Win32/Agent.ODG

View previous topic View next topic Go down

Win32/Agent.ODG

Post by Kei321 on Wed Apr 15, 2009 7:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:14 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\My Documents\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 205.238.40.2 [You must be registered and logged in to see this link.]
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1A9E034D-E22E-4F87-9405-E8BF3FE8089B} - C:\WINDOWS\system32\wvUlihfd.dll (file missing)
O2 - BHO: (no name) - {30BEDFC8-3BFF-4AF8-BF23-89DECAD769AD} - C:\WINDOWS\system32\khfEXnKD.dll (file missing)
O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\iifcYQhF.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: (no name) - {A1E590FF-8D6E-462C-98E3-75154C3A328A} - C:\WINDOWS\system32\rqRHBQIy.dll (file missing)
O2 - BHO: {1c1a0be4-9b92-017a-cc14-0584258a61cb} - {bc16a852-4850-41cc-a710-29b94eb0a1c1} - C:\WINDOWS\system32\afmakg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FC91EE9C-E3D1-4E87-8B33-A6AD7C89BE66} - C:\WINDOWS\system32\yaywtTNE.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: ["C:\PROGRA~1\SBCYAH~1\CONNEC~1\CONNEC~1] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8WKQBUIN\installer_sbd_en[1].exe
O4 - HKLM\..\Run: [f8b5c422] rundll32.exe "C:\WINDOWS\system32\pvjhdxwj.dll",b
O4 - HKLM\..\Run: [BMfb86f7be] Rundll32.exe "C:\WINDOWS\system32\gwhhwwvo.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [45517450933019419214777405525418] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\IMJP81K.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [You must be registered and logged in to see this link.]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.199,85.255.112.181
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.199,85.255.112.181
O20 - Winlogon Notify: iifcYQhF - iifcYQhF.dll (file missing)
O20 - Winlogon Notify: khfEXnKD - khfEXnKD.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14438 bytes

*Two files are not found at start up:
"error loading C:\WINDOWS\system32\gwhhwwvo.dll"
"error loading C:\WINDOWS\syetem32\pvjhdxwj.dll"

*Firewall is disabled everytime the system starts up.

*I cannot update windows through microsoft's website, although just earlier today the it automatically did- think it did so at NOD32's "urging".

*Searches through yahoo and google are redirected to other sites.


Last edited by Kei321 on Wed Apr 15, 2009 8:06 am; edited 1 time in total (Reason for editing : additional info)

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Wed Apr 15, 2009 2:30 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Download HostsXpert from [You must be registered and logged in to see this link.]

  • Unzip it and run the program.
  • If "Make writeable?" is shown in red at the top, click it to make writeable.
  • Press "Restore MS Hosts File"
  • OK the prompt.
  • Then click on "Make read only"
  • Exit HostXpert.

Now lets start cleaning this mess up.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    O2 - BHO: (no name) - {1A9E034D-E22E-4F87-9405-E8BF3FE8089B} - C:\WINDOWS\system32\wvUlihfd.dll (file missing)
    O2 - BHO: (no name) - {30BEDFC8-3BFF-4AF8-BF23-89DECAD769AD} - C:\WINDOWS\system32\khfEXnKD.dll (file missing)
    O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\iifcYQhF.dll (file missing)
    O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O2 - BHO: (no name) - {A1E590FF-8D6E-462C-98E3-75154C3A328A} - C:\WINDOWS\system32\rqRHBQIy.dll (file missing)
    O2 - BHO: {1c1a0be4-9b92-017a-cc14-0584258a61cb} - {bc16a852-4850-41cc-a710-29b94eb0a1c1} - C:\WINDOWS\system32\afmakg.dll (file missing)
    O2 - BHO: (no name) - {FC91EE9C-E3D1-4E87-8B33-A6AD7C89BE66} - C:\WINDOWS\system32\yaywtTNE.dll (file missing)
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8WKQBUIN\installer_sbd_en[1].exe
    O4 - HKLM\..\Run: [f8b5c422] rundll32.exe "C:\WINDOWS\system32\pvjhdxwj.dll",b
    O4 - HKLM\..\Run: [BMfb86f7be] Rundll32.exe "C:\WINDOWS\system32\gwhhwwvo.dll",s
    O4 - HKCU\..\Run: [45517450933019419214777405525418] C:\Program Files\XP Antivirus\xpa.exe
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.199,85.255.112.181
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.199,85.255.112.181
    O20 - Winlogon Notify: iifcYQhF - iifcYQhF.dll (file missing)
    O20 - Winlogon Notify: khfEXnKD - khfEXnKD.dll (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

malware bytes

Post by Kei321 on Thu Apr 16, 2009 1:38 pm

I installed Malwarebytes but it won't open.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 1:40 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 1:50 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxnqtjlhmtnkdmltqsgyprkgejaoyrogfv.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 1:55 pm

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxnqtjlhmtnkdmltqsgyprkgejaoyrogfv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 2:04 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gaopdxserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gaopdxnqtjlhmtnkdmltqsgyprkgejaoyrogfv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 2:28 pm

Okay, run MBAM now, it should work fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 2:54 pm

Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 3

4/16/2009 7:38:31 AM
mbam-log-2009-04-16 (07-38-31).txt

Scan type: Quick Scan
Objects scanned: 77291
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7adf7c1-14fb-4110-b2df-187884cac12a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4deabe3f-4a61-47c2-a64d-90453dc01542} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4deabe3f-4a61-47c2-a64d-90453dc01542} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\PlayMe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayMe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\PlayMe\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayMe\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\2wconfig.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\GNU_REGEX.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\libxml2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwapp.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwcache.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwcore.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwdir.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwdll.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwfile.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwftp.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwgophe.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwhtml.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwhttp.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwinit.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwmime.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwmux.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwnews.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwssl.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwstream.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwtelnt.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwtrans.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwutils.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwwais.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwxml.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\wwwzip.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb86f7be.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb86f7be.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxaddokmohmpxbqvomltcgymupmvwnrlrn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 3:29 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 3:33 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:30:56.09 on Thu 04/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.174 [GMT -7:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: []
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [MW1HelperStartUp] c:\progra~1\magicw~1\MW1HEL~1.EXE /partner MW1
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: ["c:\progra~1\sbcyah~1\connec~1\CONNEC~1] SBC Yahoo! Connection Manager
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [OOBEDDDemise] cmd /x /c erase c:\windows\system32\oobe\msoobe.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchat&tyahoo\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - [You must be registered and logged in to see this link.]
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {30BEDFC8-3BFF-4AF8-BF23-89DECAD769AD} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRHBQIy

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
S2 Ca533av;Polaroid Digital Cam Video;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-5 24652]

=============== Created Last 30 ================

2009-04-16 07:30 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-16 06:58 135,168 a------- C:\zip.exe
2009-04-16 06:58 19,286 a------- C:\cleanup.exe
2009-04-16 06:58 574 a------- C:\cleanup.bat
2009-04-16 06:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 06:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 06:35 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 06:35 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-13 02:07 --d----- c:\program files\ESET
2009-04-13 01:38 --dsh--- c:\documents and settings\owner\IECompatCache
2009-04-13 01:18 --dsh--- c:\documents and settings\owner\PrivacIE
2009-04-13 01:15 --dsh--- c:\documents and settings\owner\IETldCache
2009-04-13 01:13 --d----- c:\windows\ie8updates
2009-04-13 01:10 -cd-h--- c:\windows\ie8
2009-04-13 01:10 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-08 13:43 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-04-08 13:42 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
2009-04-08 13:41 216,064 ac------ c:\windows\system32\dllcache\um34scan.dll
2009-04-08 13:40 138,528 ac------ c:\windows\system32\dllcache\tgiulnt5.sys
2009-04-08 13:39 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-04-08 13:38 24,576 ac------ c:\windows\system32\dllcache\smc8000n.sys
2009-04-08 13:37 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-04-08 13:36 245,632 ac------ c:\windows\system32\dllcache\s3savmx.dll
2009-04-08 13:35 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-04-08 13:34 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-04-08 13:33 351,616 ac------ c:\windows\system32\dllcache\ovcodek2.sys
2009-04-08 13:32 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
2009-04-08 13:31 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-04-08 13:30 7,424 ac------ c:\windows\system32\dllcache\mammoth.sys
2009-04-08 13:29 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-04-08 13:28 9,216 ac------ c:\windows\system32\dllcache\ibmsgnet.dll
2009-04-08 13:27 32,768 ac------ c:\windows\system32\dllcache\hpgtmcro.dll
2009-04-08 13:26 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2009-04-08 13:25 72,192 ac------ c:\windows\system32\dllcache\es1969.sys
2009-04-08 13:24 206,976 ac------ c:\windows\system32\dllcache\dot4.sys
2009-04-08 13:23 50,176 ac------ c:\windows\system32\dllcache\cyyport.sys
2009-04-08 13:22 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-04-08 13:21 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-03-31 03:27 --d----- c:\program files\XoftSpySE

==================== Find3M ====================

2009-04-15 05:24 218 a------- c:\documents and settings\owner\fet_settings.dat
2009-04-14 22:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-04 03:08 2,112 a------- c:\documents and settings\owner\fet2_settings.dat
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2008-06-02 04:58 10,340,082 a------- c:\program files\SpeedYourRead-v1.1-setup.exe
2008-06-02 04:52 1,936,008 a------- c:\program files\TypeFaster-v0.4.2-install.exe
2008-06-02 04:51 766,371 a------- c:\program files\Vocabulary-050921.exe
2008-03-22 02:31 0 a------- c:\program files\temp01
2007-08-09 04:35 774,144 a------- c:\program files\RngInterstitial.dll
2007-02-06 00:33 135,168 -------- c:\program files\LaunchSetupWiz.exe
2007-02-06 00:33 176,128 -------- c:\program files\GoHomePortal.exe
2007-02-06 00:32 303,104 -------- c:\program files\Uninstaller.exe
2007-02-06 00:32 180,224 -------- c:\program files\WCAG.exe
2007-02-06 00:32 167,936 -------- c:\program files\WirelessConsoleApp.exe
2007-02-06 00:32 626,688 -------- c:\program files\WebWorks.exe
2007-02-06 00:31 135,168 -------- c:\program files\WebSec.dll
2007-02-06 00:31 376,832 -------- c:\program files\RGWProv.dll
2007-02-06 00:30 266,240 -------- c:\program files\NetAPI.dll
2007-02-06 00:29 139,264 -------- c:\program files\Endec.dll
2007-02-06 00:22 368,726 -------- c:\program files\PRISMAPI.dll
2007-02-06 00:22 208,993 -------- c:\program files\CardPres.exe
2007-02-06 00:22 81,920 -------- c:\program files\xmltok.dll
2007-02-06 00:22 53,248 -------- c:\program files\zlib.dll
2007-02-06 00:22 53,248 -------- c:\program files\xmlparse.dll
2007-02-06 00:22 888,832 -------- c:\program files\iconv.dll
2007-02-06 00:22 872,448 -------- c:\program files\libeay32.dll
2007-02-06 00:22 395,264 -------- c:\program files\shlwapi.dll
2007-02-06 00:22 159,744 -------- c:\program files\ssleay32.dll
2005-11-02 18:51 136 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-08-18 15:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 8:31:43.51 ===============

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 3:35 pm

Hello.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

Now I wanna see what's installed.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 3:40 pm

2Wire Wireless Client
Acrobat.com
Acrobat.com
Action Replay Code Manager
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Reader Japanese Fonts
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 3.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Ben 10 Alien Force Bounty Hunters
Bonjour
Can You See What I See?
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Copy Utility
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Functional Ear Trainer - Advanced 1.0
Functional Ear Trainer v1.1
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Japanese Language Support
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Kid Pix Deluxe 3
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
Nikon View 6
Norton Security Scan
oggcodecs 0.71.0946
Pokemon Diamond and Pearl Screen Saver
PowerDVD
QuickTime
Reader Rabbit 1st Grade
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SoftV92 Data Fax Modem with SmartCP
Speed Your Read
Spelling Dictionaries Support For Adobe Reader 9
TrueSwitch Wizard AT&T Yahoo!
TypeFaster Typing Tutor
UniChrome Pro IGP Display Driver and Utilities
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtual Villagers - The Secret City
Windows Backup Utility
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
ZOOM PS-04 Card Manager Ver 0.9.0.0 (English)

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 3:43 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java(TM) 6 Update 7
  • Viewpoint Media Player

I see you have Firefox installed. You are running an old version (3.0.5) and needs updating.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 2.0 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 3:59 pm

downloaded 3.0.8.

Start up is fine (no longer getting windows with notice of missing run.dll files).
Windows Firewall is no longer shown as disabled at start-up.

Just opened internet explorer however, and it still won't let me download any updates via the update link on the tools tab. (the drop down scroll thats supposed to come down to install activex control won't appear)

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 4:32 pm

Try this.

Press Start > Run.
Type in cmd, then press enter.

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry.

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll

Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 5:02 pm

I tried it, then restarted, however it brought me to the windows log-in page. I dont have the password to go beyond that point. I'm writing now from a laptop.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 5:10 pm

Weird. That doesn't normally happen. Shocking Whoa

Can you get in via safe mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 5:13 pm

ok i'm at the screen where theres various safe mode options. how do I proceed?

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 5:16 pm

Boot to just "Safe mode"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 5:25 pm

Nope, still asks for a password

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 5:49 pm

Sounds like userinit has been damaged, but I don't know what by.
Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Thu Apr 16, 2009 5:53 pm

I have an XP disk that i purchased couple of years ago, but my desktop pc didn't come with one.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Thu Apr 16, 2009 6:59 pm

We may need to format it if we can't fix it.
What OS is the XP disc? SP2?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Fri Apr 17, 2009 7:46 am

Ok, I found it. Its Windows XP Professional Upgrade with service pack 1

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Fri Apr 17, 2009 2:03 pm

Well, that might work.
See here for a guide on doing a repair install.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Fri Apr 17, 2009 7:17 pm

After I chose to boot from disk and some files loaded, this message popped up:



"A problem has been detected and windows has been shut down to prevent damage
to your computer.

SESSION3_INITIALIZATION_FAILED

If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
For any windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as cashing or shadowing.
If you need to use Safe Mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select safe mode.

Technical information:

*** STOP: (0xc0000020, 0x00000000, 0x00000000, 0x00000000)"

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Fri Apr 17, 2009 8:15 pm

Ok, so I cleaned the disk and when Im typing the commands in the recovery console from the "windows xp crashed? heres help by charlie white" tutorial, for example:

md

it says that the parameter is not valid.

Then I tried the repair install but found repair option

Next, I tried the command

copy K:\i386\ntldr C:\
copy K:\i386\ntdetect.com C:\

then it said i wasnt authorized


then i tried another suggestion by Alex Nichol which went through at least. it was the BootCfg /Rebuild command.
Now it asks if I want to boot list yes? no? all?

what should I do?


Last edited by Kei321 on Fri Apr 17, 2009 8:34 pm; edited 1 time in total (Reason for editing : extra info)

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Kei321 on Fri Apr 17, 2009 10:43 pm

Ok, I found myself back in the safe mode options menu and out of frustration I selected the option for
"last settings that worked".

Windows starts up fine now. I re-installed internet explorer and it rebooted twice. the second time took me to a black screen and asked which system I wanted to start up; either "C" or "windows xp home edition" so I chose the latter and the sys started up fine. Internet explorer still does not allow me download activeX and thus the updates.

Automatic updates however is turned on.

Kei321
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-04-15
OS OS : XP
Points Points : 27930
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Agent.ODG

Post by Belahzur on Fri Apr 17, 2009 11:23 pm

Are you able to get updates through the update console? [the little yellow shield in the corner]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum