Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Agent/Gen-Rimecud Infection?

Started by rnl19862005 , Aug 16 2011 08:44 AM

  • Please log in to reply

#1
rnl19862005
Posted 16 August 2011 - 08:44 AM

rnl19862005

    New Member

  • Member
  • Pip
  • 3 posts
[Final Update] We think its a problem with over heating or one of the components in the laptop, so we're going to do something else with it, either take it to someone or just get a new one. Thanks to anybody who looked at our problem. Can a mod close this case, I'm not sure how.


The computer was acting up with a game that was recently bought from walmart and installed, may have been acting up before. This is not my computer so I am only posting what I was told before I got it and what I have seen since getting it. When some one tried to play this game it would either freeze or crash the computer. Now the computer won't connect to the internet(using a different computer to post). Before I got the computer to try to fix it, someone ran a scan with SUPER AntiSpyware and said it found a trojan and then when they went to clean it up with the program it crashed the computer. Also after this happened and before I got the computer, I was told the computer was just left sitting running idle and after a while, the screen would go black and wouldn't come back on without a hard reboot. Since then I have tried running the same program and it didn't even finish the scan after finding the infection before the computer freezes and the screen displays horizontal bars like the display was messing up. Sorry if this is confusing, ask me for clarification and I will try. Can anybody help me?

[update] I ran SAS again and stopped it after it found the below file before it messed the computer up, and had SAS remove the file and restarted the computer. I then tried to run the SAS again. It didn't show the below file but it still crashed the computer. Could this be a hardware problem?



infection reads from SAS
Trojan.Agent/Gen-Rimecud
C:\DOCUMENTS AND SETTINGS/(USER)/LOCAL SETTINGS/TEMP/SDM143/RESOURCEDLL.DLL


OTL report

OTL logfile created on: 8/16/2011 8:56:30 AM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = E:\pc health
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 73.03% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.52 Gb Free Space | 82.55% Space Free | Partition Type: NTFS
Drive E: | 980.72 Mb Total Space | 722.30 Mb Free Space | 73.65% Space Free | Partition Type: FAT

Computer Name: MOTO | User Name: Brenda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 08:49:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\pc health\OTL.exe
PRC - [2011/07/18 19:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/02/06 23:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2005/12/04 23:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2005/12/03 02:23:08 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/11/18 17:46:00 | 001,724,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/10/18 17:11:08 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005/08/17 09:59:34 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/08/16 22:11:28 | 000,065,536 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/10/29 10:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 10:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/07/22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004/10/14 10:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2004/10/01 14:13:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 19:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2005/10/18 17:11:08 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/10/29 10:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/03 20:25:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/26 22:58:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 15:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Best of Slots II
[2011/08/12 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/08/12 15:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tetris Worlds
[2011/08/03 22:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/08/03 21:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/03 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/08/03 21:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/03 21:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/08/03 21:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/03 21:48:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/03 20:52:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/08/03 20:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/03 20:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/03 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/03 20:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\Application Data\AVG10
[2011/08/03 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/03 19:08:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/03 18:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/28 12:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games(2)
[2011/07/28 10:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\Application Data\egames
[2011/07/28 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\eGames
[2011/07/20 16:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\My Documents\Slingo Mystery 2 Documents
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/16 09:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 08:59:52 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/16 08:59:52 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/16 08:55:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 08:55:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/16 08:17:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 15:32:41 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Masque Games.lnk
[2011/08/12 15:32:41 | 000,001,403 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Best of Slots II.lnk
[2011/08/12 15:29:45 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Brenda\Desktop\Tetris Worlds.lnk
[2011/08/04 06:35:46 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 22:23:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 21:53:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/03 20:43:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/03 20:28:03 | 126,786,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/03 20:25:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/03 20:11:13 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Brenda\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/28 12:08:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2011/07/28 12:08:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/07/28 09:17:43 | 000,131,558 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/12 15:32:41 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Masque Games.lnk
[2011/08/12 15:32:41 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Best of Slots II.lnk
[2011/08/12 15:29:45 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\Brenda\Desktop\Tetris Worlds.lnk
[2011/08/03 21:53:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/03 20:43:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/03 20:25:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/03 20:11:13 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Brenda\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/28 12:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/07/28 12:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/07/04 09:34:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/06/27 01:41:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/06/27 01:41:23 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/06/27 01:41:23 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/06/27 01:12:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2011/06/27 01:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011/06/26 23:01:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 22:54:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/26 17:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/26 17:30:16 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2011/08/03 20:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/03 19:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/06/27 02:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/03 19:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/07/05 12:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/08/03 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/27 11:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/08/03 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/03 19:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite(2)
[2011/08/03 20:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda\Application Data\AVG10
[2011/08/03 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda\Application Data\egames
[2011/07/15 16:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda\Application Data\Oberon Media

========== Purity Check ==========



< End of report >

Edited by rnl19862005, 19 August 2011 - 06:25 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP