Win32.Trojan.Agent2 - Also can not Defrag System

View previous topic View next topic Go down

Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 2nd November 2009, 2:21 pm

Hello,

Ad-Aware first noticed this trojan, it states that it removes it and that a reboot is required. When I reboot the trojan comes back and Ad-Aware will re-detect it.

Also, I am not sure if this is related or not but when I click "Defragment" or "Analyze" after starting Disk Degfragmentor I get an error "Disk Defragmentor could not start"

Thanks for your help.

Here is my log file as required:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:11 AM, on 02/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\windows\system32\nvsvc32.exe
c:\docume~1\gregay~1\locals~1\temp\cdm\{d913852c-1c5c-4eec-ba19-7d73a78a85d9}\STacSV.exe
C:\windows\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Greg Ayotte\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http:\\10.10.200.220
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\gregay~1\locals~1\temp\cdm\{d913852c-1c5c-4eec-ba19-7d73a78a85d9}\STacSV.exe

--
End of file - 13769 bytes

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 2nd November 2009, 2:58 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 2nd November 2009, 3:12 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3085
Windows 5.1.2600 Service Pack 3

02/11/2009 10:04:32 AM
mbam-log-2009-11-02 (10-04-32).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 221280
Time elapsed: 36 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Greg Ayotte\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 2nd November 2009, 4:30 pm

Looks like there might be rootkit activity.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 2nd November 2009, 5:40 pm

GMER 1.0.15.15163 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 12:40:08
Windows 5.1.2600 Service Pack 3
Running: 0kd9htmm.exe; Driver: C:\DOCUME~1\GREGAY~1\LOCALS~1\Temp\uwtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA92887E]
SSDT spgi.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spgi.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT spgi.sys ZwOpenKey [0xBA6A70C0]
SSDT spgi.sys ZwQueryKey [0xBA6C610A]
SSDT spgi.sys ZwQueryValueKey [0xBA6C5F8A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA928BFE]

INT 0x62 ? 8A9E0BF8
INT 0x94 ? 8A80EBF8
INT 0xB4 ? 8A9E0BF8
INT 0xB4 ? 8A9E0BF8
INT 0xB4 ? 8A80EBF8
INT 0xB4 ? 8A9E0BF8

---- Kernel code sections - GMER 1.0.15 ----

? skxc.sys The system cannot find the file specified. !
? spgi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B97658AC 5 Bytes JMP 8A80E1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Greg Ayotte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spgi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spgi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spgi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spgi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spgi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B7E9C] spgi.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A9DF1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A80D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA541F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AA541F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AA541F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AA541F8
Device \Driver\usbuhci \Device\USBPDO-1 8A80D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A80D1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A80D1F8
Device \Driver\usbehci \Device\USBPDO-4 8A80C1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9E11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9E11F8
Device \Driver\Cdrom \Device\CdRom0 8A7BF1F8
Device \Driver\Cdrom \Device\CdRom1 8A7BF1F8
Device \Driver\atapi \Device\Ide\IdePort0 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBBA3829-25B5-46A6-88A7-0E27B95A9779} 89FE01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89FE01F8
Device \Driver\NetBT \Device\NetbiosSmb 89FE01F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBFDO-0 8A80D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A80D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FD91F8
Device \Driver\usbuhci \Device\USBFDO-2 8A80D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FD91F8
Device \Driver\usbuhci \Device\USBFDO-3 8A80D1F8
Device \Driver\usbehci \Device\USBFDO-4 8A80C1F8
Device \Driver\Ftdisk \Device\FtControl 8A9E11F8
Device \FileSystem\Cdfs \Cdfs 8A77B1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet008\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet009\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcwkucbwuxvadwksrtufxuxivqvmyjwujv.dll
Reg HKLM\SYSTEM\ControlSet010\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcthovpixdjpxrlnstdbirevmaforppwvc.dll
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD4 0xB1 0xF8 0x11 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x6F 0x8D 0x80 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xF8 0x95 0x48 ...

---- EOF - GMER 1.0.15 ----

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 2nd November 2009, 6:12 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 2nd November 2009, 6:48 pm

I get an error message after it downloads Recovery Console "Boot Partition cannot be enumerated correctly"

I click OK (only option) and then it asks me if I want to continue with the scan, I have said NO, as I am not sure if I should or not.

Please advise

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 2nd November 2009, 9:20 pm

Select yes instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 2nd November 2009, 9:47 pm

ComboFix 09-11-01.04 - Greg Ayotte 02/11/2009 16:38.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1290 [GMT -5:00]
Running from: c:\documents and settings\Greg Ayotte\My Documents\Downloads\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\GREGAY~1\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Greg Ayotte\Application Data\inst.exe
c:\windows\111355py9z8.dll
c:\windows\11458not-z-v9rus3e5.exe
c:\windows\11507ha9ktozl646.exe
c:\windows\11922wzrm4cb5.dll
c:\windows\12094v9r5s673z.ocx
c:\windows\120z8spa59ot5b.exe
c:\windows\12522virusz619.exe
c:\windows\1258n95-a-viruszfb.exe
c:\windows\1265z9r598.cpl
c:\windows\126et9ie51505z.ocx
c:\windows\12dzaddware3569.bin
c:\windows\12z87wor9752.bin
c:\windows\130z7wo5m905.bin
c:\windows\13501worm5fz9.exe
c:\windows\137bthrz5t90374.dll
c:\windows\13z91troj9225.ocx
c:\windows\14567hacktz5l690.cpl
c:\windows\15163not-a-5z9us41e.exe
c:\windows\15210not-azvir9s712.ocx
c:\windows\152829ot-a-vizus445.ocx
c:\windows\15284not-a-v9rus7dez.exe
c:\windows\15296spy39z.bin
c:\windows\15435zo9-a-virus50a.cpl
c:\windows\15496vizus7c4.cpl
c:\windows\1560not9a-virus5zb.exe
c:\windows\15684hzcktoo5549.ocx
c:\windows\157029zrus115.dll
c:\windows\158abazkdoor9168.ocx
c:\windows\158z8n59-a-virus57a.bin
c:\windows\1590zroj55.exe
c:\windows\15952not-a-vi9us6z75.cpl
c:\windows\15z92spambot5a5.cpl
c:\windows\16005zpam95t54.exe
c:\windows\16249z9oj2fc5.cpl
c:\windows\165z6h5ckt9ol217.ocx
c:\windows\16z76spy59a.ocx
c:\windows\1700s9azse2945.ocx
c:\windows\17434not-a-z9rus35a.exe
c:\windows\17449ha5ktooz91b.bin
c:\windows\1763down5oadez892.dll
c:\windows\1770zspy945.bin
c:\windows\17795vir9s89z.bin
c:\windows\17967spz5bot1cf.ocx
c:\windows\1811z9ackt5ol3a4.dll
c:\windows\18407nz9-a-virus5b3.ocx
c:\windows\18458s5z5a9.bin
c:\windows\18488virus591z.cpl
c:\windows\18587n9t-a-vzrus590.ocx
c:\windows\18803not-a-9izus504.dll
c:\windows\188thre5tz60359.dll
c:\windows\19006no5-a-virus5bz.dll
c:\windows\19256sz5mbot7ad.cpl
c:\windows\192bzhreat50149.cpl
c:\windows\1977zv5rus289.ocx
c:\windows\19899hacktoo56z3.bin
c:\windows\1995zwo955b3.exe
c:\windows\199zthi5f12499.cpl
c:\windows\19dfsze5l28429.bin
c:\windows\1ad1v5r9678z.exe
c:\windows\1c19spars925z05.dll
c:\windows\1c93spywaze1565.cpl
c:\windows\1ffespyz5re1995.cpl
c:\windows\1z571sp93a9.ocx
c:\windows\20039trz975e.dll
c:\windows\20318s9amboz45.exe
c:\windows\20894tzoj654.exe
c:\windows\211z7worm56d9.bin
c:\windows\21529zwnloader1074.exe
c:\windows\21662spam9ot15z.ocx
c:\windows\216719irus75z.exe
c:\windows\21886not-z-vi5us9af.ocx
c:\windows\21952virzs52c.bin
c:\windows\22072hackto9z5cf.ocx
c:\windows\22549irzs58f.bin
c:\windows\22811hack5o9lzd4.bin
c:\windows\22890z5rm339.cpl
c:\windows\2298zvir5s549.dll
c:\windows\22fzspyw9re5342.dll
c:\windows\23357nzt-a-v5rus2f79.dll
c:\windows\23514tr9j15z.exe
c:\windows\23582spazb9t52.bin
c:\windows\23663h5cktozl59f.cpl
c:\windows\2415thie9104z.exe
c:\windows\2436t9reat52730z.exe
c:\windows\24469not-a-virus2bz5.dll
c:\windows\24559n5t-a-zirus6bd.exe
c:\windows\24899spa5bzt6a4.cpl
c:\windows\24934zi5u9344.dll
c:\windows\24z69ddwar5377.exe
c:\windows\25259troj116z.dll
c:\windows\2538zwor94e3.exe
c:\windows\25529tealz577.dll
c:\windows\25539worm6z7.cpl
c:\windows\25dthre9t298z7.cpl
c:\windows\25z45s9y15a.ocx
c:\windows\26039not-a5zirus271.exe
c:\windows\26239acktzol552.exe
c:\windows\26569hzc5to9l75.bin
c:\windows\26b2th9ezt50327.bin
c:\windows\2714thzef1955.exe
c:\windows\27155sp9mzot3aa.bin
c:\windows\27186tr5965z.cpl
c:\windows\27249wzrm85.exe
c:\windows\27556v9rus2z15.exe
c:\windows\27655hackt9ozef.exe
c:\windows\279z9rus454.exe
c:\windows\2851s9yware150z.bin
c:\windows\28584nz5-a-virus149.cpl
c:\windows\28959ziru55c79.cpl
c:\windows\28979v9r5sz86.bin
c:\windows\29529spazbot347.bin
c:\windows\2994hacktool7z55.dll
c:\windows\29977h5cktool1fcz.dll
c:\windows\299z4vir5sa.bin
c:\windows\29baspazse506.cpl
c:\windows\29z365pambot1e09.cpl
c:\windows\29zfthreat52521.bin
c:\windows\29znot5a-virus6769.bin
c:\windows\2a39backdoor5089z.cpl
c:\windows\2a59spzrse1155.exe
c:\windows\2afe5parze9649.ocx
c:\windows\2c1fthze5t469.cpl
c:\windows\2ceezi52969.cpl
c:\windows\2d62dowzloader90785.cpl
c:\windows\2eczdownlo59er493.cpl
c:\windows\2fd5sp9rsez58.cpl
c:\windows\2fz35hief2519.bin
c:\windows\2z376wor519e.ocx
c:\windows\2z5fsparse1997.exe
c:\windows\2z827spamb9t4be5.exe
c:\windows\2z859pyware1928.bin
c:\windows\30908zp9759.dll
c:\windows\309629p55za.dll
c:\windows\309v5r693z.dll
c:\windows\309z5troj5eb.cpl
c:\windows\30z029py3985.dll
c:\windows\30z57spambot595.ocx
c:\windows\310185a9ktool7zd.bin
c:\windows\31217not-a-v5rus9z4.dll
c:\windows\31529z5cktool25c.bin
c:\windows\316hack9zol254.cpl
c:\windows\31949wo5mz31.dll
c:\windows\3194addzare571.ocx
c:\windows\31977spy6z59.cpl
c:\windows\31z73spam5ot9bc.exe
c:\windows\3221th9eat53463z.ocx
c:\windows\32551tro9ze5.bin
c:\windows\32668w95z123.bin
c:\windows\33539parse2z41.dll
c:\windows\335athreat32z09.exe
c:\windows\33d9t5reatz98.exe
c:\windows\3409tr9j5za.cpl
c:\windows\3475addw9rez226.cpl
c:\windows\3488ad95aze1347.bin
c:\windows\34ffaddwar593z3.exe
c:\windows\3500thz9f1671.bin
c:\windows\354z7worma9.ocx
c:\windows\355ed9wnzoader2258.bin
c:\windows\355ethr5a957z2.bin
c:\windows\35683z9y7eb.exe
c:\windows\3769noz9a5virus2fe.dll
c:\windows\383astza916425.cpl
c:\windows\3869spaz9ot2e5.dll
c:\windows\393zsparse8815.ocx
c:\windows\394st59l8z6.ocx
c:\windows\3955wzrm463.bin
c:\windows\39593zorm5ac.ocx
c:\windows\397azparse23935.cpl
c:\windows\3999pywzr5593.cpl
c:\windows\39a3thze52269.ocx
c:\windows\39adz5r2183.dll
c:\windows\3a63bz9kdoor4875.bin
c:\windows\3a91addwa5e32z5.cpl
c:\windows\3bz4sp9wa5e553.cpl
c:\windows\3ccbaddw5rz931.ocx
c:\windows\3d70szars931855.bin
c:\windows\3e39bazkdoor10865.ocx
c:\windows\3ee7szy5ar91166.exe
c:\windows\3f949hreat1z544.ocx
c:\windows\3z2ebac5door579.exe
c:\windows\3z4do5nl9ader3262.bin
c:\windows\3z56worm9af.bin
c:\windows\401e9parse15z0.cpl
c:\windows\403bdzwn5oa9er2198.cpl
c:\windows\405ethie930z4.cpl
c:\windows\406zspamb953f8.bin
c:\windows\4237vzr2956.bin
c:\windows\4358zt9al398.cpl
c:\windows\4377a9zware1597.exe
c:\windows\43b85zief1789.bin
c:\windows\4422spamzot985.bin
c:\windows\44f4b9ckd5orz009.exe
c:\windows\4530download9r62z.bin
c:\windows\458edzwnloade529369.ocx
c:\windows\45e1a5dware97z.bin
c:\windows\4785downzoade91549.bin
c:\windows\4788hazk9o5l1fc.ocx
c:\windows\47d55hi9f2z99.dll
c:\windows\482e9pzrse541.bin
c:\windows\485fspar9e1497z.exe
c:\windows\48evi5z229.ocx
c:\windows\491bs9azse8135.ocx
c:\windows\4929zhief5450.dll
c:\windows\4936viz26775.dll
c:\windows\4950ztea91998.bin
c:\windows\4959thief3546z.ocx
c:\windows\49f3b5ckdooz1339.cpl
c:\windows\4a57d9wnzoader29995.cpl
c:\windows\4d3fvzr9850.exe
c:\windows\4d9evir3z56.dll
c:\windows\4e1athrea529z78.cpl
c:\windows\4fe8backdoor2195z.exe
c:\windows\4z94spambot5ff9.ocx
c:\windows\50600troz15b9.dll
c:\windows\50619pywa5z393.cpl
c:\windows\5076d9wzloa5er2647.ocx
c:\windows\50787troz3449.bin
c:\windows\5084spz369.bin
c:\windows\50dbthief16z9.bin
c:\windows\5129oz-a-virus2385.cpl
c:\windows\522zdow9loader525.bin
c:\windows\530azpyware9788.dll
c:\windows\5326v5ru91caz.dll
c:\windows\5339znot-a-virus20c.exe
c:\windows\534zvir9905.bin
c:\windows\535znot-a-virus229.ocx
c:\windows\53e39hiez4815.bin
c:\windows\5434z5r9at1403.dll
c:\windows\544fdzwnloader2449.exe
c:\windows\54592ha9kzool4de.exe
c:\windows\5505spa9bot1fdz.ocx
c:\windows\5517stzal2329.bin
c:\windows\552bt9zeat7958.ocx
c:\windows\5595tro5z12.dll
c:\windows\5597h9ck5oolz8c.ocx
c:\windows\559fbackdoo933z.ocx
c:\windows\55zv9r1168.bin
c:\windows\5623hackzo9l671.cpl
c:\windows\56240wzrm1f9.exe
c:\windows\5642w9rz341.dll
c:\windows\56dcz5dware2958.exe
c:\windows\5719sparz52779.ocx
c:\windows\5734dow5loadez2759.ocx
c:\windows\57949v9ruszdf.ocx
c:\windows\57d2sp5r9z402.cpl
c:\windows\5832spyw9ze479.dll
c:\windows\585backdoor5z9.bin
c:\windows\58959azkto5l2a.ocx
c:\windows\58a9steal6z5.dll
c:\windows\5937sparse8z5.ocx
c:\windows\5956zhreat16939.bin
c:\windows\59940nzt-a-virus4d0.exe
c:\windows\59f9thi5f2z5.exe
c:\windows\59z2thre9t4855.bin
c:\windows\59z90spambot44d.dll
c:\windows\5a69adzw5re375.cpl
c:\windows\5ab7t9r5at167z2.cpl
c:\windows\5ac1thzef395.bin
c:\windows\5az5th9ef2851.dll
c:\windows\5b479hzeat15557.dll
c:\windows\5b9athzeat1507.exe
c:\windows\5bzesp9w5re2943.bin
c:\windows\5d57thief198z.ocx
c:\windows\5dc9szywa9e48.dll
c:\windows\5dcbackdoor953z.ocx
c:\windows\5e395zr268.dll
c:\windows\5f0zaddw9re1254.dll
c:\windows\5f1z9parse2433.bin
c:\windows\5fzaste9l535.ocx
c:\windows\5z1589irus9d.ocx
c:\windows\5z699hief1779.ocx
c:\windows\5z9dspars52998.exe
c:\windows\5z9spy321.exe
c:\windows\5ze759yware2432.ocx
c:\windows\6279zi955.exe
c:\windows\62d2bzckdoor9954.bin
c:\windows\6309do5zloader31199.exe
c:\windows\635b9parse32z7.ocx
c:\windows\63a0stz591598.ocx
c:\windows\6494spzwa5e1139.cpl
c:\windows\64z79hreat9855.ocx
c:\windows\651c9ownzoader893.cpl
c:\windows\657ctzi9f386.exe
c:\windows\657zv9r3079.exe
c:\windows\658fs59zse601.cpl
c:\windows\65df9parze164.cpl
c:\windows\65f3st5az15949.ocx
c:\windows\65z4spam5ot9eb.ocx
c:\windows\67595te9l3042z.dll
c:\windows\68f9addwzr95463.exe
c:\windows\6901steal5303z.exe
c:\windows\6957threa51z647.bin
c:\windows\69z1do5nloader2047.exe
c:\windows\6b7fthie593z3.bin
c:\windows\6ba4spzw9re27635.dll
c:\windows\6beback9oorz050.exe
c:\windows\6z11wor9665.ocx
c:\windows\6zc9backdoor19615.cpl
c:\windows\7030sp5ware9z.dll
c:\windows\70d4baczd9o51477.cpl
c:\windows\7182thiefz9835.ocx
c:\windows\74bb9zy5are2039.dll
c:\windows\7585stea519z0.exe
c:\windows\7592st5alz45.dll
c:\windows\75azvir18999.exe
c:\windows\7639virz375.bin
c:\windows\7698thzef1985.exe
c:\windows\7822tz9ef5018.cpl
c:\windows\7847b9ckdozr12355.ocx
c:\windows\7848addwarez2539.bin
c:\windows\78589irus35z.dll
c:\windows\78adzwnloa95r7.ocx
c:\windows\7918t5reat211z9.exe
c:\windows\7975spyw5re2150z.cpl
c:\windows\79b5zackdoor5536.dll
c:\windows\7a56sz59l3085.bin
c:\windows\7a90add9are29z95.dll
c:\windows\7b3download9r558z.cpl
c:\windows\7d34s5ar9e3172z.bin
c:\windows\7d5bac95ooz407.ocx
c:\windows\7dbcstza91053.exe
c:\windows\7dez5h9ef149.cpl
c:\windows\7e29d5wnloadez3274.cpl
c:\windows\7f27thre9t7055z.ocx
c:\windows\7z30d5wnloa9er3077.dll
c:\windows\7z3c5tea9271.ocx
c:\windows\88z6spa5bot3129.bin
c:\windows\8995zpy49e5.dll
c:\windows\89fspzware45.exe
c:\windows\9056zv5rus13d.dll
c:\windows\909d5hizf2002.ocx
c:\windows\90fdstealz75.dll
c:\windows\91650zpy65f.exe
c:\windows\91d6downloazer31505.bin
c:\windows\92270wzrm65.dll
c:\windows\925295rz798.dll
c:\windows\9377zhreat24305.dll
c:\windows\93z1thr5at481.cpl
c:\windows\9536zirus5fc5.exe
c:\windows\9554s5azbot50b.bin
c:\windows\955z5spambot207.cpl
c:\windows\967ft5ief156z.exe
c:\windows\9691no5-9-viruzca.bin
c:\windows\9699not-a-vz5us1a6.ocx
c:\windows\97051trojz75.ocx
c:\windows\97899virz57e0.cpl
c:\windows\982z7spambot555.ocx
c:\windows\99602hackt5oz5e8.bin
c:\windows\99z5hief2946.cpl
c:\windows\9b095hizf2385.dll
c:\windows\9be9zpywa5e533.dll
c:\windows\9c4dba5kdoor29z5.bin
c:\windows\9ccbtzreat20665.bin
c:\windows\9d5fad5ware23z0.dll
c:\windows\9f39steaz3058.dll
c:\windows\9f92thie5z256.exe
c:\windows\9z319ot-5-virus30d.bin
c:\windows\9z57v9rus71e.exe
c:\windows\9z619troj515.cpl
c:\windows\9z65orm71a9.bin
c:\windows\a555tezl14819.ocx
c:\windows\baft5z9at1577.dll
c:\windows\c02z9i5f1016.cpl
c:\windows\c17dzwnloa5er9836.cpl
c:\windows\c2cstealz595.bin
c:\windows\c98szarse35.exe
c:\windows\cc5ad9ware19z9.dll
c:\windows\d3zteal19905.cpl
c:\windows\d75thr9at97z1.exe
c:\windows\e7ab9ckdo5r322z.dll
c:\windows\system32\1029zwor9653.exe
c:\windows\system32\109z5n5t-a-vir9s67b.exe
c:\windows\system32\11258sp969z.cpl
c:\windows\system32\11325spambotz96.ocx
c:\windows\system32\11565spzmbot32d9.bin
c:\windows\system32\11582zpy596.cpl
c:\windows\system32\116375orm1a9z.dll
c:\windows\system32\11722hacztool9d55.bin
c:\windows\system32\11935not-z-9irus295.dll
c:\windows\system32\12050no95a-viruz31a.cpl
c:\windows\system32\129zpy30d5.dll
c:\windows\system32\12zaa5dw9re1967.cpl
c:\windows\system32\13505acktoz914d.cpl
c:\windows\system32\13598hacktool30z.bin
c:\windows\system32\13z26vir5s19c.bin
c:\windows\system32\13z73vi95s69b.exe
c:\windows\system32\13zdownloa5er9174.exe
c:\windows\system32\14555sp9za1.exe
c:\windows\system32\15192hack5ool181z.bin
c:\windows\system32\15198spazbot970.bin
c:\windows\system32\1571zspamb9t71e.ocx
c:\windows\system32\15795worm1ze9.ocx
c:\windows\system32\15947tro97dz.ocx
c:\windows\system32\15z659orm1b75.ocx
c:\windows\system32\1605pz9se2564.bin
c:\windows\system32\16159tr9z5eb.dll
c:\windows\system32\16395z9t-a-virus625.ocx
c:\windows\system32\1654zhackto9l529.exe
c:\windows\system32\16581not-a-vir951z3.bin
c:\windows\system32\16f5downl9ader51z.dll
c:\windows\system32\17544not-9-virus77z.cpl
c:\windows\system32\179z75ac9tool15d.ocx
c:\windows\system32\17f1b95zdoor1329.cpl
c:\windows\system32\17z73virus5659.cpl
c:\windows\system32\1814stz953232.ocx
c:\windows\system32\185eviz5319.bin
c:\windows\system32\18f9thief36z5.exe
c:\windows\system32\1905vir959z.ocx
c:\windows\system32\190735acktozl501.dll
c:\windows\system32\190z1wor5239.exe
c:\windows\system32\19203tr5j60z.bin
c:\windows\system32\19381not-a-vzrus38f5.ocx
c:\windows\system32\19429vzrus6595.ocx
c:\windows\system32\19639n5t-azvirus732.exe
c:\windows\system32\19663hack5zol354.ocx
c:\windows\system32\19cfvirz15.ocx
c:\windows\system32\19d85owzloader529.cpl
c:\windows\system32\1a19hief315z.bin
c:\windows\system32\1d5zthief1519.bin
c:\windows\system32\1f23a9dwarz13225.exe
c:\windows\system32\1fc5zt9al1231.bin
c:\windows\system32\1z460spa9b5t72a.ocx
c:\windows\system32\1z57th5eat9089.dll
c:\windows\system32\1z693troj751.bin
c:\windows\system32\1z9wor52ad.dll
c:\windows\system32\20449i5zs51.bin
c:\windows\system32\20eba9kdzor2225.cpl
c:\windows\system32\21016not-a-vi95s2z0.cpl
c:\windows\system32\21963zi9us5fe.bin
c:\windows\system32\21dbackdo9z597.ocx
c:\windows\system32\22595zp5mbot6e0.ocx
c:\windows\system32\22638hackt5ol95z.exe
c:\windows\system32\226aadzw9re2375.exe
c:\windows\system32\233bviz9095.exe
c:\windows\system32\234935zt-a-virus78d.bin
c:\windows\system32\2382znot-a-v9rus75.bin
c:\windows\system32\23z9vi52764.bin
c:\windows\system32\240419zr54df.bin
c:\windows\system32\24595viruza5.dll
c:\windows\system32\24986worm5ze.dll
c:\windows\system32\24993virzs7815.exe
c:\windows\system32\255ztro51149.dll
c:\windows\system32\2574z5pyd69.ocx
c:\windows\system32\25z90w5rm91b.dll
c:\windows\system32\26099szamb5t964.exe
c:\windows\system32\26293vizus85.exe
c:\windows\system32\27529virusz77.cpl
c:\windows\system32\27549not-a-vizus1955.bin
c:\windows\system32\282ste5l91z.dll
c:\windows\system32\2834sp59se520z.bin
c:\windows\system32\28359ackdozr1270.exe
c:\windows\system32\28585hack9oolz6a.ocx
c:\windows\system32\286185r9j54z.dll
c:\windows\system32\28833wo9m52z.exe
c:\windows\system32\29357tzoj49c.dll
c:\windows\system32\2945ir1z51.exe
c:\windows\system32\295745py61z.dll
c:\windows\system32\29575not-9-virus7zb.exe
c:\windows\system32\29639not-a-viruszd5.ocx
c:\windows\system32\2978s5ealz584.bin
c:\windows\system32\298359r772z.ocx
c:\windows\system32\2999spz35e5.exe
c:\windows\system32\2999zspambot5b.exe
c:\windows\system32\2c51zd9ware1126.cpl
c:\windows\system32\2ec29ddzare245.ocx
c:\windows\system32\2z459spy19b.cpl
c:\windows\system32\2z529troj785.bin
c:\windows\system32\2z855ot-a-viru9777.exe
c:\windows\system32\30541hzcktool296.ocx
c:\windows\system32\3055stzal1929.ocx
c:\windows\system32\30934sp9mbo54az.exe
c:\windows\system32\30a5szar9e555.bin
c:\windows\system32\3132zhackto5l14a9.exe
c:\windows\system32\3199z5orm3a1.ocx
c:\windows\system32\31zft9ief759.ocx
c:\windows\system32\32452not-a-v95zs550.ocx
c:\windows\system32\3250downlzader1791.cpl
c:\windows\system32\32578vizu9329.bin
c:\windows\system32\32955ozm5c0.bin
c:\windows\system32\32zbackdoo915305.bin
c:\windows\system32\3456hac9toolz6.bin
c:\windows\system32\35496sp954z.exe
c:\windows\system32\3550down9ozder65.exe
c:\windows\system32\35758not9a-viruz49c.cpl
c:\windows\system32\365dbackdoor593z9.exe
c:\windows\system32\39basp9rse57z5.bin
c:\windows\system32\39zdsparse27665.dll
c:\windows\system32\3a53spywzre2629.ocx
c:\windows\system32\3a84thrzat5929.dll
c:\windows\system32\3b12b5ckdzo9590.dll
c:\windows\system32\3c96thizf15165.cpl
c:\windows\system32\3da69ownloadzr1650.ocx
c:\windows\system32\3z565d9ware109.cpl
c:\windows\system32\3z595not95-virus65c.bin
c:\windows\system32\415cthizf1958.bin
c:\windows\system32\4340not-9-virzs3a5.dll
c:\windows\system32\4355sz5rse1990.exe
c:\windows\system32\43ezsp9war52592.exe
c:\windows\system32\4439z9arse2935.cpl
c:\windows\system32\4560sza9bot6cb.cpl
c:\windows\system32\4570spy593z.cpl
c:\windows\system32\4579py37ez.dll
c:\windows\system32\4598w9rz652.cpl
c:\windows\system32\4693vi5us2c7z.cpl
c:\windows\system32\4772vi5us29cz.cpl
c:\windows\system32\48fcthre5t2962z.ocx
c:\windows\system32\490ftz5ef2389.exe
c:\windows\system32\4915stealz191.cpl
c:\windows\system32\49b3v5r758z.exe
c:\windows\system32\49eaaddwar9575z.ocx
c:\windows\system32\49zathre9t231875.exe
c:\windows\system32\4b96ztea52876.cpl
c:\windows\system32\4c8z5ckdoo91439.ocx
c:\windows\system32\4ca8z5y9are657.exe
c:\windows\system32\4z5fvi915135.dll
c:\windows\system32\4zbesp5rse1389.exe
c:\windows\system32\4ze4threa925528.ocx
c:\windows\system32\50259ddware313z.dll
c:\windows\system32\507daddz9re835.ocx
c:\windows\system32\50929viruszef.cpl
c:\windows\system32\50z35par9e2502.ocx
c:\windows\system32\5148spy95re269z.dll
c:\windows\system32\51845orm93z.exe
c:\windows\system32\5189spazbot15c.cpl
c:\windows\system32\5496viz2568.dll
c:\windows\system32\5499tzoj5cd9.ocx
c:\windows\system32\5548z9py542.dll
c:\windows\system32\5559spzrse3195.cpl
c:\windows\system32\55879acktooz45e.ocx
c:\windows\system32\5596zhrea955965.bin
c:\windows\system32\55abd5wn9oazer2831.cpl
c:\windows\system32\55f1a9dware991z.bin
c:\windows\system32\55z8worm398.bin
c:\windows\system32\5606a95wzre2993.exe
c:\windows\system32\5639spyza5e1481.ocx
c:\windows\system32\568959t-a-virusz38.exe
c:\windows\system32\572zvir905.exe
c:\windows\system32\578avir9268z.cpl
c:\windows\system32\5795virz1849.cpl
c:\windows\system32\57z22sp9mbote1.cpl
c:\windows\system32\57z42t9oj6d3.ocx
c:\windows\system32\585no5-a-viruz7d39.exe
c:\windows\system32\5863spyware256z9.dll
c:\windows\system32\58a9z9r2657.bin
c:\windows\system32\591fzh59at23177.ocx
c:\windows\system32\5920s9zware2635.bin
c:\windows\system32\595espy9aze985.dll
c:\windows\system32\596069pambot4z9.cpl
c:\windows\system32\59629zroj349.ocx
c:\windows\system32\5981hacktoolzbb.bin
c:\windows\system32\59caddzare2159.dll
c:\windows\system32\59z7thief5219.cpl
c:\windows\system32\5b49baczdoor2257.bin
c:\windows\system32\5bzbsteal9867.ocx
c:\windows\system32\5d33adz9are3001.dll
c:\windows\system32\5d57th9eat2z596.bin
c:\windows\system32\5dccz9ief2885.ocx
c:\windows\system32\5e5dz9r843.dll
c:\windows\system32\5e75stea9156z.exe
c:\windows\system32\5f495ddware1521z.cpl
c:\windows\system32\5f7z9hreat24665.dll
c:\windows\system32\5ffedo9nlzad5r1869.ocx
c:\windows\system32\5z05not-a-virus4e59.bin
c:\windows\system32\5z13b9ckd5or3160.dll
c:\windows\system32\5z145pyware2948.dll
c:\windows\system32\5z609o5nloader1189.cpl
c:\windows\system32\5zdest9al536.cpl
c:\windows\system32\60915zy99c.bin
c:\windows\system32\6152spa9botze9.dll
c:\windows\system32\6223vir19z35.ocx
c:\windows\system32\6264t9i5f13z8.dll
c:\windows\system32\62beth9ea51z296.dll
c:\windows\system32\62f3ad5wzr92423.ocx
c:\windows\system32\62z5hreat31797.bin
c:\windows\system32\639ead9zar5363.bin
c:\windows\system32\6457spywaze2494.bin
c:\windows\system32\6537viz2039.exe
c:\windows\system32\6539zownloader804.ocx
c:\windows\system32\6566addwzre592.dll
c:\windows\system32\659bvir2z36.dll
c:\windows\system32\65a9addzare1891.cpl
c:\windows\system32\65e6d9wnloadzr1105.bin
c:\windows\system32\66545acktzol29f.bin
c:\windows\system32\6851spar9z2646.cpl
c:\windows\system32\6891virz6955.exe
c:\windows\system32\68z2v9rus1f5.dll
c:\windows\system32\6957thz9f801.dll
c:\windows\system32\6964bac9d5or33z.dll
c:\windows\system32\6987zown5oader699.bin
c:\windows\system32\69b95ownloadez9212.bin
c:\windows\system32\6az9vi53233.cpl
c:\windows\system32\6b9fvi5195z.cpl
c:\windows\system32\6z18thi9f3065.exe
c:\windows\system32\6z84threa529927.dll
c:\windows\system32\6z90steal26509.ocx
c:\windows\system32\700abackdz5r9185.exe
c:\windows\system32\72f5zpywar91651.ocx
c:\windows\system32\72fddozn5oade92371.exe
c:\windows\system32\735athrza929919.exe
c:\windows\system32\749d9pzw5re2254.ocx
c:\windows\system32\7520vi9u52z5.cpl
c:\windows\system32\755ztroj945.bin
c:\windows\system32\75zbackdoo51489.bin
c:\windows\system32\7603nzt-59virusea.bin
c:\windows\system32\76f2zownloa5er18129.cpl
c:\windows\system32\76zc5par9e2471.dll
c:\windows\system32\77399ackdoor355z.exe
c:\windows\system32\778cbackd5orz95.bin
c:\windows\system32\7875tr5936cz.ocx
c:\windows\system32\7a9adownlo5dzr3149.bin
c:\windows\system32\7b9zthief5333.cpl
c:\windows\system32\7bez5ir998.exe
c:\windows\system32\7c34ba9kdo5rz907.ocx
c:\windows\system32\7cb8threa9222z35.dll
c:\windows\system32\7d3b5ddware94z5.ocx
c:\windows\system32\7d59zarse22065.cpl
c:\windows\system32\7d7fthrezt299795.cpl
c:\windows\system32\7f52bzckdoor1192.exe
c:\windows\system32\835downl9ader5738z.exe
c:\windows\system32\83h5zkt9ol5ab.bin
c:\windows\system32\8491n9t-azvirus325.bin
c:\windows\system32\856hacztool7539.dll
c:\windows\system32\8666tr95z90.cpl
c:\windows\system32\87205zambot3029.bin
c:\windows\system32\8849trojz5f9.ocx
c:\windows\system32\8fc9ownloader675z.bin
c:\windows\system32\90365pywzre352.ocx
c:\windows\system32\90b0zhief570.ocx
c:\windows\system32\90z84worm650.dll
c:\windows\system32\91037trojz0e5.dll
c:\windows\system32\91226spy1z5.cpl
c:\windows\system32\91585hacktozl235.bin
c:\windows\system32\9229p52az.cpl
c:\windows\system32\93853troj52fz.bin
c:\windows\system32\94395worm708z.ocx
c:\windows\system32\94519not-a-v5rus799z.ocx
c:\windows\system32\9451zworm555.exe
c:\windows\system32\9456szy51f.dll
c:\windows\system32\94athze9t290265.cpl
c:\windows\system32\94z8spywar52196.ocx
c:\windows\system32\94z9vi5us4e.cpl
c:\windows\system32\9543tzreat16979.ocx
c:\windows\system32\9547hacktz9l30d.ocx
c:\windows\system32\95519virzs50f.ocx
c:\windows\system32\9586noz-a-virus554.bin
c:\windows\system32\9591hazktool654.bin
c:\windows\system32\95z6steal3054.dll
c:\windows\system32\95z9worm77.ocx
c:\windows\system32\97tzreat59656.ocx
c:\windows\system32\98056spyzae.ocx
c:\windows\system32\985fvzr1959.dll
c:\windows\system32\98702troj15z5.dll
c:\windows\system32\98e2szea5424.dll
c:\windows\system32\99912zroj756.ocx
c:\windows\system32\9993w5rm4bcz.exe
c:\windows\system32\9ezdo5nloader134.bin
c:\windows\system32\9z82thi5f2407.exe
c:\windows\system32\aa6sparse1459z.exe
c:\windows\system32\c76steal59z.cpl
c:\windows\system32\drivers\gxvxcklyabdmecbehqpxevxbwoewbmlidfasw.sys
c:\windows\system32\f57a9dzare1293.bin
c:\windows\system32\f815teal1z97.bin
c:\windows\system32\gxvxccount
c:\windows\system32\z13059ormc5.cpl
c:\windows\system32\z18315pye9.exe
c:\windows\system32\z19629ot-5-virus71e.exe
c:\windows\system32\z2695hief6.dll
c:\windows\system32\z4379s5ambo9373.cpl
c:\windows\system32\z4947spy655.dll
c:\windows\system32\z5030tr9j21c.dll
c:\windows\system32\z5235sp935e.ocx
c:\windows\system32\z5259parse3144.ocx
c:\windows\system32\z5bead95are630.exe
c:\windows\system32\z689do59loader2198.dll
c:\windows\system32\z6dethi952889.dll
c:\windows\system32\z7178spy45c9.cpl
c:\windows\system32\z75b5ckd9or993.dll
c:\windows\system32\z9025py533.cpl
c:\windows\system32\z9527ha5k9ool77a.exe
c:\windows\system32\z9799t9oj252.ocx
c:\windows\system32\z9822vi5us2ac.bin
c:\windows\system32\zab95ir9888.exe
c:\windows\system32\zf46sp9rse5799.ocx
c:\windows\system32\zfeste9l755.bin
c:\windows\z024virus3905.dll
c:\windows\z099sp5ware2054.exe
c:\windows\z1139hie52253.dll
c:\windows\z1193t9o57ee.cpl
c:\windows\z1378v95us396.ocx
c:\windows\z1582tro9159.dll
c:\windows\z278d5wnl9ader898.exe
c:\windows\z459thief1069.bin
c:\windows\z53spy639.dll
c:\windows\z559vir2719.dll
c:\windows\z5c5downloa9er2262.dll
c:\windows\z610hack9o5l5e5.dll
c:\windows\z6517sp9mbot23.dll
c:\windows\z6953spamb5t914.ocx
c:\windows\z76059orm53b.bin
c:\windows\z8277hackt9ol59c.cpl
c:\windows\z85845p942a.bin
c:\windows\z93a5dware879.cpl
c:\windows\z9443not9a-virus25f.ocx
c:\windows\z9679hac5tool99d.cpl
c:\windows\z9a35ir344.bin
c:\windows\za70spywar52989.bin
c:\windows\za92backdoo5703.dll
F:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 18:42 . 2009-11-02 18:44 -------- d-----w- C:\Combo-Fix2374C
2009-11-02 18:35 . 2009-11-02 18:35 -------- d-----w- C:\Combo-Fix15955C
2009-11-02 18:33 . 2009-11-02 18:34 -------- d-----w- C:\Combo-Fix
2009-11-02 14:26 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 14:26 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 15:45 . 2009-11-01 15:45 -------- d-----w- C:\Poker
2009-10-30 17:25 . 2009-10-30 17:25 -------- d-----w- c:\program files\Microsoft
2009-10-30 17:13 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 17:13 . 2009-10-30 17:12 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 17:11 . 2009-10-30 17:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-29 16:07 . 2009-11-02 18:26 -------- d-----w- C:\$AVG8.VAULT$
2009-10-03 22:03 . 2009-10-03 22:03 -------- d-----w- c:\program files\DivX
2009-10-03 22:03 . 2009-10-03 22:03 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 21:13 . 2009-07-06 04:20 -------- d-----w- c:\documents and settings\Greg Ayotte\Application Data\Skype
2009-11-02 21:08 . 2009-08-15 13:47 -------- d-----w- c:\documents and settings\Greg Ayotte\Application Data\skypePM
2009-11-02 14:26 . 2009-05-25 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 14:43 . 2009-11-01 14:43 362747 ----a-w- c:\documents and settings\All Users\SPLE.tmp
2009-11-01 14:34 . 2009-11-01 14:34 362747 ----a-w- c:\documents and settings\All Users\SPLD.tmp
2009-11-01 14:28 . 2009-11-01 14:28 362747 ----a-w- c:\documents and settings\All Users\SPLC.tmp
2009-11-01 14:25 . 2009-11-01 14:25 362747 ----a-w- c:\documents and settings\All Users\SPL321.tmp
2009-10-30 17:12 . 2009-05-25 19:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-30 16:52 . 2009-06-13 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone DEMO
2009-10-30 16:50 . 2009-01-19 03:25 -------- d-----w- c:\program files\PartyGaming
2009-10-29 19:07 . 2008-12-12 05:42 -------- d-----w- c:\program files\BitComet
2009-10-28 22:32 . 2008-12-12 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-28 17:27 . 2009-10-28 17:27 145583 ----a-w- c:\documents and settings\All Users\SPLA6B.tmp
2009-10-22 20:58 . 2009-10-22 20:58 115451 ----a-w- c:\documents and settings\All Users\SPLB.tmp
2009-10-22 20:57 . 2009-10-22 20:57 115451 ----a-w- c:\documents and settings\All Users\SPL7A.tmp
2009-10-22 20:45 . 2009-10-22 20:45 115693 ----a-w- c:\documents and settings\All Users\SPLA.tmp
2009-10-22 20:43 . 2009-10-22 20:43 115693 ----a-w- c:\documents and settings\All Users\SPL42.tmp
2009-10-22 20:22 . 2009-10-22 20:22 321532 ----a-w- c:\documents and settings\All Users\SPLE8.tmp
2009-10-22 20:00 . 2009-09-24 19:25 -------- d-----w- c:\documents and settings\Greg Ayotte\Application Data\vlc
2009-10-21 03:41 . 2009-10-21 03:41 114787 ----a-w- c:\documents and settings\All Users\SPL9.tmp
2009-10-20 21:14 . 2009-10-20 21:14 114787 ----a-w- c:\documents and settings\All Users\SPL811.tmp
2009-10-20 06:42 . 2009-03-19 19:44 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-15 16:59 . 2009-10-15 16:59 490016 ----a-w- c:\documents and settings\All Users\SPL376.tmp
2009-10-13 20:42 . 2009-10-13 20:42 115445 ----a-w- c:\documents and settings\All Users\SPL181.tmp
2009-10-07 16:20 . 2009-05-04 17:43 -------- d-----w- c:\program files\DOSBox-0.72
2009-10-04 16:23 . 2009-10-04 16:23 96945 ----a-w- c:\documents and settings\All Users\SPL10.tmp
2009-10-04 14:20 . 2009-10-04 14:20 116039 ----a-w- c:\documents and settings\All Users\SPL736.tmp
2009-10-01 19:33 . 2008-12-12 03:22 47416 ----a-w- c:\documents and settings\Greg Ayotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 19:24 . 2009-09-24 19:24 -------- d-----w- c:\program files\VideoLAN
2009-09-21 17:40 . 2009-09-21 17:40 84592 ----a-w- c:\documents and settings\All Users\SPL57.tmp
2009-09-21 16:56 . 2009-09-21 16:56 3090431 ----a-w- c:\documents and settings\All Users\SPLC8E.tmp
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:51 . 2009-09-10 18:51 574087 ----a-w- c:\documents and settings\All Users\SPL6D.tmp
2009-09-10 18:35 . 2009-09-10 18:35 370127 ----a-w- c:\documents and settings\All Users\SPL6A.tmp
2009-09-10 13:49 . 2008-12-12 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 14:36 . 2009-09-09 14:36 370823 ----a-w- c:\documents and settings\All Users\SPL235.tmp
2009-09-09 03:28 . 2009-09-09 03:28 -------- d-----w- c:\documents and settings\Greg Ayotte\Application Data\Microgaming
2009-09-07 17:54 . 2009-09-07 17:54 1953724 ----a-w- c:\documents and settings\All Users\SPLED.tmp
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 18:35 . 2009-08-15 17:08 -------- d-----w- c:\program files\Skype Recorder
2009-09-04 04:30 . 2009-06-17 06:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 18:57 . 2009-09-03 18:57 395413 ----a-w- c:\documents and settings\All Users\SPL74C.tmp
2009-08-29 08:08 . 2005-09-02 22:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 01:17 . 2009-08-27 01:16 541634008 ----a-w- c:\documents and settings\All Users\SPL8.tmp
2009-08-27 01:11 . 2009-08-27 01:10 541634008 ----a-w- c:\documents and settings\All Users\SPL85.tmp
2009-08-26 19:19 . 2009-08-26 19:19 107998 ----a-w- c:\documents and settings\All Users\SPL7.tmp
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 20:55 . 2009-08-24 20:55 90806 ----a-w- c:\documents and settings\All Users\SPL5C.tmp
2009-08-24 20:39 . 2009-08-24 20:39 90522 ----a-w- c:\documents and settings\All Users\SPL1C3.tmp
2009-08-21 20:56 . 2009-08-21 20:56 1835516 ----a-w- c:\documents and settings\All Users\SPL72E.tmp
2009-08-15 13:47 . 2009-08-15 13:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-15 12:48 . 2009-04-10 15:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 12:48 . 2009-04-10 15:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 12:48 . 2009-04-10 15:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 15:00 . 2009-01-04 23:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-08 22:34 . 2009-08-08 22:34 4933972 ----a-w- c:\documents and settings\All Users\SPL415.tmp
2009-08-06 23:24 . 2008-12-12 02:41 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-12-12 02:41 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-12-12 03:26 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-12-12 02:41 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-12-12 02:41 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-12-12 02:41 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-12-13 17:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-12-12 02:41 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 14:05 . 2009-08-06 14:05 7960 ----a-w- c:\documents and settings\All Users\SPL118.tmp
2009-08-05 17:30 . 2009-08-05 17:30 3834360 ----a-w- c:\documents and settings\All Users\SPL131.tmp
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Greg Ayotte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-25 133104]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-30 788368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-29 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-29 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-29 311976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 12:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\NetIntellGames\\Net Spite and Malice 6\\spite.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15231:TCP"= 15231:TCP:BitComet 15231 TCP
"15231:UDP"= 15231:UDP:BitComet 15231 UDP
"20388:TCP"= 20388:TCP:BitComet 20388 TCP
"20388:UDP"= 20388:UDP:BitComet 20388 UDP
"24352:TCP"= 24352:TCP:BitComet 24352 TCP
"24352:UDP"= 24352:UDP:BitComet 24352 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/10/2009 12:13 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 10:55 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 10:55 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/04/2009 10:55 AM 297752]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [14/07/2009 9:13 AM 98984]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 6:17 AM 1179232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - UWTDQPOW
*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - uwtdqpow
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:12]

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1425521274-839522115-1003Core.job
- c:\documents and settings\Greg Ayotte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-25 18:46]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1425521274-839522115-1003UA.job
- c:\documents and settings\Greg Ayotte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-25 18:46]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{04EB5AA6-1563-4B1B-9F59-B13C9492A813}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - [You must be registered and logged in to see this link.]
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Skype Recorder - c:\program files\Skype Recorder\Skype Recorder.exe
AddRemove-HijackThis - c:\documents and settings\Greg Ayotte\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgi.sys >>UNKNOWN [0x8AA01938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA5FBB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA5FBB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA5FBB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA5FBB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA5FBB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA5FBB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
Completion time: 2009-11-02 16:45
ComboFix-quarantined-files.txt 2009-11-02 21:45

Pre-Run: 1,456,423,321,600 bytes free
Post-Run: 1,458,811,719,680 bytes free

- - End Of File - - D2DBD71A3FE8C213CCCB236AF668A7CB

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 3rd November 2009, 12:28 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\documents and settings\All Users\SPL*.tmp

    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 3rd November 2009, 5:37 am

========== FILES ==========
c:\documents and settings\All Users\SPL10.tmp moved successfully.
c:\documents and settings\All Users\SPL118.tmp moved successfully.
c:\documents and settings\All Users\SPL12E.tmp moved successfully.
c:\documents and settings\All Users\SPL131.tmp moved successfully.
c:\documents and settings\All Users\SPL181.tmp moved successfully.
c:\documents and settings\All Users\SPL1C3.tmp moved successfully.
c:\documents and settings\All Users\SPL20.tmp moved successfully.
c:\documents and settings\All Users\SPL20C.tmp moved successfully.
c:\documents and settings\All Users\SPL235.tmp moved successfully.
c:\documents and settings\All Users\SPL2AF.tmp moved successfully.
c:\documents and settings\All Users\SPL321.tmp moved successfully.
c:\documents and settings\All Users\SPL34.tmp moved successfully.
c:\documents and settings\All Users\SPL376.tmp moved successfully.
c:\documents and settings\All Users\SPL415.tmp moved successfully.
c:\documents and settings\All Users\SPL42.tmp moved successfully.
c:\documents and settings\All Users\SPL57.tmp moved successfully.
c:\documents and settings\All Users\SPL5C.tmp moved successfully.
c:\documents and settings\All Users\SPL6.tmp moved successfully.
c:\documents and settings\All Users\SPL6A.tmp moved successfully.
c:\documents and settings\All Users\SPL6D.tmp moved successfully.
c:\documents and settings\All Users\SPL7.tmp moved successfully.
c:\documents and settings\All Users\SPL72E.tmp moved successfully.
c:\documents and settings\All Users\SPL736.tmp moved successfully.
c:\documents and settings\All Users\SPL74C.tmp moved successfully.
c:\documents and settings\All Users\SPL7A.tmp moved successfully.
c:\documents and settings\All Users\SPL8.tmp moved successfully.
c:\documents and settings\All Users\SPL811.tmp moved successfully.
c:\documents and settings\All Users\SPL85.tmp moved successfully.
c:\documents and settings\All Users\SPL9.tmp moved successfully.
c:\documents and settings\All Users\SPL9AB.tmp moved successfully.
c:\documents and settings\All Users\SPLA.tmp moved successfully.
c:\documents and settings\All Users\SPLA6B.tmp moved successfully.
c:\documents and settings\All Users\SPLB.tmp moved successfully.
c:\documents and settings\All Users\SPLC.tmp moved successfully.
c:\documents and settings\All Users\SPLC8E.tmp moved successfully.
c:\documents and settings\All Users\SPLD.tmp moved successfully.
c:\documents and settings\All Users\SPLE.tmp moved successfully.
c:\documents and settings\All Users\SPLE8.tmp moved successfully.
c:\documents and settings\All Users\SPLED.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\FirewallOverride deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 11032009_003658

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 3rd November 2009, 7:35 pm

Hello.
LIST]
[*] Open HijackThis.
[*] When Hijack This opens, click "Open the Misc Tools section"
[*] Then select "Open Uninstall Manager"
[*] Click on "Save List..." (generates uninstall_list.txt)
[*] Click Save, copy and paste the results in your next post.
[/LIST]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 4th November 2009, 5:30 am

100% Free Gin 7.18
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Apple Mobile Device Support
Apple Software Update
AVG 8.5
BitComet 1.07
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DivX Web Player
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
DVDFab 6.0.1.0 (May 15, 2009)
Free Sound Recorder
Full Tilt Poker
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Network Connections 13.4.22.0
iTunes
Java(TM) 6 Update 15
Jeopardy! 2003
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
Net Spite and Malice 6
NVIDIA Drivers
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype web features
Skype™ 4.1
System Requirements Lab
The Game Of Life
Titan Poker
Tri-Towers 2.1.4.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Belahzur on 5th November 2009, 1:05 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitComet 1.07
    Java(TM) 6 Update 15

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32.Trojan.Agent2 - Also can not Defrag System

Post by Poison on 5th November 2009, 5:28 am

Seems to be running faster and Ad-Aware no longer detects a virus upon startup!

Thanks for your expertise. Right On!

Poison
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-11-02
OS OS : XP
Points Points : 25970
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum