userinit.exe trojan

View previous topic View next topic Go down

userinit.exe trojan

Post by CMiz2184 on 18th March 2009, 3:04 am

Hey, my virus scan picked up a trojan in my userinit.exe file, and I am not sure what to do next. Here is my Hijack log...thanks a bunch...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:57 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1158458345\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mcafee\MWL\MwlGui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158458345\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0209361237343424) (0209361237343424mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\020936~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c985946d07dba9) (gupdate1c985946d07dba9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14383 bytes

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by Belahzur on 18th March 2009, 1:30 pm

Hello.

I see you have Viewpoint Manager, this is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.] for more info.

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
Then please find and delete this folder in bold (if present):
C:\Program Files\Viewpoint

I need some information to see if it's the real userinit or a fake one.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

userinit.exe

Post by CMiz2184 on 19th March 2009, 12:02 am

Hello,

I have found and deleted Viewpoint Manager, and toolbar. I have also deleted viewpoint in the C:/programfiles. Here is my dds report..

Thanks for your help

DDS (Ver_09-03-16.01) - NTFSx86
Run by Beth at 19:42:22.18 on Wed 03/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.382 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher..exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched..exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1145301404\ee\AOLSoftware.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1145301404\ee\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1145301404\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Beth\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
mWinlogon: Shell=Explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DW4] "c:\program files\the weather channel fw\desktop weather\DesktopWeather.exe"
uRun: [PlaxoUpdate] c:\program files\plaxo\3.18.0.14\PlaxoHelper_en.exe -a
uRun: [\\CHRIS\EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p38 "\\chris\EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
uRun: [PlaxoSysTray] c:\program files\plaxo\3.18.0.14\PlaxoSysTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1145301404\ee\AOLSoftware.exe
mRun: [\\CHRIS\EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p38 "\\chris\EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
mRun: [Auto EPSON Stylus Photo R320 Series on MIZURAK] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p46 "auto epson stylus photo r320 series on mizurak" /o18 "\\mizurak\Printer2" /M "Stylus Photo R320"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask..exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\beth\startm~1\programs\startup\aoldes~1..lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.]
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.]
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 12:02 am

-----continued from dds report

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\beth\applic~1\mozilla\firefox\profiles\ymfqymc3.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\beth\application data\mozilla\firefox\profiles\ymfqymc3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-8 207656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-15 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-1-8 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-1-8 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-1-8 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-8 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-8 40488]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-8 34152]

=============== Created Last 30 ================

2009-03-18 19:40 --d-h--- c:\windows\PIF
2009-03-11 10:53 74,240 a------- c:\windows\system32\Tdxf7pFE.exe
2009-03-11 10:53 0 a------- c:\windows\system32\Tdxf7pFE.exe.a_a

==================== Find3M ====================

2009-03-17 18:20 33,792 a------- c:\windows\system32\userinit.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-29 13:28 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 01:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 01:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2005-11-23 14:15 472,687 ac-sh--- c:\windows\system32\ybeeg.bak1
2005-12-05 19:39 329,804 ac-sh--- c:\windows\system32\ybeeg.bak2
2008-11-01 11:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110120081102\index.dat

============= FINISH: 19:45:21.15 ===============

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by Belahzur on 19th March 2009, 12:15 am

Hello.
Oh wow, this is badly infected.
We have to uninstall Mcafee temporarily because it will interfere on reboot and doesn't stay disabled until we want to enable it again.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Mcafee security center



  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Please make sure Mcafee is uninstalled before running Combofix.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

userinit.exe

Post by CMiz2184 on 19th March 2009, 1:13 am

Hello,
I have uninstalled mcaffee, and have ran the combo fix here is my report...thankss
ComboFix 09-03-18.01 - Beth 2009-03-18 20:51:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -4:00]
Running from: c:\documents and settings\Beth\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd..ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores..jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0..80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1..0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1..0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 1:14 am

continued
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper..png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash..1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash..1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1..0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0..0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 1:15 am

continued
c:\windows\IE4 Error Log.txt
c:\windows\system32\bszip.dll
c:\windows\system32\init32.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\Tdxf7pFE.exe.a_a
c:\windows\system32\ybeeg.bak1
c:\windows\system32\ybeeg.bak2
c:\windows\system32\ybeeg.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 19:40 . 2009-03-18 19:40 d--h----- c:\windows\PIF
2009-03-17 22:37 .. 2009-03-17 22:37 d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-11 10:53 . 2009-03-11 10:53 74,240 --a------ c:\windows\system32\Tdxf7pFE.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 00:57 --------- d-----w c:\program files\Plaxo
2009-03-19 00:34 --------- d-----w c:\program files\McAfee.com
2009-03-19 00:34 --------- d-----w c:\program files\McAfee
2009-03-19 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-18 23:35 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-18 02:48 --------- d-----w c:\program files\Trend Micro
2009-03-13 03:22 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2006-06-16 03:18 9,583,368 ----a-w c:\documents and settings\Donald\DesktopDoctor1.5.1.exe
2008-11-01 15:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110120081102\index.dat
.

------- Sigcheck -------

2004-08-04 06:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-17 18:20 33792 1190c25520d39b17cee42f6c963b83c5 c:\windows\system32\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 715888]
"PlaxoUpdate"="c:\program files\Plaxo\3.18.0.14\PlaxoHelper_en.exe" [2008-12-08 370759]
"\\CHRIS\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"PlaxoSysTray"="c:\program files\Plaxo\3.18.0.14\PlaxoSysTray.exe" [2008-12-08 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-09 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"HostManager"="c:\program files\Common Files\AOL\1145301404\ee\AOLSoftware.exe" [2007-10-08 41824]
"\\CHRIS\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Auto EPSON Stylus Photo R320 Series on MIZURAK"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]

c:\documents and settings\Beth\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 41824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader..exe [2006-05-16 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mmtask.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664]
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-13 c:\windows\Tasks\At1.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At10.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-16 c:\windows\Tasks\At11.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At12.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At13.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At14.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-13 c:\windows\Tasks\At15.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At16.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At17.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At18.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At19.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At2.job
- c:\windows\system32\Tdxf7pFE..exe [2009-03-11 10:53]

2009-03-17 c:\windows\Tasks\At20.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-18 c:\windows\Tasks\At21.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-19 c:\windows\Tasks\At22.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-17 c:\windows\Tasks\At23.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-18 c:\windows\Tasks\At24.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At3.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At4.job
- c:\windows\system32\Tdxf7pFE..exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At5.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At6.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At7.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At8.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]

2009-03-11 c:\windows\Tasks\At9.job
- c:\windows\system32\Tdxf7pFE.exe [2009-03-11 10:53]
.
- - - - ORPHANS REMOVED - - - -

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 1:15 am

continued
HKLM-Run-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Beth\Application Data\Mozilla\Firefox\Profiles\ymfqymc3.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Beth\Application Data\Mozilla\Firefox\Profiles\ymfqymc3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-18 20:57:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\E_S00RP1..EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Common Files\AOL\1145301404\ee\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-03-18 21:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 01:03:13

Pre-Run: 48,891,408,384 bytes free
Post-Run: 49,392,955,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

522 --- E O F --- 2009-03-13 18:16:40

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by Belahzur on 19th March 2009, 1:20 am

Hello.
You had or might still have Limewire on your system.

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Limewire


Now open a new notepad file.
Input this into the notepad file:

KILLALL::

FCOPY::
c:\windows\system32\dllcache\userinit.exe | c:\windows\system32\userinit.exe

AtJob::

File::
c:\windows\system32\Tdxf7pFE.exe

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\Program Files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 1:52 am

Hello,
I tried to delete limewire but i wasnt able to open the control panel. Once things are fixed could I delete it later? I did redo the combo fix with the cfscript.txt heres the report...

ComboFix 09-03-18.01 - Beth 2009-03-18 21:32:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.464 [GMT -4:00]
Running from: c:\documents and settings\Beth\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beth\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\Tdxf7pFE.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\masteralerts.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\Services_Registry2.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureCommon.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\global.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\moreManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\navigationEvents.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\notificationManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\onCloseManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8..0\SkinEngine\core\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsWindow.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\pingManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager_util.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\close.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_left.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\header_back.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\left_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\logo.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\offlinemsg.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\s..gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriend.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriend.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriendWindow.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_description.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_dropdown.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_dropdown.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\core\UI_elements\dialogs\background.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\background_framed.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\buttonContainer.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\buttonContainer.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\contents.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dialogs.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dlgIcons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dlgIconsLarge.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\field.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\info.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8..0\SkinEngine\core\UI_elements\dialogs\info.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message2.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message3.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\slideShowDialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\titlebar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdown.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdown.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdowns.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldialog\htmldialog.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldialog\htmldialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\list\list.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notification\notification.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notification\notification.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_menu_button\graphics\viewpoint_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_menu_button\options_btn.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.module

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 1:57 am

continued...
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollbar\scrollbar.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollbar\scrollbar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\DefaultSearchOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\search_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchHistory.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchhistory.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidget.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidget.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidgetDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selectors\selectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selectors\selectors.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\background.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\highlight_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\highlight_top.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\popup_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\redeye_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_diagonal1_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_diagonal2_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_horizontal_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_move_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_vertival_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_search.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scroller\tray_scroller.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scroller\trayScroller.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\utilities.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\ViewBarStringConstants.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\AdvancedOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\AdvancedOptions.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\options..html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alertsDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\list.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\list.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_left_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_left_top.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_right_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarks.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarks.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarksDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\button_thumbnail_rollover.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\buttons_bookmarks.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\buttons_folders.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\dog_ear.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_add.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_expand.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_folder.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_refresh.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_trash.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\securelock.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\tray_face_treeview.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_folderClosed.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_folderOpen.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_root.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\treeviewDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\GeneralOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\GeneralOptions.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\traysize_icon.gif

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:00 am

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\traysize_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\AddToAlbumDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\albums.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\comming_soon.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\dialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\editing.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\EditViewManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\emailDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\FileModifiedDate.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frame_template\frame_template.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frame_template\frame_template_old.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\framePreview.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Autumn\borders_autumn03.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Birthday\borders_birthday03.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Chanukah\borders_chanukah01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Chanukah\borders_chanukah01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\features\photoview\frames\Chanukah\borders_chanukah02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Chanukah\borders_chanukah02..swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Christmas\borders_christmas03.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween03.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween04.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Halloween\borders_halloween04.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby03.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby04.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Baby\borders_baby04.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Years\borders_NY01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Years\borders_NY01.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Years\borders_NY02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\New Years\borders_NY02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc01.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc01..swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc02.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc02.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc03.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\frames\Sports\borders_misc03.swf

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:03 am

continued
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\albumHeaderImage.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\button_thumbnail_rollover.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\checkbox_checked.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\checkbox_unchecked.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\comming_soon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\defaultphoto.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\defaultphoto2.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\defaultvideoimage.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\dlgUpload.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\edit_bottomButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\edit_crop.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\edit_crop.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\edit_redeye.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\edit_text_rect.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\frame_crop.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\frame_crop.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\frame_preview.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\fullScreenButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\importQuestion.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\options_arrow.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\options_arrow_over.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\photoview_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\photoview_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\photoview_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\rollHeaderImage.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\searchResultAlbumHeaderImage.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\searchResultRollHeaderImage.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\SlideShowButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\SmpteColorBars.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_face_left.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_face_right.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_albumButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_edit.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_imgDesc.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_border.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_bottomButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_help.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_import.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_search.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_showAllButtons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_left_tabs.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\tray_panel_right_top.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\treeIcon_album.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\treeIcon_albums.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\treeIcon_roll.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\treeIcon_rolls.bmp

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:04 am

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\VideoError.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\graphics\videoicon.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\htmlpalette.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\Import.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\importprogress.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\importQuestionDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\info.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\infoBig.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\ads_offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\badpage_offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\error_offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\getstarted.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\background_578x314.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\button_getstarted.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\button_getstarted_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\error.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\errormsg_offline.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\fotomat_assist.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\fotomat_logo_76x19.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\help_offline_msg.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\icon_getstarted.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\icon_questionmark.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\import_video_offline.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\judy.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\logo.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\question_15x19.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_bottomleft.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_bottomright.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_left.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_topleft.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_frame_topright.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_gradient_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_header.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\images\t_techdifficulty_text.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\offline\videoHelp_offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\online.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\PhotoSharing.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8..0\SkinEngine\features\photoview\photoview.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\photoview.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\photoviewDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\progress.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\publishing.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\rollsDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\rotateThumbDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\SaveDlg.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\SaveDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\singleView.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\SlideShow.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\test.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\ui.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\uploadDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\Utilities..js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\videoAssistantManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\features\photoview\videoplayer.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wiaaut.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\albumselector.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\albumselector.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\albumselectormodule.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\emailwizard.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\fileselector.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\fileselector.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\fileselectormodule.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\folderselector.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\folderselector.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\folderselectormodule.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\back_from_online.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\compress_progress.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\create_an_album.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\features\photoview\wizard\html\email_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\get_more_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\help.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\help_index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\arrow_blue_8x17.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\blue_frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\blue_frame_cap.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_all_albums.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_all_albums_on.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_buy_photos_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_camera_checked.gif

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:05 am

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_cd_disabled.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_cd_off.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_cd_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_create_an_account.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_create_new_album.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_fotomat_email.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_fotomat_email_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_fotomat_email_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_fotomat_help_114x40.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_get_photos_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_get_started_110x48.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_help.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_help_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_import_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_import_photos_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_local_email.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_local_email_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_local_email_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_mycomputer_checked.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_mycomputer_off.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_mycomputer_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_order_prints.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_order_prints_dis.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_order_prints_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_play.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_play_disabled.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_select_album.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_share_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_share_photos_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_share_photos_dis.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_share_photos_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_single_album.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_single_album_on.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_stop.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_sync_all_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\button_sync_individ_308x62.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\create_a_new_account.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\create_an_album_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\email.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\fotomat_email_67x47.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\fotomat_full.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\fotomat_full_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\fotomat_logo_126x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\fotomat_logo_210x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\frame_bottom_338x11.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\frame_top_338x10.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\gray_frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\gray_frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\head_email_photo_408X52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_attaching_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_compress_option.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_compress_prog.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_create_an_album.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_createaccount_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_email_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_email_upload_prog.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_fotomat_help.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_get_more_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_complete.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_photos_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_photos_folder.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_photos_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_progress.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_scr_camera.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_scr_cdrom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_import_scr_mypc.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_offline_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_offline_error.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_order_upload_details.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_select_import_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_select_import_dest.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_select_import_src.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_select_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_select_recipients_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_selectalbum_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_share_select_photos.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_share_upload_com.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_share_upload_details.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_sharing_complete_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_sync_complete.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_sync_details.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_sync_progress.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_update_online_albums.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_upload_complete.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_upload_photos.gif

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:06 am

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_uploading_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_welcome.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\header_welcome_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\help.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\icon_photo_album.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\icon_photo_share.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\import_completed_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\import_video_offline.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\local_email_67x47.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\local_full.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\local_full_over.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\progress_bar.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\progress_track.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\resizeable_corner.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\select_import_dest_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\share_select_photos_408x52.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\images\your_albums.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\import_complete.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\import_complete_detail.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\import_progress.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\mainframe.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\order_select_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\select_import_dest.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\select_import_folder.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\select_import_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\select_import_source.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\select_import_source2.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\share_email_compress_option.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\share_select_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\start_autoplay_import.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\start_email_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\start_import_photos.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\upload_complete.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\upload_details.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\upload_photos_progress.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\videoHelpEmbed.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\welcome.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\wizardhtml.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\html\wizardscripts.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\importwizard.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselector.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselector..module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselectormodule.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselectorwithalbums.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselectorwithalbums.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\mediaselectorwithalbumsmodule.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\tests\import.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\tests\mediaselector.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\tests\upload.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\uploadwizard.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\wizardhtmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wizard\wizardvideoutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVista.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVistaDefinition.module

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:08 am

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVista.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVistaDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\offline.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\photoview_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\photoview_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popupsDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\features\search\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\arrow_icon.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\arrow_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\search.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\search.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8..0\SkinEngine\features\search\search.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\searchDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8..0\SkinEngine\features\SelectorEditor\SelectorEditor.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\SelectorEditor.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\SkinChooser.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\SkinChooser.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Custom.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3..8.0\SkinEngine\ThemeTemplates\Default\Template.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\TemplateDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\Cache\26B77E745E435430EFF854E752CE18185B603C22
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\Cache\cache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\Custom.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\liberty.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\springflowers.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\sunflowers.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\custom.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\custom2.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Default.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Default.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3..8.0\ThemesV3\Default\assets\colorSchemes\Green.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\liberty.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\none.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Pink.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Purple.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\springflowers.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\sunflowers.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Yellow.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\barintro.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\button_dropdown.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\powered_by_yahoo.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\preview.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\search_buttons.swf

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:09 am

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\close.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_left.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\header_back.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\left_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\logo.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\offlinemsg.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_green.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_pink.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_purple.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_yellow..swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\titlebar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\default.skin
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\arrow_down.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\arrow_up.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.ini

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:10 am

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3..8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3..8.0\ThemesV3\Default\features\Weather\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\customicon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\All Button States.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_disabled.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_down.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_downover.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_over.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_up.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\create button states.jsfl
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\create interface buttons.jsfl
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\CreateColorScheme.jsx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\CreateImageScheme.jsx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\interface graphics.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\ThemeTemplateProcessor.jsx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\color_scheme..psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\imageTemplate.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8..0\ThemesV3\Default\production\schemeTemplate.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_button.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_interface.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_themes.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Theme.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Theme.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\backgrounds\Custom.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\backgrounds\vista_gray.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Default.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\none.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Vista_DefaultAero.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Vista_Gray.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_DefaultBlue.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_Olive.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_Silver.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\barintro.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\barintro_images\logo.gif.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_Vista.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_Vista_dialogs.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_XP.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_XP_dialogs.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\preview.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\search_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\searchfield..bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\selector_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\template_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8..0\ThemesV3\Windows\features\Amazon\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\offline.html

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:11 am

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\arrow_down.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\arrow_up.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\graphics\customicon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3..8.0\ThemesV3\Windows\features\Weather\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Theme.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Theme.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Windows.skin
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.6.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jl011.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\MessagesBundles.jar
c:\program files\LimeWire\lib\mp3sp14.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbis.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\program files\LimeWire\xml.war

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 2:11 am

c:\windows\IE4 Error Log.txt
c:\windows\system32\Tdxf7pFE.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13..job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 19:40 . 2009-03-18 19:40 d--h----- c:\windows\PIF
2009-03-17 22:37 . 2009-03-17 22:37 d-------- c:\windows\system32\config\systemprofile\Application Data\SACore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 00:57 --------- d-----w c:\program files\Plaxo
2009-03-19 00:34 --------- d-----w c:\program files\McAfee.com
2009-03-19 00:34 --------- d-----w c:\program files\McAfee
2009-03-19 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-18 02:48 --------- d-----w c:\program files\Trend Micro
2009-03-13 03:22 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2006-06-16 03:18 9,583,368 ----a-w c:\documents and settings\Donald\DesktopDoctor1.5.1.exe
2008-11-01 15:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110120081102\index.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 01:35:53 16,384 ----atw c:\windows\temp\Perflib_Perfdata_214.dat
+ 2009-03-19 01:35:52 16,384 ----atw c:\windows\temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 715888]
"PlaxoUpdate"="c:\program files\Plaxo\3.18.0.14\PlaxoHelper_en.exe" [2008-12-08 370759]
"\\CHRIS\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"PlaxoSysTray"="c:\program files\Plaxo\3.18.0.14\PlaxoSysTray.exe" [2008-12-08 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-09 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"HostManager"="c:\program files\Common Files\AOL\1145301404\ee\AOLSoftware.exe" [2007-10-08 41824]
"\\CHRIS\EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Auto EPSON Stylus Photo R320 Series on MIZURAK"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]

c:\documents and settings\Beth\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 41824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-16 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mmtask.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145301404\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664]
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Beth\Application Data\Mozilla\Firefox\Profiles\ymfqymc3.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Beth\Application Data\Mozilla\Firefox\Profiles\ymfqymc3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-18 21:36:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\AOL\1145301404\ee\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-18 21:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 01:42:35
ComboFix2.txt 2009-03-19 01:03:20

Pre-Run: 49,357,672,448 bytes free
Post-Run: 49,358,753,792 bytes free

1023 --- E O F --- 2009-03-13 18:16:40

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by Belahzur on 19th March 2009, 9:26 am

Hello.
How is the machine now?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by CMiz2184 on 19th March 2009, 8:53 pm

Hello,
I uninstalled combofix, so far everything seems to be running good with no popups. Thanks a bunch...Can i reinstall mcafee virus scan? What do you recommend for protection against spyware/malware?? thanks again for your help

CMiz2184
Intermediate
Intermediate

Posts Posts : 67
Joined Joined : 2009-03-18
OS OS : XP
Points Points : 28772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: userinit.exe trojan

Post by Belahzur on 19th March 2009, 8:56 pm

Yes, re-install Mcafee now.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum