Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-Downloader.Win32.Agent.aogd and .nfz?


  • This topic is locked This topic is locked
3 replies to this topic

#1 SeventhEcho

SeventhEcho

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 27 January 2009 - 04:33 PM

I keep getting pop ups from Internet Explorer and Mozilla, though I only use Mozilla. I've run a Kaspersky deep scan by booting through the CD drive and it came up with Trojan-Downloader.Win32.Agent.aogd and Trojan-Downloader.Win32.Agent.nfz. I also noticed that it has SpeedRunner also. I've attached the Hijack this log as well as the DDS logs. I'm going to look like this :thumbup2: soon if the pop ups do not end.

Thank you in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:02 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\VnrPack\VnrPack22.exe
C:\Program Files\GetPack\GetPack28.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WebShow\WebShow.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FEC2B9B9-5FB5-41C9-807E-4C135F216B1A} - C:\WINDOWS\system32\ddcCVNfF.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [b0f0e36c] rundll32.exe "C:\WINDOWS\system32\wfojkcnq.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [GetModule35] "C:\Program Files\GetModule\GetModule35.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Austin Glenn\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [VnrPack22] "C:\Program Files\VnrPack\VnrPack22.exe"
O4 - HKCU\..\Run: [GetPack28] "C:\Program Files\GetPack\GetPack28.exe"
O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: opnmmJYP - opnmmJYP.dll (file missing)
O20 - Winlogon Notify: xxyabcCU - xxyabcCU.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5973 bytes


********************************************************


DDS (Ver_09-01-19.01) - NTFSx86
Run by Austin Glenn at 15:24:27.43 on Tue 01/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2380 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\VnrPack\VnrPack22.exe
C:\Program Files\GetPack\GetPack28.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Austin Glenn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\webshow\WebShow.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Mjcore Class: {d88e1558-7c2d-407a-953a-c044f5607cea} - c:\program files\mjcore\Mjcore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fec2b9b9-5fb5-41c9-807e-4c135f216b1a} - c:\windows\system32\ddcCVNfF.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [GetModule35] "c:\program files\getmodule\GetModule35.exe"
uRun: [SpeedRunner] c:\documents and settings\austin glenn\application data\speedrunner\SpeedRunner.exe
uRun: [VnrPack22] "c:\program files\vnrpack\VnrPack22.exe"
uRun: [GetPack28] "c:\program files\getpack\GetPack28.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GEST] =
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [b0f0e36c] rundll32.exe "c:\windows\system32\wfojkcnq.dll",b
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\screen~1.lnk - c:\program files\wisdom-soft screenhunter 5 free\ScreenHunter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: opnmmJYP - opnmmJYP.dll
Notify: xxyabcCU - xxyabcCU.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\opnmmJYP.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcCVNfF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\austin~1\applic~1\mozilla\firefox\profiles\1e4hbqri.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-2-28 53032]

=============== Created Last 30 ================

2009-01-26 18:49 <DIR> --d----- c:\program files\GetPack
2009-01-26 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-01-26 14:50 376 a------- c:\windows\ODBC.INI
2009-01-26 14:50 24,816 a------- c:\windows\system32\mdimon.dll
2009-01-26 14:49 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-26 14:47 <DIR> --d----- c:\windows\SHELLNEW
2009-01-26 12:19 <DIR> --d----- c:\windows\pss
2009-01-26 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-26 11:32 <DIR> --d----- c:\program files\Trend Micro
2009-01-26 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-25 18:38 <DIR> --d----- c:\program files\VnrPack
2009-01-25 18:33 <DIR> --d----- c:\docume~1\austin~1\applic~1\SpeedRunner
2009-01-25 18:28 <DIR> --d----- c:\docume~1\austin~1\applic~1\Twain
2009-01-25 18:23 <DIR> --d----- c:\program files\WebShow
2009-01-25 18:22 1,434,070 ---sh--- c:\windows\system32\qnckjofw.ini
2009-01-25 18:18 <DIR> --d----- c:\program files\Mjcore
2009-01-25 00:56 69 a------- c:\windows\NeroDigital.ini
2009-01-24 18:19 1,434,061 ---sh--- c:\windows\system32\fjclnuwx.ini
2009-01-24 18:16 426,493 a--sh--- c:\windows\system32\FfNVCcdd.ini2
2009-01-24 18:16 426,493 a--sh--- c:\windows\system32\FfNVCcdd.ini
2009-01-24 18:11 <DIR> --d----- c:\docume~1\austin~1\applic~1\cogad
2009-01-24 18:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-24 18:11 <DIR> --d----- c:\program files\iCheck
2009-01-24 18:11 <DIR> --d----- c:\program files\GetModule
2009-01-24 16:24 88 ---shr-- c:\docume~1\alluse~1\applic~1\C2DC5F7B00.sys
2009-01-24 16:24 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-24 16:22 <DIR> --d----- c:\program files\Corel
2009-01-24 12:51 <DIR> --d----- c:\program files\SimPE
2009-01-24 09:15 <DIR> --d----- c:\program files\Sims2Pack Clean Installer
2009-01-07 21:32 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-07 21:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-06 02:37 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-06 01:49 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-04 22:10 207 a------- c:\windows\ScreenHunter.INI
2009-01-04 22:09 <DIR> --d----- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-01-04 22:05 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-04 20:53 <DIR> --d----- c:\program files\EA GAMES
2009-01-04 20:53 445,504 a----r-- c:\windows\system32\vp6vfw.dll
2009-01-04 19:43 <DIR> --d----- c:\program files\NeroInstall.bak
2009-01-04 19:40 <DIR> --d----- c:\program files\Nero
2009-01-04 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-04 19:39 <DIR> --d----- c:\windows\RegisteredPackages
2009-01-04 19:32 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-01-04 19:32 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-01-04 19:29 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-01-04 19:28 319,488 a------- c:\windows\HideWin.exe
2009-01-04 19:28 528,384 -----r-- c:\windows\RtlExUpd.dll

==================== Find3M ====================

2009-01-26 18:09 16,608 a------- c:\windows\gdrv.sys
2008-12-27 18:59 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-24 21:09 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-12-24 21:09 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2008-12-24 21:09 129,784 -------- c:\windows\system32\pxafs.dll
2008-12-24 21:09 116,472 -------- c:\windows\system32\pxcpyi64.exe
2008-12-24 21:09 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-24 21:09 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-24 19:20 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2008-12-24 18:49 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2006-03-15 14:19 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 17:55 280,576 a------- c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3XP.sys

============= FINISH: 15:24:32.98 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2008 6:53:44 PM
System Uptime: 1/26/2009 6:35:46 PM (21 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA78GM-S2HP
Processor: AMD Phenom™ 8750 Triple-Core Processor | Socket M2 | 2405/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 910.418 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/24/2009 6:16:45 PM - System Checkpoint
RP2: 1/24/2009 6:16:45 PM - Installed Browser Configuration Utility
RP3: 1/24/2009 6:16:45 PM - Installed ATI Catalyst Control Center
RP4: 1/24/2009 6:16:45 PM - Installed ATI Parental Control & Encoder
RP5: 1/24/2009 6:16:45 PM - Installed AMD Processor Driver
RP6: 1/24/2009 6:16:45 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP7: 1/24/2009 6:16:45 PM - Logitech SetPoint Mouse and Keyboard Device Drivers
RP8: 1/24/2009 6:16:45 PM - Software Distribution Service 3.0
RP9: 1/24/2009 6:16:46 PM - Installed Adobe Reader 8
RP10: 1/24/2009 6:16:46 PM - Installed Adobe Premiere Elements 7.0.
RP11: 1/24/2009 6:16:46 PM - Installed SmartSound Quicktracks for Premiere Elements
RP12: 1/24/2009 6:16:46 PM - Installed Adobe Photoshop Elements 7.0.
RP13: 1/24/2009 6:16:46 PM - Software Distribution Service 3.0
RP14: 1/24/2009 6:16:46 PM - Avg8 Update
RP15: 1/24/2009 6:16:46 PM - Installed NETGEAR WG311v3 PCI Adapter
RP16: 1/24/2009 6:16:46 PM - System Checkpoint
RP17: 1/24/2009 6:16:46 PM - System Checkpoint
RP18: 1/24/2009 6:16:46 PM - System Checkpoint
RP19: 1/24/2009 6:16:46 PM - Installed Realtek High Definition Audio Driver
RP20: 1/24/2009 6:16:46 PM - Installed DirectX
RP21: 1/24/2009 6:16:46 PM - Installed Nero 8 Essentials
RP22: 1/24/2009 6:16:46 PM - Software Distribution Service 3.0
RP23: 1/24/2009 6:16:47 PM - Installed Windows Media Player 11
RP24: 1/24/2009 6:16:47 PM - Installed Windows XP Wudf01000.
RP25: 1/24/2009 6:16:47 PM - Installed Windows XP MSCompPackV1.
RP26: 1/24/2009 6:16:47 PM - Software Distribution Service 3.0
RP27: 1/24/2009 6:16:47 PM - Software Distribution Service 3.0
RP28: 1/24/2009 6:16:47 PM - Software Distribution Service 3.0
RP29: 1/24/2009 6:16:47 PM - Installed Java™ 6 Update 11
RP30: 1/24/2009 6:16:47 PM - Removed Java™ 6 Update 11
RP31: 1/24/2009 6:16:47 PM - Installed Java™ 6 Update 11
RP32: 1/24/2009 6:16:47 PM - System Checkpoint
RP33: 1/24/2009 6:16:47 PM - System Checkpoint
RP34: 1/24/2009 6:16:47 PM - System Checkpoint
RP35: 1/24/2009 6:16:47 PM - System Checkpoint
RP36: 1/24/2009 6:16:48 PM - System Checkpoint
RP37: 1/24/2009 6:16:48 PM - Software Distribution Service 3.0
RP38: 1/24/2009 6:16:48 PM - Software Distribution Service 3.0
RP39: 1/24/2009 6:16:48 PM - System Checkpoint
RP40: 1/24/2009 6:16:48 PM - System Checkpoint
RP41: 1/24/2009 6:16:48 PM - System Checkpoint
RP42: 1/24/2009 6:16:48 PM - System Checkpoint
RP43: 1/24/2009 6:16:48 PM - System Checkpoint
RP44: 1/24/2009 6:16:48 PM - System Checkpoint
RP45: 1/24/2009 6:16:48 PM - System Checkpoint
RP46: 1/24/2009 6:16:48 PM - System Checkpoint
RP47: 1/24/2009 6:16:48 PM - Installed Corel Paint Shop Pro Photo X2.
RP48: 1/24/2009 6:16:51 PM - Last known good configuration
RP49: 1/25/2009 10:20:24 PM - Removed Corel Paint Shop Pro Photo X2.
RP50: 1/26/2009 12:09:28 AM - Installed Windows Defender
RP51: 1/26/2009 12:12:56 AM - Software Distribution Service 3.0
RP52: 1/26/2009 12:20:25 AM - Windows Defender Checkpoint
RP53: 1/26/2009 12:23:08 AM - Windows Defender Checkpoint
RP54: 1/26/2009 12:52:37 AM - Windows Defender Checkpoint
RP55: 1/26/2009 12:02:41 PM - Removed AVG Free 8.0
RP56: 1/26/2009 12:03:11 PM - Installed AVG Free 8.0
RP57: 1/26/2009 12:08:23 PM - Software Distribution Service 3.0
RP58: 1/26/2009 2:47:26 PM - Installed Microsoft Office Professional Edition 2003
RP59: 1/26/2009 8:20:40 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader 8
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Browser Configuration Utility
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
CEP (Color Enable Package) v.9.0 (beta)
Compact Wireless-G USB Adapter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Internet Speed Monitor
Java™ 6 Update 11
KhalInstallWrapper
LightScribe System Software 1.12.33.2
Logitech Registration
Logitech SetPoint
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 8 Essentials
neroxml
NETGEAR WG311v3 PCI Adapter
PhotoshopdotcomInspirationBrowser
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SimPE 0.72 (alpha)
Sims2Pack Clean Installer
Skins
SmartSound Quicktracks for Premiere Elements
SpeedRunner
The Sims� 2 Apartment Life
The Sims� 2 Double Deluxe
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Defender
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Wisdom-soft ScreenHunter 5.0 Free

==== Event Viewer Messages From Past Week ========

1/25/2009 9:10:46 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/26/2009 12:20:27 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=113087 Scan ID: {0407B2D1-F32C-4B05-9258-C4D6BD8950A1} User: AUSTIN\Austin Glenn Name: Trojan:Win32/Conhook.D ID: 113087 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/26/2009 12:23:13 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=118995 Scan ID: {AC73391C-F62F-41D2-8EB7-52BE46178346} Scan Type: AntiMalware User: AUSTIN\Austin Glenn Name: Trojan:Win32/Vundo.gen!C ID: 118995 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/26/2009 12:23:27 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=118995 Scan ID: {6A6583FC-9FEF-439F-90D8-CCA73CAB7498} User: AUSTIN\Austin Glenn Name: Trojan:Win32/Vundo.gen!C ID: 118995 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/26/2009 11:59:07 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=118995 Scan ID: {91924613-7047-4528-B795-C265E552ADE8} User: AUSTIN\Austin Glenn Name: Trojan:Win32/Vundo.gen!C ID: 118995 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/26/2009 1:20:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/26/2009 1:21:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2009 1:21:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2009 1:21:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2009 1:21:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/26/2009 1:21:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/26/2009 1:21:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

Attached Files


Edited by SeventhEcho, 27 January 2009 - 09:58 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:36 PM

Posted 09 February 2009 - 12:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 SeventhEcho

SeventhEcho
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 09 February 2009 - 12:24 AM

Thank you for your response! I can see that you guys do get very overwhelmed with questions by the mere minute, it seems.

Since the time that I have posted this problem, I seem to have fixed it. I used MalwareBytes and it seems to have deleted all vitrumonde that I had as well as some other trojans. I ran that program more than two weeks ago and haven't had one unwanted pop up since.

If there is anything else that you suggest I do to ensure the safety of my PC, please do so!

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:36 PM

Posted 09 February 2009 - 12:37 AM

Congratulations.

Please read this thread > http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

If you are still having problems please start a new topic in the appropriate forum.

Ask any questions about such in the Am I Infected forum or the other as appropriate.

R,
K
Good Luck
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users