Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Getting rid of Trojan PSW Onlinegames, Legendmir and Generic5

Started by benchia , Jan 06 2008 05:44 PM

  • This topic is locked This topic is locked

#1
benchia
Posted 06 January 2008 - 05:44 PM

benchia

    Member

  • Member
  • PipPip
  • 22 posts
Hello all, i seriously do need some help with solving this as i need my computer for work.

My AVG scan shows that i have been hit by the trojan horse PSW Onlinegames, Legendmir and Generic5 and after my AVG cleared them off either in normal mode or safe mode, the prompts keep reappearing. How to make them stop????



Here is my HijackThis log scan. If anyone can render any help, it would be greatly appreciated.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\DOCUME~1\User\Desktop\User.exe
C:\WINDOWS\notepad.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 25
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [hxgame-update] C:\Program Files\hxupdate\hxgame-update.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\RegSrv64D.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\stzdgz.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: ×ê?′???÷ - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} (AcuViewer Control) - http://presentur.ntu...s/acuviewer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: 1585E0AF - Unknown owner - C:\WINDOWS\System32\32583CEE.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DNS Network Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

2008-01-06 05:26:39 52529 --a------ C:\WINDOWS\System32\k119956820720.exe
2008-01-06 05:26:39 17069 --a------ C:\WINDOWS\System32\k119956820317.exe
2008-01-06 05:26:39 17914 --a------ C:\WINDOWS\System32\k119956819712.exe
2008-01-06 05:26:37 19404 --a------ C:\WINDOWS\System32\k119956820115.exe
2008-01-06 05:26:37 17632 --a------ C:\WINDOWS\System32\k11995681928.exe
2008-01-06 05:26:34 16121 --a------ C:\WINDOWS\System32\k11995681917.exe
2008-01-06 05:26:32 29537 --a------ C:\WINDOWS\System32\k119956819611.exe
2008-01-06 05:26:30 16651 --a------ C:\WINDOWS\System32\k119956819813.exe
2008-01-06 05:26:29 16238 --a------ C:\WINDOWS\System32\k119956820619.exe
2008-01-06 05:26:29 16532 --a------ C:\WINDOWS\System32\k119956820216.exe
2008-01-06 05:26:29 16767 --a------ C:\WINDOWS\System32\k11995681949.exe
2008-01-06 05:26:27 16531 --a------ C:\WINDOWS\System32\k119956819510.exe
2008-01-06 05:26:19 17143 --a------ C:\WINDOWS\System32\k11995681906.exe
2008-01-06 05:26:12 17242 --a------ C:\WINDOWS\System32\k11995681895.exe
2008-01-06 05:26:10 17412 --a------ C:\WINDOWS\System32\k11995681884.exe
2008-01-06 05:26:10 17799 --a------ C:\WINDOWS\System32\k11995681863.exe
2008-01-06 05:26:08 11956 --a------ C:\WINDOWS\System32\LYLOADER.EXE
2008-01-06 05:26:07 15340 --a------ C:\WINDOWS\System32\k11995681852.exe
2008-01-06 05:21:48 15340 --a------ C:\WINDOWS\gtmfse.exe
2008-01-06 05:21:46 16238 --a------ C:\WINDOWS\fbpray.exe
2008-01-06 05:16:19 17069 --a------ C:\WINDOWS\System32\k119956759517.exe
2008-01-06 05:16:19 16137 --a------ C:\WINDOWS\System32\k119956759114.exe
2008-01-06 05:16:19 16531 --a------ C:\WINDOWS\System32\k119956758610.exe
2008-01-06 05:16:19 16121 --a------ C:\WINDOWS\System32\k11995675837.exe
2008-01-06 05:16:14 16651 --a------ C:\WINDOWS\System32\k119956759013.exe
2008-01-06 05:16:08 17632 --a------ C:\WINDOWS\System32\k11995675848.exe
2008-01-06 05:16:07 17242 --a------ C:\WINDOWS\System32\k11995675805.exe
2008-01-06 05:16:05 17143 --a------ C:\WINDOWS\System32\k11995675816.exe
2008-01-06 05:16:05 17799 --a------ C:\WINDOWS\System32\k11995675783.exe
2008-01-06 05:16:03 17412 --a------ C:\WINDOWS\System32\k11995675794.exe
2008-01-06 05:15:57 15340 --a------ C:\WINDOWS\System32\k11995675762.exe
2008-01-06 05:11:38 29537 --a------ C:\WINDOWS\System32\k119956731611.exe
2008-01-06 05:11:38 16531 --a------ C:\WINDOWS\System32\k119956731510.exe
2008-01-06 05:11:36 17632 --a------ C:\WINDOWS\System32\k11995673128.exe
2008-01-06 05:11:36 16121 --a------ C:\WINDOWS\System32\k11995673117.exe
2008-01-06 05:11:36 17242 --a------ C:\WINDOWS\System32\k11995673095.exe
2008-01-06 05:11:33 17143 --a------ C:\WINDOWS\System32\k11995673106.exe
2008-01-06 05:11:28 17412 --a------ C:\WINDOWS\System32\k11995673074.exe
2008-01-06 05:11:28 17799 --a------ C:\WINDOWS\System32\k11995673063.exe
2008-01-06 05:11:25 15340 --a------ C:\WINDOWS\System32\k11995673052.exe
2008-01-06 05:07:33 16532 --a------ C:\WINDOWS\System32\k119956706916.exe
2008-01-06 05:07:33 19404 --a------ C:\WINDOWS\System32\k119956706815.exe
2008-01-06 05:07:33 16651 --a------ C:\WINDOWS\System32\k119956706613.exe
2008-01-06 05:07:33 17914 --a------ C:\WINDOWS\System32\k119956706412.exe
2008-01-06 05:07:30 16137 --a------ C:\WINDOWS\System32\k119956706714.exe
2008-01-06 05:07:25 29537 --a------ C:\WINDOWS\System32\k119956706311.exe
2008-01-06 05:07:25 16531 --a------ C:\WINDOWS\System32\k119956706210.exe
2008-01-06 05:07:25 16767 --a------ C:\WINDOWS\System32\k11995670619.exe
2008-01-06 05:07:23 17632 --a------ C:\WINDOWS\System32\k11995670608.exe
2008-01-06 05:07:23 16121 --a------ C:\WINDOWS\System32\k11995670587.exe
2008-01-06 05:07:20 17143 --a------ C:\WINDOWS\System32\k11995670576.exe
2008-01-06 05:07:20 17242 --a------ C:\WINDOWS\System32\k11995670565.exe
2008-01-06 05:07:15 17412 --a------ C:\WINDOWS\System32\k11995670554.exe
2008-01-06 05:07:15 17799 --a------ C:\WINDOWS\System32\k11995670533.exe
2008-01-06 05:07:13 15340 --a------ C:\WINDOWS\System32\k11995670522.exe
2008-01-06 04:50:42 16532 --a------ C:\WINDOWS\System32\k119956605316.exe
2008-01-06 04:50:42 16137 --a------ C:\WINDOWS\System32\k119956605114.exe
2008-01-06 04:50:40 29537 --a------ C:\WINDOWS\System32\k119956604711.exe
2008-01-06 04:50:33 16651 --a------ C:\WINDOWS\System32\k119956605013.exe
2008-01-06 04:50:33 16531 --a------ C:\WINDOWS\System32\k119956604610.exe
2008-01-06 04:50:33 16767 --a------ C:\WINDOWS\System32\k11995660459.exe
2008-01-06 04:50:27 17632 --a------ C:\WINDOWS\System32\k11995660448.exe
2008-01-06 04:50:27 16121 --a------ C:\WINDOWS\System32\k11995660427.exe
2008-01-06 04:50:24 17143 --a------ C:\WINDOWS\System32\k11995660416.exe
2008-01-06 04:50:24 17242 --a------ C:\WINDOWS\System32\k11995660405.exe
2008-01-06 04:50:19 17412 --a------ C:\WINDOWS\System32\k11995660394.exe
2008-01-06 04:50:19 17799 --a------ C:\WINDOWS\System32\k11995660383.exe
2008-01-06 04:50:17 15340 --a------ C:\WINDOWS\System32\k11995660362.exe
2008-01-06 04:46:26 16531 --a------ C:\WINDOWS\System32\k119956579910.exe
2008-01-06 04:46:22 16767 --a------ C:\WINDOWS\System32\k11995657979.exe
2008-01-06 04:46:19 17632 --a------ C:\WINDOWS\System32\k11995657968.exe
2008-01-06 04:46:19 16121 --a------ C:\WINDOWS\System32\k11995657957.exe
2008-01-06 04:46:17 17143 --a------ C:\WINDOWS\System32\k11995657946.exe
2008-01-06 04:46:17 17242 --a------ C:\WINDOWS\System32\k11995657925.exe
2008-01-06 04:46:12 17412 --a------ C:\WINDOWS\System32\k11995657914.exe
2008-01-06 04:46:12 17799 --a------ C:\WINDOWS\System32\k11995657903.exe
2008-01-06 04:46:09 15340 --a------ C:\WINDOWS\System32\k11995657892.exe
2008-01-06 04:46:08 3545 --a------ C:\WINDOWS\System32\LYMANGR.DLL
2008-01-06 04:39:14 127488 --a------ C:\WINDOWS\System32\WSockDrv32.dll
2008-01-06 04:39:14 15340 --a------ C:\WINDOWS\cfbgof.exe
2008-01-06 04:39:13 16238 --a------ C:\WINDOWS\RegSrv64D.exE
2008-01-06 04:38:03 14537 ---h----- C:\auto.exe
2008-01-06 04:38:02 65536 --a------ C:\WINDOWS\System32\A29CB51A.DLL
2008-01-06 02:54:06 15340 --a------ C:\WINDOWS\WSockDrv32.exe
2008-01-06 02:48:38 17411 --a------ C:\WINDOWS\szupma.exe
2008-01-05 19:10:30 17411 --a------ C:\WINDOWS\crcqjj.exe
2008-01-05 19:10:21 16238 --a------ C:\WINDOWS\nnbklt.exe
2008-01-05 18:32:19 17411 --a------ C:\WINDOWS\jwyfgm.exe
2008-01-05 18:12:20 16238 --a------ C:\WINDOWS\vzxijq.exe
2008-01-05 18:08:11 17411 --a------ C:\WINDOWS\pknzoy.exe
2008-01-05 18:03:25 17411 --a------ C:\WINDOWS\nkckjk.exe
2008-01-05 18:03:13 16238 --a------ C:\WINDOWS\szkcyv.exe
2008-01-05 17:17:10 0 d-------- C:\WINDOWS\CSC
2008-01-05 16:29:49 17411 --a------ C:\WINDOWS\rzuqjz.exe
2008-01-05 16:18:36 17411 --a------ C:\WINDOWS\uxarxy.exe
2008-01-05 16:18:28 16238 --a------ C:\WINDOWS\xsmyhh.exe
2008-01-05 15:42:18 17411 --a------ C:\WINDOWS\dafrlr.exe
2008-01-05 15:42:10 16238 --a------ C:\WINDOWS\cdpqey.exe
2008-01-05 15:34:00 17069 --a------ C:\WINDOWS\WINSvr32.exE
2008-01-05 15:34:00 28160 --a------ C:\WINDOWS\System32\WINSvr32.dll
2008-01-05 15:33:41 26112 --a------ C:\WINDOWS\System32\RegSrv64D.dll
2008-01-05 15:29:31 17625 --a------ C:\WINDOWS\System32\32583CEE.EXE
2008-01-03 19:01:26 0 d-------- C:\Program Files\Winamp
2008-01-03 19:01:26 0 d-------- C:\Documents and Settings\User\Application Data\Winamp
2007-12-29 23:58:50 0 d-------- C:\Documents and Settings\User\Application Data\Tencent
2007-12-17 16:58:40 0 d-------- C:\Documents and Settings\Guest\Application Data\ppStream
2007-12-17 08:14:22 0 d---s---- C:\Documents and Settings\Guest\UserData
2007-12-17 08:11:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-12-16 22:34:43 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2007-12-15 20:47:59 0 d-------- C:\Documents and Settings\Guest\Application Data\Google
2007-12-15 20:47:57 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2007-12-15 20:21:06 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2007-12-15 20:20:44 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-12-15 20:20:44 0 d-------- C:\Documents and Settings\Guest\Application Data\Drag'n Drop CD+DVD
2007-12-15 20:20:44 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-12-15 20:20:43 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-12-15 20:20:43 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-12-15 20:20:43 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-12-15 20:20:43 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-12-15 20:20:43 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-12-15 20:20:43 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-12-15 20:20:43 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-12-15 20:20:43 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-12-15 20:20:43 0 d---s---- C:\Documents and Settings\Guest\Cookies
2007-12-15 20:20:43 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-12-15 20:20:43 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-12-15 20:20:43 0 d-------- C:\Documents and Settings\Guest\Application Data\InterTrust
2007-12-15 20:20:42 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-12-15 20:20:42 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-12-15 20:20:42 1572864 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT

This is from Deckard System Scan.
  • 0

Advertisements

#2
kahdah
Posted 06 January 2008 - 06:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Double post.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP