Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Winamp 5.8 Media Player Released in All Its Nostalgic Glory

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

my computer shuts down after i use start>run>cmd

Started by gemnard , Dec 06 2008 12:25 AM

  • This topic is locked This topic is locked
19 replies to this topic

#1 gemnard

gemnard

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 06 December 2008 - 12:25 AM

I haven't done anything yet because there are so many things in the net that says what I should do..I'm confused about what to do so i posted here to ask on what to do..
I've seen this password_viewer.exe in the processes in windows task manager.So i search the web to find what it is and seen people with the same problem..After reading them, they did many things to remove it before asking in some forums..As you see I haven't done anything yet so I dont know where to start.
My computer shuts down after start>run>cmd..
In performance, CPU usage is in 90-100% without any applications running <--is this related to password_viewer.exe.?
Please help give me step by step on what to do..
thanx in advace..

BC AdBot (Login to Remove)

 

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 06 December 2008 - 01:28 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 06 December 2008 - 02:08 PM

Hi..
Thank you for replying to me Sam..By the way my name is Marc :)
Here is the text written in the info notepad:

info.txt logfile of random's system information tool 1.04 2008-12-07 03:05:33

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CABAL Online (PH) 1.0-->C:\cabal\CABAL Online (PH)\uninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Encarta Premium 2006-->MsiExec.exe /I{06040000-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Symantec AntiVirus-->MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0806
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

and here is the text written in log notepad:

Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-07 03:04:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (65%) free of 38 GB
Total RAM: 255 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:25 AM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\password_viewer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
G:\password_viewer.exe
G:\password_viewer.exe
G:\password_viewer.exe
G:\password_viewer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,password_viewer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6508 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-25 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-14 2403392]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-25 68856]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-16 342336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe"="C:\cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\cabal\CABAL Online (PH)\cabalmain.exe"="C:\cabal\CABAL Online (PH)\cabalmain.exe:*:Enabled:Cabal Online (PH)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fad880-c1a2-11dd-bfe1-0080ad0a3bc2}]
shell\AutoRun\command - F:\password_viewer.exe %1
shell\Explore\command - F:\password_viewer.exe %1
shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fda0bc0-bea3-11dd-bfd9-0080ad0a3bc2}]
shell\AutoRun\command - F:\password_viewer.exe %1
shell\Explore\command - F:\password_viewer.exe %1
shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d74730-b523-11dd-bfb9-0080ad0a3bc2}]
shell\AutoRun\command - F:\Auto.exe %1
shell\Explore\command - F:\Auto.exe %1
shell\Open\command - F:\Auto.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8bd6e50-b6c0-11dd-bfc0-0080ad0a3bc2}]
shell\AutoRun\command - G:\password_viewer.exe %1
shell\Explore\command - G:\password_viewer.exe %1
shell\Open\command - G:\password_viewer.exe %1


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-07 03:04:09 ----D---- C:\Program Files\trend micro
2008-12-07 03:04:00 ----D---- C:\rsit
2008-12-07 02:16:18 ----D---- C:\Program Files\Lavasoft
2008-12-07 02:16:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-07 02:12:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-06 23:04:29 ----D---- C:\WINDOWS\Sun
2008-12-06 15:48:10 ----D---- C:\Documents and Settings\user\Application Data\DivX
2008-12-05 11:36:16 ----D---- C:\Program Files\DivX
2008-12-04 10:20:56 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\java.exe
2008-12-03 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 13:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-02 13:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-02 13:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-02 13:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-02 13:16:10 ----D---- C:\WINDOWS\ie7updates
2008-12-02 13:14:04 ----D---- C:\WINDOWS\WBEM
2008-12-02 13:14:00 ----D---- C:\WINDOWS\system32\en-US
2008-12-02 13:11:14 ----HDC---- C:\WINDOWS\ie7
2008-12-02 13:10:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-02 13:10:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-02 13:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-02 13:09:17 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-02 13:07:08 ----D---- C:\WINDOWS\network diagnostic
2008-12-02 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-02 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-02 13:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 12:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-02 12:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-02 12:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-02 12:56:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 12:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-02 12:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-02 12:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-02 12:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-02 12:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-02 12:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-02 12:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-02 12:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-02 12:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-02 12:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-02 12:42:45 ----D---- C:\Program Files\MSXML 4.0
2008-12-02 12:41:09 ----D---- C:\WINDOWS\system32\DllCache
2008-12-02 12:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-30 00:30:23 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2008-11-29 22:00:07 ----RASH---- C:\WINDOWS\pc-off.bat
2008-11-29 22:00:06 ----RASH---- C:\WINDOWS\password_viewer.exe
2008-11-27 21:51:20 ----D---- C:\Program Files\Imikimi
2008-11-21 19:29:17 ----D---- C:\Documents and Settings\user\Application Data\LimeWire
2008-11-21 19:18:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-21 19:17:13 ----D---- C:\Program Files\Java
2008-11-21 19:13:18 ----D---- C:\Documents and Settings\user\Application Data\Sun
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-21 00:31:49 ----D---- C:\Program Files\LimeWire
2008-11-18 10:10:51 ----A---- C:\WINDOWS\mafosav.INI
2008-11-17 20:03:19 ----HD---- C:\WINDOWS\PIF
2008-11-17 10:30:13 ----D---- C:\WINDOWS\system32\Adobe
2008-11-16 20:50:56 ----D---- C:\Program Files\CCleaner
2008-11-16 20:39:34 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-16 18:13:05 ----D---- C:\Program Files\Microsoft Encarta
2008-11-16 18:12:39 ----D---- C:\WINDOWS\speech
2008-11-16 18:09:32 ----RSD---- C:\WINDOWS\assembly
2008-11-16 18:09:32 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-16 18:09:28 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-16 18:05:48 ----D---- C:\Program Files\Common Files\Macromedia Shared
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-11-16 18:05:00 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-16 18:03:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 18:03:19 ----D---- C:\Program Files\Macromedia
2008-11-16 18:02:50 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-16 17:54:05 ----D---- C:\WINDOWS\Prefetch
2008-11-16 17:48:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-16 17:37:02 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-16 17:37:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-16 17:36:36 ----RA---- C:\WINDOWS\SET85.tmp
2008-11-16 17:36:36 ----RA---- C:\WINDOWS\SET84.tmp
2008-11-16 17:36:36 ----RA---- C:\WINDOWS\SET83.tmp
2008-11-16 17:36:35 ----RA---- C:\WINDOWS\SET82.tmp
2008-11-16 17:36:35 ----RA---- C:\WINDOWS\SET81.tmp
2008-11-16 17:36:35 ----RA---- C:\WINDOWS\SET80.tmp
2008-11-16 17:36:35 ----RA---- C:\WINDOWS\SET7F.tmp
2008-11-16 17:36:35 ----RA---- C:\WINDOWS\SET7E.tmp
2008-11-16 17:36:18 ----RA---- C:\WINDOWS\SET43.tmp
2008-11-16 17:36:10 ----RA---- C:\WINDOWS\SET37.tmp
2008-11-16 17:36:06 ----RA---- C:\WINDOWS\SET34.tmp
2008-11-16 17:21:12 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-16 17:21:07 ----D---- C:\WINDOWS\setup.pss
2008-11-16 09:26:04 ----D---- C:\WINDOWS\nldrv
2008-11-15 19:02:38 ----D---- C:\Program Files\Common Files\INCA Shared
2008-11-15 15:29:15 ----D---- C:\Documents and Settings\user\Application Data\BitTorrent
2008-11-15 14:52:34 ----D---- C:\Program Files\DNA
2008-11-15 14:52:34 ----D---- C:\Documents and Settings\user\Application Data\DNA
2008-11-15 14:52:31 ----D---- C:\Program Files\BitTorrent
2008-11-15 14:42:55 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2008-11-15 14:42:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 13:15:07 ----D---- C:\Program Files\WinRAR
2008-11-15 12:17:54 ----D---- C:\cabal
2008-11-15 11:14:45 ----D---- C:\WINDOWS\Minidump
2008-11-15 10:52:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-15 00:58:04 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-15 00:58:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-15 00:58:03 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-15 00:58:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 22:58:57 ----A---- C:\WINDOWS\vpc32.INI
2008-11-14 22:57:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-14 22:52:50 ----SHD---- C:\RECYCLER
2008-11-14 22:50:44 ----D---- C:\Documents and Settings\user\Application Data\Yahoo!
2008-11-14 22:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-14 22:50:39 ----D---- C:\Documents and Settings\user\Application Data\Google
2008-11-14 22:02:57 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-14 22:02:45 ----D---- C:\Program Files\Symantec
2008-11-14 22:02:45 ----A---- C:\WINDOWS\system32\capicom.dll
2008-11-14 22:02:20 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-14 22:02:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-14 22:02:20 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-14 22:01:27 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2008-11-14 22:01:27 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2008-11-14 22:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-14 22:01:16 ----D---- C:\Program Files\Google
2008-11-14 21:58:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-14 21:58:01 ----D---- C:\Program Files\Yahoo!
2008-11-14 21:54:34 ----A---- C:\msgr9us.exe
2008-11-14 21:48:37 ----A---- C:\WINDOWS\ODBC.INI
2008-11-14 21:46:50 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-14 21:46:47 ----D---- C:\Program Files\Common Files\Designer
2008-11-14 21:45:34 ----HD---- C:\WINDOWS\ShellNew
2008-11-14 21:43:33 ----D---- C:\Program Files\Microsoft Office
2008-11-14 21:43:33 ----D---- C:\Documents and Settings\user\Application Data\Microsoft Web Folders
2008-11-14 21:37:37 ----D---- C:\Documents and Settings\user\Application Data\Identities
2008-11-14 21:37:34 ----HD---- C:\Program Files\Uninstall Information
2008-11-14 21:37:24 ----ASH---- C:\Documents and Settings\user\Application Data\desktop.ini
2008-11-14 21:37:23 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-11-14 21:36:32 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-14 21:36:29 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-14 21:36:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 21:30:21 ----D---- C:\WINDOWS\system32\xircom
2008-11-14 21:30:21 ----D---- C:\Program Files\xerox
2008-11-14 21:30:21 ----D---- C:\Program Files\microsoft frontpage
2008-11-14 21:29:35 ----A---- C:\WINDOWS\control.ini
2008-11-14 21:29:35 ----A---- C:\AUTOEXEC.BAT
2008-11-14 21:29:09 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-14 21:27:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-14 21:27:24 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-14 21:27:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-14 21:27:03 ----HD---- C:\Program Files\WindowsUpdate
2008-11-14 21:26:28 ----D---- C:\WINDOWS\system32\DirectX
2008-11-14 21:25:59 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-14 21:25:55 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-14 21:25:55 ----A---- C:\WINDOWS\desktop.ini
2008-11-14 21:25:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-14 21:25:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-14 21:25:44 ----D---- C:\Program Files\Common Files\Services
2008-11-14 21:25:41 ----SD---- C:\WINDOWS\Tasks
2008-11-14 21:25:41 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-14 21:25:39 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-14 21:25:34 ----D---- C:\WINDOWS\srchasst
2008-11-14 21:25:33 ----D---- C:\WINDOWS\system32\Macromed
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-14 21:25:21 ----D---- C:\Program Files\Movie Maker
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-14 21:25:12 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-14 21:25:11 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-14 21:25:10 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-14 21:25:05 ----D---- C:\Program Files\NetMeeting
2008-11-14 21:25:05 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-14 21:25:05 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-14 21:25:03 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-14 21:25:03 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-14 21:25:00 ----D---- C:\Program Files\Outlook Express
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-14 21:24:52 ----D---- C:\Program Files\Common Files\System
2008-11-14 21:24:50 ----D---- C:\Program Files\Internet Explorer
2008-11-14 21:23:46 ----D---- C:\Program Files\ComPlus Applications
2008-11-14 21:23:44 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-14 21:23:44 ----A---- C:\WINDOWS\vb.ini
2008-11-14 21:23:36 ----D---- C:\WINDOWS\Registration
2008-11-14 21:23:27 ----D---- C:\Program Files\Online Services
2008-11-14 21:23:26 ----D---- C:\Program Files\Windows Media Player
2008-11-14 21:23:17 ----D---- C:\Program Files\Messenger
2008-11-14 21:23:11 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-14 21:23:11 ----A---- C:\WINDOWS\system32\write.exe
2008-11-14 21:22:57 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-14 21:22:46 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-14 21:22:46 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-14 21:22:32 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-14 21:22:18 ----D---- C:\Program Files\MSN
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-14 21:22:15 ----D---- C:\Program Files\Windows NT
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-14 21:22:14 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-14 21:22:11 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-14 21:22:08 ----D---- C:\WINDOWS\system32\Com
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-14 21:22:07 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-14 21:22:07 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-14 21:22:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-14 21:21:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-14 13:20:40 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-14 13:18:07 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-14 13:17:45 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-14 13:15:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 13:15:46 ----SHD---- C:\WINDOWS\Installer
2008-11-14 13:15:45 ----D---- C:\Program Files\Common Files\ODBC
2008-11-14 13:15:45 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-14 13:15:41 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-14 13:15:40 ----RD---- C:\Program Files
2008-11-14 13:15:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-14 13:15:40 ----D---- C:\Program Files\Common Files
2008-11-14 13:15:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-14 13:15:20 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-14 13:15:17 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-14 13:15:14 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-14 13:15:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-14 13:14:54 ----RA---- C:\WINDOWS\SET8.tmp
2008-11-14 13:14:49 ----RA---- C:\WINDOWS\SET4.tmp
2008-11-14 13:14:47 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-14 13:14:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 13:14:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 13:14:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-14 13:14:05 ----D---- C:\Documents and Settings
2008-11-14 13:14:04 ----SHD---- C:\System Volume Information
2008-11-14 13:13:12 ----SH---- C:\boot.ini
2008-11-14 13:07:33 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 13:07:33 ----RD---- C:\WINDOWS\Web
2008-11-14 13:07:33 ----HD---- C:\WINDOWS\inf
2008-11-14 13:07:33 ----D---- C:\WINDOWS\WinSxS
2008-11-14 13:07:33 ----D---- C:\WINDOWS\twain_32
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Temp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\wins
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\spool
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ras
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\npp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\mui
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\IME
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\icsxml
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ias
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\export
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\dhcp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\config
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\3076
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\2052
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1054
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1042
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1041
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1037
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1033
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1031
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1028
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1025
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system
2008-11-14 13:07:33 ----D---- C:\WINDOWS\security
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Resources
2008-11-14 13:07:33 ----D---- C:\WINDOWS\repair
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Provisioning
2008-11-14 13:07:33 ----D---- C:\WINDOWS\PeerNet
2008-11-14 13:07:33 ----D---- C:\WINDOWS\pchealth
2008-11-14 13:07:33 ----D---- C:\WINDOWS\mui
2008-11-14 13:07:33 ----D---- C:\WINDOWS\msapps
2008-11-14 13:07:33 ----D---- C:\WINDOWS\msagent
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Media
2008-11-14 13:07:33 ----D---- C:\WINDOWS\java
2008-11-14 13:07:33 ----D---- C:\WINDOWS\ime
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Help
2008-11-14 13:07:33 ----D---- C:\WINDOWS\ehome
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Driver Cache
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Debug
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Cursors
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Connection Wizard
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Config
2008-11-14 13:07:33 ----D---- C:\WINDOWS\AppPatch
2008-11-14 13:07:33 ----D---- C:\WINDOWS\addins
2008-11-14 13:07:33 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-11-16 17:47:40 ----A---- C:\WINDOWS\win.ini
2008-11-16 17:37:44 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2005-01-14 42496]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R3 cwrwdm;SoundFusion™ WDM Driver; C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-01-15 48640]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-14 138168]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-11-16 68096]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

That's everything in there.. :thumbsup:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 06 December 2008 - 02:17 PM

Hi Marc! Let's see about getting you fixed up here. :thumbsup:

First make sure your secondary drives F: and G: are on and/or inserted.


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
C:\WINDOWS\SET??.tmp
C:\WINDOWS\pc-off.bat
C:\WINDOWS\password_viewer.exe
G:\password_viewer.exe
F:\Auto.exe
F:\password_viewer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8bd6e50-b6c0-11dd-bfc0-0080ad0a3bc2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d74730-b523-11dd-bfb9-0080ad0a3bc2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fda0bc0-bea3-11dd-bfd9-0080ad0a3bc2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fad880-c1a2-11dd-bfe1-0080ad0a3bc2}]

:Commands
[EmptyTemp]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


=================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also include a new log from RSIT.
Let me know how your computer is behaving now. Any changes?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 06 December 2008 - 02:59 PM

Here are the text in the notepad after it rebooted.
========== FILES ==========
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET34.tmp moved successfully.
C:\WINDOWS\SET37.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET43.tmp moved successfully.
C:\WINDOWS\SET7E.tmp moved successfully.
C:\WINDOWS\SET7F.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET80.tmp moved successfully.
C:\WINDOWS\SET81.tmp moved successfully.
C:\WINDOWS\SET82.tmp moved successfully.
C:\WINDOWS\SET83.tmp moved successfully.
C:\WINDOWS\SET84.tmp moved successfully.
C:\WINDOWS\SET85.tmp moved successfully.
C:\WINDOWS\pc-off.bat moved successfully.
C:\WINDOWS\password_viewer.exe moved successfully.
File/Folder G:\password_viewer.exe not found.
File/Folder F:\Auto.exe not found.
File/Folder F:\password_viewer.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8bd6e50-b6c0-11dd-bfc0-0080ad0a3bc2}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d74730-b523-11dd-bfb9-0080ad0a3bc2}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fda0bc0-bea3-11dd-bfd9-0080ad0a3bc2}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fad880-c1a2-11dd-bfe1-0080ad0a3bc2}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_9IwcLTJqGLxyAocgV9iO scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_90c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_034655

Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_9IwcLTJqGLxyAocgV9iO not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_90c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_b4.dat not found!
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1x1rtpqm.default\XUL.mfl moved successfully.

*Do I also need to follow the next instruction.?The one that I should download Malwarebytes Anti-Malware?
Your so fast in replying to me..thanx :thumbsup:

#6 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 06 December 2008 - 03:27 PM

Oh by the way..
-My pc is now not shuttin down after Start>run>cmd
-CPU usage is not at 90-100% :thumbsup:

Do I still need to include a new log from RSIT.?
and to download Malwarebytes Anti-Malware and follow the instructions with it.?
Thank you for helping me Sam, I really appreciated it.. :)

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 07 December 2008 - 10:02 AM

Yes, please follow my other instructions.
It does appear that the most noticeable portion of the infection has been removed, but often times there are remnants or files unseen in the logs that still need to be removed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 09 December 2008 - 10:01 AM

Sorry for the late rply..Just have a problem with my connection..
Here is the new log from RSIT..
Is this Ok.?

Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-09 23:03:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (66%) free of 38 GB
Total RAM: 255 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:56 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,password_viewer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6256 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-25 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-14 2403392]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-25 68856]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-16 342336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe"="C:\cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\cabal\CABAL Online (PH)\cabalmain.exe"="C:\cabal\CABAL Online (PH)\cabalmain.exe:*:Enabled:Cabal Online (PH)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-07 23:58:38 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-07 23:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-07 23:50:50 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-07 22:26:50 ----A---- C:\WINDOWS\ACROREAD.INI
2008-12-07 22:16:09 ----D---- C:\Reader
2008-12-07 03:46:55 ----D---- C:\_OTMoveIt
2008-12-07 03:04:09 ----D---- C:\Program Files\trend micro
2008-12-07 03:04:00 ----D---- C:\rsit
2008-12-07 02:16:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 23:04:29 ----D---- C:\WINDOWS\Sun
2008-12-06 15:48:10 ----D---- C:\Documents and Settings\user\Application Data\DivX
2008-12-05 11:36:16 ----D---- C:\Program Files\DivX
2008-12-04 10:20:56 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\java.exe
2008-12-03 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 13:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-02 13:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-02 13:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-02 13:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-02 13:16:10 ----D---- C:\WINDOWS\ie7updates
2008-12-02 13:14:04 ----D---- C:\WINDOWS\WBEM
2008-12-02 13:14:00 ----D---- C:\WINDOWS\system32\en-US
2008-12-02 13:11:14 ----HDC---- C:\WINDOWS\ie7
2008-12-02 13:10:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-02 13:10:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-02 13:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-02 13:09:17 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-02 13:07:08 ----D---- C:\WINDOWS\network diagnostic
2008-12-02 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-02 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-02 13:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 12:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-02 12:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-02 12:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-02 12:56:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 12:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-02 12:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-02 12:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-02 12:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-02 12:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-02 12:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-02 12:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-02 12:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-02 12:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-02 12:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-02 12:42:45 ----D---- C:\Program Files\MSXML 4.0
2008-12-02 12:41:09 ----D---- C:\WINDOWS\system32\DllCache
2008-12-02 12:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-30 00:30:23 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2008-11-27 21:51:20 ----D---- C:\Program Files\Imikimi
2008-11-21 19:29:17 ----D---- C:\Documents and Settings\user\Application Data\LimeWire
2008-11-21 19:18:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-21 19:17:13 ----D---- C:\Program Files\Java
2008-11-21 19:13:18 ----D---- C:\Documents and Settings\user\Application Data\Sun
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-21 00:31:49 ----D---- C:\Program Files\LimeWire
2008-11-18 10:10:51 ----A---- C:\WINDOWS\mafosav.INI
2008-11-17 20:03:19 ----HD---- C:\WINDOWS\PIF
2008-11-17 10:30:13 ----D---- C:\WINDOWS\system32\Adobe
2008-11-16 20:50:56 ----D---- C:\Program Files\CCleaner
2008-11-16 20:39:34 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-16 18:13:05 ----D---- C:\Program Files\Microsoft Encarta
2008-11-16 18:12:39 ----D---- C:\WINDOWS\speech
2008-11-16 18:09:32 ----RSD---- C:\WINDOWS\assembly
2008-11-16 18:09:32 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-16 18:09:28 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-16 18:05:48 ----D---- C:\Program Files\Common Files\Macromedia Shared
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-16 18:05:46 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-11-16 18:05:00 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-16 18:03:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 18:03:19 ----D---- C:\Program Files\Macromedia
2008-11-16 18:02:50 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-16 17:54:05 ----D---- C:\WINDOWS\Prefetch
2008-11-16 17:48:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-16 17:37:02 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-16 17:37:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-16 17:21:12 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-16 17:21:07 ----D---- C:\WINDOWS\setup.pss
2008-11-16 09:26:04 ----D---- C:\WINDOWS\nldrv
2008-11-15 19:02:38 ----D---- C:\Program Files\Common Files\INCA Shared
2008-11-15 15:29:15 ----D---- C:\Documents and Settings\user\Application Data\BitTorrent
2008-11-15 14:52:34 ----D---- C:\Program Files\DNA
2008-11-15 14:52:34 ----D---- C:\Documents and Settings\user\Application Data\DNA
2008-11-15 14:52:31 ----D---- C:\Program Files\BitTorrent
2008-11-15 14:42:55 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2008-11-15 14:42:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 13:15:07 ----D---- C:\Program Files\WinRAR
2008-11-15 12:17:54 ----D---- C:\cabal
2008-11-15 11:14:45 ----D---- C:\WINDOWS\Minidump
2008-11-15 10:52:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-15 00:58:04 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-15 00:58:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-15 00:58:03 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-15 00:58:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 22:58:57 ----A---- C:\WINDOWS\vpc32.INI
2008-11-14 22:57:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-14 22:52:50 ----SHD---- C:\RECYCLER
2008-11-14 22:50:44 ----D---- C:\Documents and Settings\user\Application Data\Yahoo!
2008-11-14 22:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-14 22:50:39 ----D---- C:\Documents and Settings\user\Application Data\Google
2008-11-14 22:02:57 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-14 22:02:45 ----D---- C:\Program Files\Symantec
2008-11-14 22:02:45 ----A---- C:\WINDOWS\system32\capicom.dll
2008-11-14 22:02:20 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-14 22:02:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-14 22:02:20 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-14 22:01:27 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2008-11-14 22:01:27 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2008-11-14 22:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-14 22:01:16 ----D---- C:\Program Files\Google
2008-11-14 21:58:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-14 21:58:01 ----D---- C:\Program Files\Yahoo!
2008-11-14 21:54:34 ----A---- C:\msgr9us.exe
2008-11-14 21:48:37 ----A---- C:\WINDOWS\ODBC.INI
2008-11-14 21:46:50 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-14 21:46:47 ----D---- C:\Program Files\Common Files\Designer
2008-11-14 21:45:34 ----HD---- C:\WINDOWS\ShellNew
2008-11-14 21:43:33 ----D---- C:\Program Files\Microsoft Office
2008-11-14 21:43:33 ----D---- C:\Documents and Settings\user\Application Data\Microsoft Web Folders
2008-11-14 21:37:37 ----D---- C:\Documents and Settings\user\Application Data\Identities
2008-11-14 21:37:34 ----HD---- C:\Program Files\Uninstall Information
2008-11-14 21:37:24 ----ASH---- C:\Documents and Settings\user\Application Data\desktop.ini
2008-11-14 21:37:23 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-11-14 21:36:32 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-14 21:36:29 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-14 21:36:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 21:30:21 ----D---- C:\WINDOWS\system32\xircom
2008-11-14 21:30:21 ----D---- C:\Program Files\xerox
2008-11-14 21:30:21 ----D---- C:\Program Files\microsoft frontpage
2008-11-14 21:29:35 ----A---- C:\WINDOWS\control.ini
2008-11-14 21:29:35 ----A---- C:\AUTOEXEC.BAT
2008-11-14 21:29:09 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-14 21:27:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-14 21:27:24 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-14 21:27:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-14 21:27:03 ----HD---- C:\Program Files\WindowsUpdate
2008-11-14 21:26:28 ----D---- C:\WINDOWS\system32\DirectX
2008-11-14 21:25:59 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-14 21:25:55 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-14 21:25:55 ----A---- C:\WINDOWS\desktop.ini
2008-11-14 21:25:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-14 21:25:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-14 21:25:44 ----D---- C:\Program Files\Common Files\Services
2008-11-14 21:25:41 ----SD---- C:\WINDOWS\Tasks
2008-11-14 21:25:41 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-14 21:25:39 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-14 21:25:34 ----D---- C:\WINDOWS\srchasst
2008-11-14 21:25:33 ----D---- C:\WINDOWS\system32\Macromed
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-14 21:25:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-14 21:25:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-14 21:25:27 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-14 21:25:21 ----D---- C:\Program Files\Movie Maker
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-14 21:25:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-14 21:25:12 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-14 21:25:11 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-14 21:25:11 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-14 21:25:10 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-14 21:25:09 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-14 21:25:05 ----D---- C:\Program Files\NetMeeting
2008-11-14 21:25:05 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-14 21:25:05 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-14 21:25:03 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-14 21:25:03 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-14 21:25:00 ----D---- C:\Program Files\Outlook Express
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-14 21:25:00 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-14 21:24:59 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-14 21:24:52 ----D---- C:\Program Files\Common Files\System
2008-11-14 21:24:50 ----D---- C:\Program Files\Internet Explorer
2008-11-14 21:23:46 ----D---- C:\Program Files\ComPlus Applications
2008-11-14 21:23:44 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-14 21:23:44 ----A---- C:\WINDOWS\vb.ini
2008-11-14 21:23:36 ----D---- C:\WINDOWS\Registration
2008-11-14 21:23:27 ----D---- C:\Program Files\Online Services
2008-11-14 21:23:26 ----D---- C:\Program Files\Windows Media Player
2008-11-14 21:23:17 ----D---- C:\Program Files\Messenger
2008-11-14 21:23:11 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-14 21:23:11 ----A---- C:\WINDOWS\system32\write.exe
2008-11-14 21:22:57 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-14 21:22:56 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-14 21:22:46 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-14 21:22:46 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-14 21:22:45 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-14 21:22:44 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-14 21:22:43 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-14 21:22:42 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-14 21:22:41 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-14 21:22:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-14 21:22:32 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-14 21:22:18 ----D---- C:\Program Files\MSN
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-14 21:22:16 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-14 21:22:15 ----D---- C:\Program Files\Windows NT
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-14 21:22:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-14 21:22:14 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-14 21:22:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-14 21:22:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-14 21:22:11 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-14 21:22:11 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-14 21:22:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-14 21:22:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-14 21:22:08 ----D---- C:\WINDOWS\system32\Com
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-14 21:22:08 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-14 21:22:07 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-14 21:22:07 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-14 21:22:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-14 21:21:57 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-14 21:21:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-14 13:20:40 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-14 13:18:07 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-14 13:17:45 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-14 13:15:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 13:15:46 ----SHD---- C:\WINDOWS\Installer
2008-11-14 13:15:45 ----D---- C:\Program Files\Common Files\ODBC
2008-11-14 13:15:45 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-14 13:15:41 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-14 13:15:40 ----RD---- C:\Program Files
2008-11-14 13:15:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-14 13:15:40 ----D---- C:\Program Files\Common Files
2008-11-14 13:15:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-14 13:15:20 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-14 13:15:17 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-14 13:15:14 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-14 13:15:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-14 13:14:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 13:14:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 13:14:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-14 13:14:05 ----D---- C:\Documents and Settings
2008-11-14 13:14:04 ----SHD---- C:\System Volume Information
2008-11-14 13:13:12 ----SH---- C:\boot.ini
2008-11-14 13:07:33 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 13:07:33 ----RD---- C:\WINDOWS\Web
2008-11-14 13:07:33 ----HD---- C:\WINDOWS\inf
2008-11-14 13:07:33 ----D---- C:\WINDOWS\WinSxS
2008-11-14 13:07:33 ----D---- C:\WINDOWS\twain_32
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Temp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\wins
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\spool
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ras
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\npp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\mui
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\IME
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\icsxml
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\ias
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\export
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\dhcp
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\config
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\3076
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\2052
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1054
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1042
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1041
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1037
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1033
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1031
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1028
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32\1025
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system32
2008-11-14 13:07:33 ----D---- C:\WINDOWS\system
2008-11-14 13:07:33 ----D---- C:\WINDOWS\security
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Resources
2008-11-14 13:07:33 ----D---- C:\WINDOWS\repair
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Provisioning
2008-11-14 13:07:33 ----D---- C:\WINDOWS\PeerNet
2008-11-14 13:07:33 ----D---- C:\WINDOWS\pchealth
2008-11-14 13:07:33 ----D---- C:\WINDOWS\mui
2008-11-14 13:07:33 ----D---- C:\WINDOWS\msapps
2008-11-14 13:07:33 ----D---- C:\WINDOWS\msagent
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Media
2008-11-14 13:07:33 ----D---- C:\WINDOWS\java
2008-11-14 13:07:33 ----D---- C:\WINDOWS\ime
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Help
2008-11-14 13:07:33 ----D---- C:\WINDOWS\ehome
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Driver Cache
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Debug
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Cursors
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Connection Wizard
2008-11-14 13:07:33 ----D---- C:\WINDOWS\Config
2008-11-14 13:07:33 ----D---- C:\WINDOWS\AppPatch
2008-11-14 13:07:33 ----D---- C:\WINDOWS\addins
2008-11-14 13:07:33 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-11-16 17:47:40 ----A---- C:\WINDOWS\win.ini
2008-11-16 17:37:44 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2005-01-14 42496]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R3 cwrwdm;SoundFusion™ WDM Driver; C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-01-15 48640]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081204.003\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-14 138168]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-11-16 68096]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 09 December 2008 - 10:37 AM

Your log is clean! :)

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 09 December 2008 - 12:46 PM

Thank you for your help..
I've done everything you've told me..
and also followed all the list..
I think the risk of being infected again should be minimized now..
thanks to you Sam.. You are so good at this.. :thumbsup:
I want to be as knowldgeable as all of you guys here at BC..
Thanks again.. :)

#11 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 09 December 2008 - 12:57 PM

Ooops..i forgot to ask..
Do I need to Uninstall RSIT.?
Thanks..

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 09 December 2008 - 04:23 PM

Well you can't really uninstall it, but you can just delete the file. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 13 December 2008 - 06:45 AM

Im sorry..What i mean to uninstall is hijackthis2.0.2 hehehe :thumbsup:

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:16 PM

Posted 13 December 2008 - 10:08 AM

Sure, that you can uninstall through your Add/Remove Programs.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 gemnard

gemnard
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
    •  
  • Local time:12:16 PM

Posted 15 December 2008 - 12:13 AM

I think I know where i got password_viewer.exe..
I've got it from the flash disk of my uncle..
I've done virus scan to it just to check before opening and I saw that it was there..
The antivirus don't detect it as threat..Spybot don't detect it as threat either..
I'll try running ad-aware..
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·