windows: 448 Checking for App Init_DLLs (empty) value... REGDIFF 2.1 - Freeware written by Gerson Kurz ( Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows).

DLL, New Dot Net Startup -s O4 - HKLM\..\Run: [OSS] c:\windows\system32\-boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\Wk O4 - HKCU\..\Run: [Money Agent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Yahoo! \Messenger\-quiet O4 - HKCU\..\Run: [Clock Sync] "C:\Program Files\Clock Sync\Sync.exe" /q O4 - Global Startup: Big = C:\Program Files\Big Fix\Big O4 - Global Startup: hpoddt01lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\Google Toolbar2.dll/O8 - Extra context menu item: Backward Links - res://c:\program files\google\Google Toolbar2.dll/O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\Google Toolbar2.dll/O8 - Extra context menu item: Similar Pages - res://c:\program files\google\Google Toolbar2.dll/O8 - Extra context menu item: Translate into English - res://c:\program files\google\Google Toolbar2.dll/O9 - Extra button: (no name) - - (no file) O9 - Extra ' Tools' menuitem: Sun Java Console - - (no file) O9 - Extra button: ICQ - - C:\Program Files\ICQ\O9 - Extra ' Tools' menuitem: ICQ - - C:\Program Files\ICQ\O9 - Extra button: - - C:\WINDOWS\System32\O9 - Extra button: Money Side - - C:\Program Files\Microsoft Money\System\O9 - Extra button: Yahoo! \MESSEN~1\O9 - Extra ' Tools' menuitem: Yahoo! \MESSEN~1\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra ' Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Hijacked Internet access by New. Click "Start", select "Perform Full System scan" and "Next" to start the scan. Rescan with HJT and post a new log here so that any remnants can be removed manually. Logfile of Hijack This v1.98.2 Scan saved at PM, on 11/15/2004 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\PROGRA~1\COMMON~1\AOL\ACS\C:\Program Files\Common Files\Symantec Shared\cc Set C:\Program Files\Norton Anti Virus\C:\Program Files\Norton Anti Virus\C:\WINDOWS\System32\C:\WINDOWS\C:\Program Files\Common Files\Symantec Shared\cc Evt C:\Program Files\Common Files\Symantec Shared\Security Center\Sym C:\WINDOWS\Explorer.

\Messenger\ymsgr_C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08C:\WINDOWS\System32\HPZipm12C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpo STS08C:\Documents and Settings\Lori\My Documents\hijackthis\Hijack R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = - HKCU\Software\Microsoft\Internet Explorer\Main, Search Page = - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - HKCU\Software\Microsoft\Internet Explorer\Search URL,(Default) = - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = O2 - BHO: Yahoo! \Companion\Installs\cpn\ycomp5_3_16_0O2 - BHO: Acro IEHlpr Obj Class - - C:\Program Files\Adobe\Acrobat 5.0\Reader\Active X\Acro O2 - BHO: (no name) - - C:\Program Files\Microsoft Money\System\O2 - BHO: URLLink Class - - C:\Program Files\New Dot Net\newdotnet6_38O2 - BHO: (no name) - - C:\PROGRA~1\SPYBOT~1\O2 - BHO: Google Toolbar Helper - - c:\program files\google\googletoolbar2O2 - BHO: CNav Ext Bho Class - - C:\Program Files\Norton Anti Virus\Nav Sh O2 - BHO: (no name) - - (no file) O3 - Toolbar: Norton Anti Virus - - C:\Program Files\Norton Anti Virus\Nav Sh O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: Yahoo! \Companion\Installs\cpn\ycomp5_3_16_0O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2O4 - HKLM\..\Run: [Sun Java Update Sched] C:\Program Files\Java\j2re1.4.2_05\bin\O4 - HKLM\..\Run: [Remndr] "C:\Program Files\Casino Online\Cs Remnd.exe" O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV Cfg Wiz] C:\Program Files\Common Files\Symantec Shared\Cfg /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Hot Keys Cmds] C:\WINDOWS\System32\O4 - HKLM\..\Run: [cc App] "C:\Program Files\Common Files\Symantec Shared\cc App.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Zone Alarm\zlclient.exe" O4 - HKLM\..\Run: [When USave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2. Before scanning click on "check for updates now" to make sure you have the latest reference file.

Start the Program with and click the Run - be sure the \Windows\System32 directory is in the box and wait until the the blue text says it has 'completed the scan'. Below is file you asked for: Sat 13 Nov 04 ***LOG! *** ______________________________________________________________________________ ......

Click the Compare button to start the next process. ***(*updated *9/1*) *System: Microsoft Windows XP Home Edition 5.1 Service Pack 2 (Build 2600) *IE version: 6.0.2900.2180 SP2 The type of the file system is NTFS.

System Drive is C: System Root is C:\WINDOWS Logon Domain is HENRY Administrator's Name is Lori Computer Name is HENRY LOGON SERVER is \HENRY *** Note!

User: [HENRY\Lori], is a member of: BUILTIN\Administrators \Everyone Running in WORKSTATION MODE.

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\Current Version\Windows: (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\Current Version\Windows: Read BUILTIN\Users Full access BUILTIN\Administrators Full access NT AUTHORITY\SYSTEM Performing string scan....

A 8-04-04 am ____________________________________________________________________________ *By size and date... Total of file sizes: 114,688 bytes 112.00 K C:\WINDOWS\SYSTEM32\ Wed Aug 4 2004 a A.... Total of file sizes: 107,520 bytes 105.00 K C:\WINDOWS\SYSTEM32\ Wed Aug 4 2004 a A.... Total of file sizes: 64,512 bytes 63.00 K Power SNi F 1.34 - The Ultimate File Snifferdog. DLL Power SNi F 1.34 - The Ultimate File Snifferdog. DLL Power SNi F 1.34 - The Ultimate File Snifferdog. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\App Init_DLLs SZ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\Device Not Selected Timeout SZ 15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\GDIProcess Handle Quota DWORD 00002710 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\Spooler SZ yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\swapdisk SZ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\Transmission Retry Timeout SZ 90 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\USERProcess Handle Quota DWORD 00002710 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows App Init_DLLs = (*** MISSING TRAILING NULL CHARACTER ***) Device Not Selected Timeout = 15 GDIProcess Handle Quota = REG_DWORD 0x00002710 Spooler = yes swapdisk = Transmission Retry Timeout = 90 USERProcess Handle Quota = REG_DWORD 0x00002710 Security settings for ' Windows' key: Reg DACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software ( This program is Freeware, use it on your own risk!

Here is my HJT log, I did do a Adaware scan, reboot and then a Spybot and reboot, then the HJT... GT Logfile of Hijack This v1.98.2 Scan saved at PM, on 11/11/2004 Platform: Windows XP SP2 (Win NT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\C:\PROGRA~1\COMMON~1\AOL\ACS\C:\WINDOWS\Explorer. User is a member of group NT AUTHORITY\Authenticated Users. Unless the file match the entire criteria, it should not be pointed to remove without attempting to confirm it's nature!

Tags: , ,